diff options
Diffstat (limited to 'configs/nginx')
| -rw-r--r-- | configs/nginx/nginx.conf | 65 |
1 files changed, 38 insertions, 27 deletions
diff --git a/configs/nginx/nginx.conf b/configs/nginx/nginx.conf index 5a368833..49776d9d 100644 --- a/configs/nginx/nginx.conf +++ b/configs/nginx/nginx.conf @@ -1,5 +1,3 @@ -load_module /usr/lib/nginx/modules/ngx_http_lua_module.so; - user http; worker_processes 4; @@ -28,6 +26,7 @@ http { tcp_nodelay on; tcp_nopush on; keepalive_timeout 10; + client_max_body_size 4k; client_body_temp_path /tmp/nginx.client_body_temp; fastcgi_temp_path /tmp/nginx.fastcgi_temp; @@ -45,11 +44,6 @@ http { include /usr/share/kvmd/extras/*/nginx.http-ctx.conf; -#PROD lua_shared_dict WS_TOKENS 10m; -#PROD init_by_lua_block { -#PROD WS_TOKEN_EXPIRES = 10; -#PROD } - #PROD server { #PROD listen 80; #PROD server_name localhost; @@ -67,34 +61,47 @@ http { #PROD add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; -#PROD auth_basic "Restricted Area"; -#PROD auth_basic_user_file /etc/nginx/htpasswd; + auth_request /auth; + + location = /auth { + internal; + proxy_pass http://kvmd/auth/check; + proxy_pass_request_body off; + proxy_set_header Content-Length ""; + auth_request off; + } location / { root /usr/share/kvmd/web; + error_page 401 = @login; + error_page 403 = @login; + } + + location @login { + return 302 /login; + } + + location /login { + root /usr/share/kvmd/web; + auth_request off; + } + + location /share { + root /usr/share/kvmd/web; + auth_request off; + } + + location = /favicon.ico { + alias /usr/share/kvmd/web/favicon.ico; + auth_request off; } - location /ws_auth { - # Workaround for Safari: https://bugs.webkit.org/show_bug.cgi?id=80362 -#PROD access_by_lua_block { -#PROD local token = ngx.encode_base64(ngx.sha1_bin(ngx.var.http_Authorization)); -#PROD ngx.shared.WS_TOKENS:set(token, token, WS_TOKEN_EXPIRES); -#PROD ngx.header["Set-Cookie"] = "WS_ACCESS_TOKEN=" .. token .. "; Path=/; Expires=" .. ngx.cookie_time(ngx.time() + WS_TOKEN_EXPIRES); -#PROD } - content_by_lua_block { - ngx.say("ok"); - } + location = /robots.txt { + alias /usr/share/kvmd/web/robots.txt; + auth_request off; } location /kvmd/ws { -#PROD auth_basic off; -#PROD access_by_lua_block { -#PROD local token = ngx.var.cookie_WS_ACCESS_TOKEN; -#PROD local value, _ = ngx.shared.WS_TOKENS:get(token); -#PROD if value == nil then -#PROD ngx.exec("/ws_auth"); -#PROD end -#PROD } rewrite ^/kvmd/ws$ /ws break; rewrite ^/kvmd/ws\?(.*)$ /ws?$1 break; proxy_pass http://kvmd; @@ -104,6 +111,7 @@ http { proxy_connect_timeout 7d; proxy_send_timeout 7d; proxy_read_timeout 7d; + auth_request off; } location /kvmd/msd/write { @@ -115,6 +123,7 @@ http { limit_rate_after 50k; client_max_body_size 0; proxy_request_buffering off; + auth_request off; } location /kvmd/log { @@ -126,6 +135,7 @@ http { postpone_output 0; proxy_buffering off; proxy_ignore_headers X-Accel-Buffering; + auth_request off; } location /kvmd { @@ -133,6 +143,7 @@ http { rewrite ^/kvmd/(.*)$ /$1 break; proxy_pass http://kvmd; include /etc/nginx/proxy-params.conf; + auth_request off; } location /streamer { |