modular nginx configuration

5 files changed, 23 insertions, 22 deletions

diff --git a/configs/nginx/loc-login.conf b/configs/nginx/loc-login.conf
new file mode 100644
index 00000000..2c4a7998
--- /dev/null
+++ b/configs/nginx/loc-login.conf
@@ -0,0 +1,2 @@
+error_page 401 = @login;
+error_page 403 = @login;
diff --git a/configs/nginx/proxy-params.conf b/configs/nginx/loc-proxy.conf
index 36a00e53..36a00e53 100644
--- a/configs/nginx/proxy-params.conf
+++ b/configs/nginx/loc-proxy.conf
diff --git a/configs/nginx/loc-websocket.conf b/configs/nginx/loc-websocket.conf
new file mode 100644
index 00000000..f987a58f
--- /dev/null
+++ b/configs/nginx/loc-websocket.conf
@@ -0,0 +1,5 @@
+proxy_set_header Upgrade $http_upgrade;
+proxy_set_header Connection "upgrade";
+proxy_connect_timeout 7d;
+proxy_send_timeout 7d;
+proxy_read_timeout 7d;
diff --git a/configs/nginx/nginx.conf b/configs/nginx/nginx.conf
index 49776d9d..5f81234f 100644
--- a/configs/nginx/nginx.conf
+++ b/configs/nginx/nginx.conf
@@ -4,7 +4,7 @@ worker_processes 4;
 # error_log /tmp/nginx.error.log;
 error_log stderr;
 
-include /usr/share/kvmd/extras/*/nginx.main-ctx.conf;
+include /usr/share/kvmd/extras/*/nginx.ctx-main.conf;
 
 events {
 	worker_connections 1024;
@@ -42,7 +42,7 @@ http {
 		server 127.0.0.1:8082 fail_timeout=0s max_fails=0;
 	}
 
-	include /usr/share/kvmd/extras/*/nginx.http-ctx.conf;
+	include /usr/share/kvmd/extras/*/nginx.ctx-http.conf;
 
 #PROD	server {
 #PROD		listen 80;
@@ -53,13 +53,7 @@ http {
 	server {
 #PROD		listen 443 ssl http2;
 		server_name localhost;
-
-#PROD		ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
-#PROD		ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
-#PROD		ssl_certificate /etc/nginx/ssl/server.crt;
-#PROD		ssl_certificate_key /etc/nginx/ssl/server.key;
-
-#PROD		add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
+#PROD		include /etc/nginx/ssl.conf;
 
 		auth_request /auth;
 
@@ -73,8 +67,7 @@ http {
 
 		location / {
 			root /usr/share/kvmd/web;
-			error_page 401 = @login;
-			error_page 403 = @login;
+			include /etc/nginx/loc-login.conf;
 		}
 
 		location @login {
@@ -105,12 +98,8 @@ http {
 			rewrite ^/kvmd/ws$ /ws break;
 			rewrite ^/kvmd/ws\?(.*)$ /ws?$1 break;
 			proxy_pass http://kvmd;
-			include /etc/nginx/proxy-params.conf;
-			proxy_set_header Upgrade $http_upgrade;
-			proxy_set_header Connection "upgrade";
-			proxy_connect_timeout 7d;
-			proxy_send_timeout 7d;
-			proxy_read_timeout 7d;
+			include /etc/nginx/loc-proxy.conf;
+			include /etc/nginx/loc-websocket.conf;
 			auth_request off;
 		}
 
@@ -118,7 +107,7 @@ http {
 			rewrite ^/kvmd/msd/write$ /msd/write break;
 			rewrite ^/kvmd/msd/write\?(.*)$ /msd/write?$1 break;
 			proxy_pass http://kvmd;
-			include /etc/nginx/proxy-params.conf;
+			include /etc/nginx/loc-proxy.conf;
 			limit_rate 6250k;
 			limit_rate_after 50k;
 			client_max_body_size 0;
@@ -130,7 +119,7 @@ http {
 			rewrite ^/kvmd/log$ /log break;
 			rewrite ^/kvmd/log\?(.*)$ /log?$1 break;
 			proxy_pass http://kvmd;
-			include /etc/nginx/proxy-params.conf;
+			include /etc/nginx/loc-proxy.conf;
 			proxy_read_timeout 7d;
 			postpone_output 0;
 			proxy_buffering off;
@@ -142,7 +131,7 @@ http {
 			rewrite ^/kvmd$ / break;
 			rewrite ^/kvmd/(.*)$ /$1 break;
 			proxy_pass http://kvmd;
-			include /etc/nginx/proxy-params.conf;
+			include /etc/nginx/loc-proxy.conf;
 			auth_request off;
 		}
 
@@ -151,12 +140,12 @@ http {
 			rewrite ^/streamer\?(.*)$ ?$1 break;
 			rewrite ^/streamer/(.*)$ /$1 break;
 			proxy_pass http://ustreamer;
-			include /etc/nginx/proxy-params.conf;
+			include /etc/nginx/loc-proxy.conf;
 			postpone_output 0;
 			proxy_buffering off;
 			proxy_ignore_headers X-Accel-Buffering;
 		}
 
-		include /usr/share/kvmd/extras/*/nginx.server-ctx.conf;
+		include /usr/share/kvmd/extras/*/nginx.ctx-server.conf;
 	}
 }
diff --git a/configs/nginx/ssl.conf b/configs/nginx/ssl.conf
new file mode 100644
index 00000000..3b24ade1
--- /dev/null
+++ b/configs/nginx/ssl.conf
@@ -0,0 +1,5 @@
+ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
+ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
+ssl_certificate /etc/nginx/ssl/server.crt;
+ssl_certificate_key /etc/nginx/ssl/server.key;
+add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;