diff options
Diffstat (limited to 'configs/nginx/nginx.conf')
-rw-r--r-- | configs/nginx/nginx.conf | 123 |
1 files changed, 123 insertions, 0 deletions
diff --git a/configs/nginx/nginx.conf b/configs/nginx/nginx.conf new file mode 100644 index 00000000..f0d6965b --- /dev/null +++ b/configs/nginx/nginx.conf @@ -0,0 +1,123 @@ +load_module /usr/lib/nginx/modules/ngx_http_lua_module.so; + +user http; +worker_processes 4; + +# error_log /tmp/nginx.error.log; +error_log /dev/null crit; + +events { + worker_connections 1024; + use epoll; +} + +http { + access_log off; + + include /etc/nginx/mime-types.conf; + default_type application/octet-stream; + charset utf-8; + + sendfile on; + keepalive_timeout 10; + + client_body_temp_path /tmp/nginx.client_body_temp; + fastcgi_temp_path /tmp/nginx.fastcgi_temp; + proxy_temp_path /tmp/nginx.proxy_temp; + scgi_temp_path /tmp/nginx.scgi_temp; + uwsgi_temp_path /tmp/nginx.uwsgi_temp; + + upstream kvmd { + server localhost:8081 fail_timeout=0s max_fails=0; + } + + upstream ustreamer { + server localhost:8082 fail_timeout=0s max_fails=0; + } + +#PROD server { +#PROD listen 80; +#PROD server_name localhost; +#PROD return 301 https://$host$request_uri; +#PROD } + +#PROD lua_shared_dict WS_TOKENS 10m; +#PROD init_by_lua_block { +#PROD WS_TOKEN_EXPIRES = 10; +#PROD } + + server { +#PROD listen 443 ssl http2; + server_name localhost; + +#PROD ssl_protocols TLSv1 TLSv1.1 TLSv1.2; +#PROD ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH"; +#PROD ssl_certificate /etc/nginx/ssl/server.crt; +#PROD ssl_certificate_key /etc/nginx/ssl/server.key; + +#PROD add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; + +#PROD auth_basic "Restricted Area"; +#PROD auth_basic_user_file /etc/nginx/htpasswd; + + location / { + root /usr/share/kvmd/web; + index index.html; + } + + location /wsauth { + # Workaround for Safari: https://bugs.webkit.org/show_bug.cgi?id=80362 +#PROD access_by_lua_block { +#PROD local token = ngx.encode_base64(ngx.sha1_bin(ngx.var.http_Authorization)); +#PROD ngx.shared.WS_TOKENS:set(token, token, WS_TOKEN_EXPIRES); +#PROD ngx.header["Set-Cookie"] = "WS_ACCESS_TOKEN=" .. token .. "; Path=/; Expires=" .. ngx.cookie_time(ngx.time() + WS_TOKEN_EXPIRES); +#PROD } + content_by_lua_block { + ngx.say("ok"); + } + } + + location /kvmd/ws { +#PROD auth_basic off; +#PROD access_by_lua_block { +#PROD local token = ngx.var.cookie_WS_ACCESS_TOKEN; +#PROD local value, _ = ngx.shared.WS_TOKENS:get(token); +#PROD if value == nil then +#PROD ngx.exec("/wsauth"); +#PROD end +#PROD } + rewrite /kvmd/ws /ws break; + proxy_pass http://kvmd; + include /etc/nginx/proxy-params.conf; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_connect_timeout 7d; + proxy_send_timeout 7d; + proxy_read_timeout 7d; + } + + location /kvmd/msd/write { + rewrite /kvmd/msd/write /msd/write break; + proxy_pass http://kvmd; + include /etc/nginx/proxy-params.conf; + limit_rate 6250k; + limit_rate_after 50k; + client_max_body_size 0; + proxy_request_buffering off; + } + + location /kvmd { + rewrite /kvmd/?(.*) /$1 break; + proxy_pass http://kvmd; + include /etc/nginx/proxy-params.conf; + } + + location /streamer { + rewrite /streamer/?(.*) /$1 break; + proxy_pass http://ustreamer; + include /etc/nginx/proxy-params.conf; + proxy_buffering off; + proxy_ignore_headers X-Accel-Buffering; + } + } +} |