diff options
-rw-r--r-- | kvmd/configs/nginx/nginx.conf.example | 41 | ||||
-rw-r--r-- | kvmd/testenv/Dockerfile | 3 | ||||
-rw-r--r-- | kvmd/web/js/session.js | 18 | ||||
-rw-r--r-- | os/platforms/v1/Dockerfile.part | 3 |
4 files changed, 51 insertions, 14 deletions
diff --git a/kvmd/configs/nginx/nginx.conf.example b/kvmd/configs/nginx/nginx.conf.example index e8d2f0a1..bd378b72 100644 --- a/kvmd/configs/nginx/nginx.conf.example +++ b/kvmd/configs/nginx/nginx.conf.example @@ -1,3 +1,5 @@ +load_module /usr/lib/nginx/modules/ngx_http_lua_module.so; + user http; worker_processes 4; @@ -5,7 +7,7 @@ worker_processes 4; error_log /dev/null crit; events { - worker_connections 64; + worker_connections 1024; use epoll; } @@ -25,12 +27,6 @@ http { scgi_temp_path /tmp/nginx.scgi_temp; uwsgi_temp_path /tmp/nginx.uwsgi_temp; -#PROD server { -#PROD listen 80; -#PROD server_name localhost; -#PROD return 301 https://$host$request_uri; -#PROD } - upstream kvmd { server localhost:8081 fail_timeout=0s max_fails=0; } @@ -39,6 +35,17 @@ http { server localhost:8082 fail_timeout=0s max_fails=0; } +#PROD server { +#PROD listen 80; +#PROD server_name localhost; +#PROD return 301 https://$host$request_uri; +#PROD } + +#PROD lua_shared_dict WS_TOKENS 10m; +#PROD init_by_lua_block { +#PROD WS_TOKEN_EXPIRES = 10; +#PROD } + server { #PROD listen 443 ssl http2; server_name localhost; @@ -58,7 +65,27 @@ http { index index.html; } + location /wsauth { + # Workaround for Safari: https://bugs.webkit.org/show_bug.cgi?id=80362 +#PROD access_by_lua_block { +#PROD local token = ngx.encode_base64(ngx.sha1_bin(ngx.var.http_Authorization)); +#PROD ngx.shared.WS_TOKENS:set(token, token, WS_TOKEN_EXPIRES); +#PROD ngx.header["Set-Cookie"] = "WS_ACCESS_TOKEN=" .. token .. "; Path=/; Expires=" .. ngx.cookie_time(ngx.time() + WS_TOKEN_EXPIRES); +#PROD } + content_by_lua_block { + ngx.say("ok"); + } + } + location /kvmd/ws { +#PROD auth_basic off; +#PROD access_by_lua_block { +#PROD local token = ngx.var.cookie_WS_ACCESS_TOKEN; +#PROD local value, _ = ngx.shared.WS_TOKENS:get(token); +#PROD if value == nil then +#PROD ngx.exec("/wsauth"); +#PROD end +#PROD } rewrite /kvmd/ws /ws break; proxy_pass http://kvmd; proxy_set_header Upgrade $http_upgrade; diff --git a/kvmd/testenv/Dockerfile b/kvmd/testenv/Dockerfile index c8bd0c23..d4c4b5ad 100644 --- a/kvmd/testenv/Dockerfile +++ b/kvmd/testenv/Dockerfile @@ -31,7 +31,8 @@ RUN pacman -Syy \ && user-packer -S --noconfirm \ python \ python-pip \ - nginx \ + nginx-mainline \ + nginx-mainline-mod-lua \ mjpg-streamer-pikvm \ socat \ && pacman -Sc --noconfirm diff --git a/kvmd/web/js/session.js b/kvmd/web/js/session.js index d3bbf91c..5e4a491b 100644 --- a/kvmd/web/js/session.js +++ b/kvmd/web/js/session.js @@ -20,11 +20,19 @@ var session = new function() { }; this.startPoller = function() { - __ws = new WebSocket((location.protocol == "https:" ? "wss" : "ws") + "://" + location.host + "/kvmd/ws"); - __ws.onopen = __wsOpenHandler; - __ws.onmessage = __wsMessageHandler; - __ws.onerror = __wsErrorHandler; - __ws.onclose = __wsCloseHandler; + var http = tools.makeRequest("GET", "/wsauth", function() { + if (http.readyState === 4) { + if (http.status === 200) { + __ws = new WebSocket((location.protocol == "https:" ? "wss" : "ws") + "://" + location.host + "/kvmd/ws"); + __ws.onopen = __wsOpenHandler; + __ws.onmessage = __wsMessageHandler; + __ws.onerror = __wsErrorHandler; + __ws.onclose = __wsCloseHandler; + } else { + __wsCloseHandler(null); + } + } + }); }; var __wsOpenHandler = function(event) { diff --git a/os/platforms/v1/Dockerfile.part b/os/platforms/v1/Dockerfile.part index 6e3f2599..35e097b6 100644 --- a/os/platforms/v1/Dockerfile.part +++ b/os/platforms/v1/Dockerfile.part @@ -1,5 +1,6 @@ RUN pkg-install \ - nginx \ + nginx-mainline \ + nginx-mainline-mod-lua \ apache-tools \ mjpg-streamer-pikvm \ python \ |