diff options
| -rw-r--r-- | Makefile | 6 | ||||
| -rw-r--r-- | PKGBUILD | 9 | ||||
| -rw-r--r-- | configs/nginx/listen-http.conf | 2 | ||||
| -rw-r--r-- | configs/nginx/listen-https.conf | 3 | ||||
| -rw-r--r-- | configs/nginx/nginx.conf.mako (renamed from configs/nginx/nginx.conf) | 35 | ||||
| -rw-r--r-- | configs/nginx/redirect-to-https.conf | 3 | ||||
| -rw-r--r-- | configs/os/services/kvmd-nginx.service | 5 | ||||
| -rw-r--r-- | kvmd/apps/__init__.py | 10 | ||||
| -rw-r--r-- | kvmd/apps/ngxmkconf/__init__.py | 68 | ||||
| -rw-r--r-- | kvmd/apps/ngxmkconf/__main__.py | 24 | ||||
| -rwxr-xr-x | setup.py | 2 | ||||
| -rw-r--r-- | testenv/Dockerfile | 1 | ||||
| -rw-r--r-- | testenv/redirect-to-https.conf | 3 | ||||
| -rw-r--r-- | testenv/v2-hdmi-rpi4.override.yaml | 6 | ||||
| -rw-r--r-- | testenv/v2-hdmiusb-rpi4.override.yaml | 6 |
15 files changed, 160 insertions, 23 deletions
@@ -113,15 +113,14 @@ run: testenv $(TESTENV_GPIO) --device $(TESTENV_VIDEO):$(TESTENV_VIDEO) \ --device $(TESTENV_GPIO):$(TESTENV_GPIO) \ $(if $(TESTENV_RELAY),--device $(TESTENV_RELAY):$(TESTENV_RELAY),) \ - --publish 8080:80/tcp \ - --publish 4430:443/tcp \ + --publish 8080:8080/tcp \ + --publish 4430:4430/tcp \ -it $(TESTENV_IMAGE) /bin/bash -c " \ mkdir -p /tmp/kvmd-nginx \ && mount -t debugfs none /sys/kernel/debug \ && test -d /sys/kernel/debug/gpio-mockup/`basename $(TESTENV_GPIO)`/ || (echo \"Missing GPIO mockup\" && exit 1) \ && (socat PTY,link=$(TESTENV_HID) PTY,link=/dev/ttyS11 &) \ && cp -r /usr/share/kvmd/configs.default/nginx/* /etc/kvmd/nginx \ - && cp testenv/redirect-to-https.conf /etc/kvmd/nginx \ && cp -a /testenv/.ssl/nginx /etc/kvmd/nginx/ssl \ && cp -a /testenv/.ssl/vnc /etc/kvmd/vnc/ssl \ && cp /usr/share/kvmd/configs.default/kvmd/*.yaml /etc/kvmd \ @@ -131,6 +130,7 @@ run: testenv $(TESTENV_GPIO) && ln -s /testenv/web.css /etc/kvmd/web.css \ && mkdir -p /etc/kvmd/override.d \ && cp /testenv/$(if $(P),$(P),$(DEFAULT_PLATFORM)).override.yaml /etc/kvmd/override.yaml \ + && python -m kvmd.apps.ngxmkconf /etc/kvmd/nginx/nginx.conf.mako /etc/kvmd/nginx/nginx.conf \ && nginx -c /etc/kvmd/nginx/nginx.conf -g 'user http; error_log stderr;' \ && ln -s $(TESTENV_VIDEO) /dev/kvmd-video \ && ln -s $(TESTENV_GPIO) /dev/kvmd-gpio \ @@ -76,6 +76,7 @@ depends=( python-pyrad python-ldap python-zstandard + python-mako "libgpiod>=2.1" freetype2 "v4l-utils>=1.22.1-1" @@ -136,9 +137,9 @@ backup=( etc/kvmd/{ht,ipmi,vnc}passwd etc/kvmd/totp.secret etc/kvmd/nginx/{kvmd.ctx-{http,server},certbot.ctx-server}.conf - etc/kvmd/nginx/listen-http{,s}.conf etc/kvmd/nginx/loc-{login,nocache,proxy,websocket,nobuffering,bigpost}.conf - etc/kvmd/nginx/{mime-types,ssl,redirect-to-https,nginx}.conf + etc/kvmd/nginx/{mime-types,ssl}.conf + etc/kvmd/nginx/nginx.conf.mako etc/kvmd/janus/janus{,.plugin.ustreamer,.transport.websockets}.jcfg etc/kvmd/web.css ) @@ -173,8 +174,8 @@ package_kvmd() { mkdir -p "$pkgdir/etc/kvmd/"{nginx,vnc}"/ssl" chmod 755 "$pkgdir/etc/kvmd/"{nginx,vnc}"/ssl" - install -Dm444 -t "$pkgdir/etc/kvmd/nginx" "$_cfg_default/nginx"/*.conf - chmod 644 "$pkgdir/etc/kvmd/nginx/"{nginx,redirect-to-https,ssl,listen-http{,s}}.conf + install -Dm444 -t "$pkgdir/etc/kvmd/nginx" "$_cfg_default/nginx"/*.conf* + chmod 644 "$pkgdir/etc/kvmd/nginx/"{nginx,ssl}.conf* mkdir -p "$pkgdir/etc/kvmd/janus" chmod 755 "$pkgdir/etc/kvmd/janus" diff --git a/configs/nginx/listen-http.conf b/configs/nginx/listen-http.conf deleted file mode 100644 index 76cb18d2..00000000 --- a/configs/nginx/listen-http.conf +++ /dev/null @@ -1,2 +0,0 @@ -listen 80; -listen [::]:80; diff --git a/configs/nginx/listen-https.conf b/configs/nginx/listen-https.conf deleted file mode 100644 index db2f68e3..00000000 --- a/configs/nginx/listen-https.conf +++ /dev/null @@ -1,3 +0,0 @@ -listen 443 ssl; -listen [::]:443 ssl; -http2 on; diff --git a/configs/nginx/nginx.conf b/configs/nginx/nginx.conf.mako index 16e8da3c..65b46db1 100644 --- a/configs/nginx/nginx.conf +++ b/configs/nginx/nginx.conf.mako @@ -36,16 +36,45 @@ http { include /etc/kvmd/nginx/kvmd.ctx-http.conf; include /usr/share/kvmd/extras/*/nginx.ctx-http.conf; + % if https_enabled: + server { - include /etc/kvmd/nginx/listen-http.conf; + listen ${http_port}; + % if ipv6_enabled: + listen [::]:${http_port}; + % endif include /etc/kvmd/nginx/certbot.ctx-server.conf; - include /etc/kvmd/nginx/redirect-to-https.conf; + location / { + % if https_port == 443: + return 301 https://$host$request_uri; + % else: + return 301 https://$host:${https_port}$request_uri; + % endif + } } server { - include /etc/kvmd/nginx/listen-https.conf; + listen ${https_port} ssl; + % if ipv6_enabled: + listen [::]:${https_port} ssl; + % endif + http2 on; include /etc/kvmd/nginx/ssl.conf; include /etc/kvmd/nginx/kvmd.ctx-server.conf; include /usr/share/kvmd/extras/*/nginx.ctx-server.conf; } + + % else: + + server { + listen ${http_port}; + % if ipv6_enabled: + listen [::]:${http_port}; + % endif + include /etc/kvmd/nginx/certbot.ctx-server.conf; + include /etc/kvmd/nginx/kvmd.ctx-server.conf; + include /usr/share/kvmd/extras/*/nginx.ctx-server.conf; + } + + % endif } diff --git a/configs/nginx/redirect-to-https.conf b/configs/nginx/redirect-to-https.conf deleted file mode 100644 index 385fb49a..00000000 --- a/configs/nginx/redirect-to-https.conf +++ /dev/null @@ -1,3 +0,0 @@ -location / { - return 301 https://$host$request_uri; -} diff --git a/configs/os/services/kvmd-nginx.service b/configs/os/services/kvmd-nginx.service index 51529dd5..c0eff485 100644 --- a/configs/os/services/kvmd-nginx.service +++ b/configs/os/services/kvmd-nginx.service @@ -10,8 +10,9 @@ SyslogLevel=err Restart=always RestartSec=3 -ExecStart=/usr/sbin/nginx -p /etc/kvmd/nginx -c /etc/kvmd/nginx/nginx.conf -g 'pid /run/kvmd/nginx.pid; user kvmd-nginx; error_log stderr;' -ExecReload=/usr/sbin/nginx -s reload -p /etc/kvmd/nginx -c /etc/kvmd/nginx/nginx.conf -g 'pid /run/kvmd/nginx.pid; user kvmd-nginx; error_log stderr;' +ExecStartPre=/usr/bin/kvmd-nginx-mkconf /etc/kvmd/nginx/nginx.conf.mako /run/kvmd/nginx.conf +ExecStart=/usr/sbin/nginx -p /etc/kvmd/nginx -c /run/kvmd/nginx.conf -g 'pid /run/kvmd/nginx.pid; user kvmd-nginx; error_log stderr;' +ExecReload=/usr/sbin/nginx -s reload -p /etc/kvmd/nginx -c /run/kvmd/nginx.conf -g 'pid /run/kvmd/nginx.pid; user kvmd-nginx; error_log stderr;' KillSignal=SIGQUIT KillMode=mixed TimeoutStopSec=3 diff --git a/kvmd/apps/__init__.py b/kvmd/apps/__init__.py index 8e504ed1..88e31ef7 100644 --- a/kvmd/apps/__init__.py +++ b/kvmd/apps/__init__.py @@ -742,6 +742,16 @@ def _get_config_scheme() -> dict: }, }, + "nginx": { + "http": { + "port": Option(80, type=valid_port), + }, + "https": { + "enabled": Option(True, type=valid_bool), + "port": Option(443, type=valid_port), + }, + }, + "janus": { "stun": { "host": Option("stun.l.google.com", type=valid_ip_or_host, unpack_as="stun_host"), diff --git a/kvmd/apps/ngxmkconf/__init__.py b/kvmd/apps/ngxmkconf/__init__.py new file mode 100644 index 00000000..6f7ed17a --- /dev/null +++ b/kvmd/apps/ngxmkconf/__init__.py @@ -0,0 +1,68 @@ +# ========================================================================== # +# # +# KVMD - The main PiKVM daemon. # +# # +# Copyright (C) 2018-2023 Maxim Devaev <[email protected]> # +# # +# This program is free software: you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation, either version 3 of the License, or # +# (at your option) any later version. # +# # +# This program is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with this program. If not, see <https://www.gnu.org/licenses/>. # +# # +# ========================================================================== # + + +import os +import argparse + +import mako.template + +from ... import network + +from .. import init + + +# ===== +def main(argv: (list[str] | None)=None) -> None: + (parent_parser, argv, config) = init( + add_help=False, + argv=argv, + ) + parser = argparse.ArgumentParser( + prog="kvmd-nginx-mkconf", + description="Generate KVMD-Nginx config", + parents=[parent_parser], + ) + parser.add_argument("-p", "--print", action="store_true", help="Print the result to stdout besides the output file") + parser.add_argument("input", help="Input Mako template") + parser.add_argument("output", help="Output Nginx config") + options = parser.parse_args(argv[1:]) + + with open(options.input, "r") as in_file: + template = in_file.read() + + rendered = mako.template.Template(template).render( + http_port=config.nginx.http.port, + https_enabled=config.nginx.https.enabled, + https_port=config.nginx.https.port, + ipv6_enabled=network.is_ipv6_enabled(), + ) + + if options.print: + print(rendered) + + try: + os.remove(options.output) + except FileNotFoundError: + pass + + with open(options.output, "w") as out_file: + out_file.write(rendered) diff --git a/kvmd/apps/ngxmkconf/__main__.py b/kvmd/apps/ngxmkconf/__main__.py new file mode 100644 index 00000000..73bb60b3 --- /dev/null +++ b/kvmd/apps/ngxmkconf/__main__.py @@ -0,0 +1,24 @@ +# ========================================================================== # +# # +# KVMD - The main PiKVM daemon. # +# # +# Copyright (C) 2018-2023 Maxim Devaev <[email protected]> # +# # +# This program is free software: you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation, either version 3 of the License, or # +# (at your option) any later version. # +# # +# This program is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with this program. If not, see <https://www.gnu.org/licenses/>. # +# # +# ========================================================================== # + + +from . import main +main() @@ -99,6 +99,7 @@ def main() -> None: "kvmd.apps.ipmi", "kvmd.apps.vnc", "kvmd.apps.vnc.rfb", + "kvmd.apps.ngxmkconf", "kvmd.apps.janus", "kvmd.apps.watchdog", "kvmd.helpers", @@ -125,6 +126,7 @@ def main() -> None: "kvmd-cleanup = kvmd.apps.cleanup:main", "kvmd-ipmi = kvmd.apps.ipmi:main", "kvmd-vnc = kvmd.apps.vnc:main", + "kvmd-nginx-mkconf = kvmd.apps.ngxmkconf", "kvmd-janus = kvmd.apps.janus:main", "kvmd-watchdog = kvmd.apps.watchdog:main", "kvmd-helper-pst-remount = kvmd.helpers.remount:main", diff --git a/testenv/Dockerfile b/testenv/Dockerfile index 036a8380..2d9d2269 100644 --- a/testenv/Dockerfile +++ b/testenv/Dockerfile @@ -57,6 +57,7 @@ RUN pacman --noconfirm --ask=4 -Syy \ python-pam \ python-pillow \ python-xlib \ + python-mako \ libxkbcommon \ python-hidapi \ python-ldap \ diff --git a/testenv/redirect-to-https.conf b/testenv/redirect-to-https.conf deleted file mode 100644 index 11796e29..00000000 --- a/testenv/redirect-to-https.conf +++ /dev/null @@ -1,3 +0,0 @@ -location / { - return 301 https://$host:4430$request_uri; -} diff --git a/testenv/v2-hdmi-rpi4.override.yaml b/testenv/v2-hdmi-rpi4.override.yaml index be93d455..f8a301f1 100644 --- a/testenv/v2-hdmi-rpi4.override.yaml +++ b/testenv/v2-hdmi-rpi4.override.yaml @@ -160,6 +160,12 @@ otgnet: pre_stop_cmd: - "/bin/true" +nginx: + http: + port: 8080 + https: + port: 4430 + janus: cmd: - "/bin/true" diff --git a/testenv/v2-hdmiusb-rpi4.override.yaml b/testenv/v2-hdmiusb-rpi4.override.yaml index f1d57089..8d5568f6 100644 --- a/testenv/v2-hdmiusb-rpi4.override.yaml +++ b/testenv/v2-hdmiusb-rpi4.override.yaml @@ -56,6 +56,12 @@ otgnet: pre_stop_cmd: - "/bin/true" +nginx: + http: + port: 8080 + https: + port: 4430 + janus: cmd: - "/bin/true" |