diff options
| author | Maxim Devaev <[email protected]> | 2024-02-03 16:11:34 +0200 |
|---|---|---|
| committer | Maxim Devaev <[email protected]> | 2024-02-03 16:13:45 +0200 |
| commit | 8d702f8cc26e5a0665ce2f0f0ea403e8d0d4ad79 (patch) | |
| tree | 07ae5354a22564335de652e8a02e1ce059955bb4 /configs | |
| parent | 272e3bf5e95ed9ad8e304f51c3f62ada53faaa63 (diff) | |
kvmd-nginx-mkconf: Render nginx config with kvmd settings
Diffstat (limited to 'configs')
| -rw-r--r-- | configs/nginx/listen-http.conf | 2 | ||||
| -rw-r--r-- | configs/nginx/listen-https.conf | 3 | ||||
| -rw-r--r-- | configs/nginx/nginx.conf.mako (renamed from configs/nginx/nginx.conf) | 35 | ||||
| -rw-r--r-- | configs/nginx/redirect-to-https.conf | 3 | ||||
| -rw-r--r-- | configs/os/services/kvmd-nginx.service | 5 |
5 files changed, 35 insertions, 13 deletions
diff --git a/configs/nginx/listen-http.conf b/configs/nginx/listen-http.conf deleted file mode 100644 index 76cb18d2..00000000 --- a/configs/nginx/listen-http.conf +++ /dev/null @@ -1,2 +0,0 @@ -listen 80; -listen [::]:80; diff --git a/configs/nginx/listen-https.conf b/configs/nginx/listen-https.conf deleted file mode 100644 index db2f68e3..00000000 --- a/configs/nginx/listen-https.conf +++ /dev/null @@ -1,3 +0,0 @@ -listen 443 ssl; -listen [::]:443 ssl; -http2 on; diff --git a/configs/nginx/nginx.conf b/configs/nginx/nginx.conf.mako index 16e8da3c..65b46db1 100644 --- a/configs/nginx/nginx.conf +++ b/configs/nginx/nginx.conf.mako @@ -36,16 +36,45 @@ http { include /etc/kvmd/nginx/kvmd.ctx-http.conf; include /usr/share/kvmd/extras/*/nginx.ctx-http.conf; + % if https_enabled: + server { - include /etc/kvmd/nginx/listen-http.conf; + listen ${http_port}; + % if ipv6_enabled: + listen [::]:${http_port}; + % endif include /etc/kvmd/nginx/certbot.ctx-server.conf; - include /etc/kvmd/nginx/redirect-to-https.conf; + location / { + % if https_port == 443: + return 301 https://$host$request_uri; + % else: + return 301 https://$host:${https_port}$request_uri; + % endif + } } server { - include /etc/kvmd/nginx/listen-https.conf; + listen ${https_port} ssl; + % if ipv6_enabled: + listen [::]:${https_port} ssl; + % endif + http2 on; include /etc/kvmd/nginx/ssl.conf; include /etc/kvmd/nginx/kvmd.ctx-server.conf; include /usr/share/kvmd/extras/*/nginx.ctx-server.conf; } + + % else: + + server { + listen ${http_port}; + % if ipv6_enabled: + listen [::]:${http_port}; + % endif + include /etc/kvmd/nginx/certbot.ctx-server.conf; + include /etc/kvmd/nginx/kvmd.ctx-server.conf; + include /usr/share/kvmd/extras/*/nginx.ctx-server.conf; + } + + % endif } diff --git a/configs/nginx/redirect-to-https.conf b/configs/nginx/redirect-to-https.conf deleted file mode 100644 index 385fb49a..00000000 --- a/configs/nginx/redirect-to-https.conf +++ /dev/null @@ -1,3 +0,0 @@ -location / { - return 301 https://$host$request_uri; -} diff --git a/configs/os/services/kvmd-nginx.service b/configs/os/services/kvmd-nginx.service index 51529dd5..c0eff485 100644 --- a/configs/os/services/kvmd-nginx.service +++ b/configs/os/services/kvmd-nginx.service @@ -10,8 +10,9 @@ SyslogLevel=err Restart=always RestartSec=3 -ExecStart=/usr/sbin/nginx -p /etc/kvmd/nginx -c /etc/kvmd/nginx/nginx.conf -g 'pid /run/kvmd/nginx.pid; user kvmd-nginx; error_log stderr;' -ExecReload=/usr/sbin/nginx -s reload -p /etc/kvmd/nginx -c /etc/kvmd/nginx/nginx.conf -g 'pid /run/kvmd/nginx.pid; user kvmd-nginx; error_log stderr;' +ExecStartPre=/usr/bin/kvmd-nginx-mkconf /etc/kvmd/nginx/nginx.conf.mako /run/kvmd/nginx.conf +ExecStart=/usr/sbin/nginx -p /etc/kvmd/nginx -c /run/kvmd/nginx.conf -g 'pid /run/kvmd/nginx.pid; user kvmd-nginx; error_log stderr;' +ExecReload=/usr/sbin/nginx -s reload -p /etc/kvmd/nginx -c /run/kvmd/nginx.conf -g 'pid /run/kvmd/nginx.pid; user kvmd-nginx; error_log stderr;' KillSignal=SIGQUIT KillMode=mixed TimeoutStopSec=3 |