From 8d702f8cc26e5a0665ce2f0f0ea403e8d0d4ad79 Mon Sep 17 00:00:00 2001
From: Maxim Devaev <mdevaev@gmail.com>
Date: Sat, 3 Feb 2024 16:11:34 +0200
Subject: kvmd-nginx-mkconf: Render nginx config with kvmd settings

---
 configs/nginx/listen-http.conf         |  2 -
 configs/nginx/listen-https.conf        |  3 --
 configs/nginx/nginx.conf               | 51 ----------------------
 configs/nginx/nginx.conf.mako          | 80 ++++++++++++++++++++++++++++++++++
 configs/nginx/redirect-to-https.conf   |  3 --
 configs/os/services/kvmd-nginx.service |  5 ++-
 6 files changed, 83 insertions(+), 61 deletions(-)
 delete mode 100644 configs/nginx/listen-http.conf
 delete mode 100644 configs/nginx/listen-https.conf
 delete mode 100644 configs/nginx/nginx.conf
 create mode 100644 configs/nginx/nginx.conf.mako
 delete mode 100644 configs/nginx/redirect-to-https.conf

(limited to 'configs')

diff --git a/configs/nginx/listen-http.conf b/configs/nginx/listen-http.conf
deleted file mode 100644
index 76cb18d2..00000000
--- a/configs/nginx/listen-http.conf
+++ /dev/null
@@ -1,2 +0,0 @@
-listen 80;
-listen [::]:80;
diff --git a/configs/nginx/listen-https.conf b/configs/nginx/listen-https.conf
deleted file mode 100644
index db2f68e3..00000000
--- a/configs/nginx/listen-https.conf
+++ /dev/null
@@ -1,3 +0,0 @@
-listen 443 ssl;
-listen [::]:443 ssl;
-http2 on;
diff --git a/configs/nginx/nginx.conf b/configs/nginx/nginx.conf
deleted file mode 100644
index 16e8da3c..00000000
--- a/configs/nginx/nginx.conf
+++ /dev/null
@@ -1,51 +0,0 @@
-worker_processes 4;
-
-# error_log /tmp/kvmd-nginx.error.log;
-error_log stderr;
-
-include /usr/share/kvmd/extras/*/nginx.ctx-main.conf;
-
-events {
-	worker_connections 1024;
-	use epoll;
-	multi_accept on;
-}
-
-http {
-	types_hash_max_size 4096;
-	server_names_hash_bucket_size 128;
-
-	access_log off;
-
-	include /etc/kvmd/nginx/mime-types.conf;
-	default_type application/octet-stream;
-	charset utf-8;
-
-	sendfile on;
-	tcp_nodelay on;
-	tcp_nopush on;
-	keepalive_timeout 10;
-	client_max_body_size 4k;
-
-	client_body_temp_path	/tmp/kvmd-nginx/client_body_temp;
-	fastcgi_temp_path		/tmp/kvmd-nginx/fastcgi_temp;
-	proxy_temp_path			/tmp/kvmd-nginx/proxy_temp;
-	scgi_temp_path			/tmp/kvmd-nginx/scgi_temp;
-	uwsgi_temp_path			/tmp/kvmd-nginx/uwsgi_temp;
-
-	include /etc/kvmd/nginx/kvmd.ctx-http.conf;
-	include /usr/share/kvmd/extras/*/nginx.ctx-http.conf;
-
-	server {
-		include /etc/kvmd/nginx/listen-http.conf;
-		include /etc/kvmd/nginx/certbot.ctx-server.conf;
-		include /etc/kvmd/nginx/redirect-to-https.conf;
-	}
-
-	server {
-		include /etc/kvmd/nginx/listen-https.conf;
-		include /etc/kvmd/nginx/ssl.conf;
-		include /etc/kvmd/nginx/kvmd.ctx-server.conf;
-		include /usr/share/kvmd/extras/*/nginx.ctx-server.conf;
-	}
-}
diff --git a/configs/nginx/nginx.conf.mako b/configs/nginx/nginx.conf.mako
new file mode 100644
index 00000000..65b46db1
--- /dev/null
+++ b/configs/nginx/nginx.conf.mako
@@ -0,0 +1,80 @@
+worker_processes 4;
+
+# error_log /tmp/kvmd-nginx.error.log;
+error_log stderr;
+
+include /usr/share/kvmd/extras/*/nginx.ctx-main.conf;
+
+events {
+	worker_connections 1024;
+	use epoll;
+	multi_accept on;
+}
+
+http {
+	types_hash_max_size 4096;
+	server_names_hash_bucket_size 128;
+
+	access_log off;
+
+	include /etc/kvmd/nginx/mime-types.conf;
+	default_type application/octet-stream;
+	charset utf-8;
+
+	sendfile on;
+	tcp_nodelay on;
+	tcp_nopush on;
+	keepalive_timeout 10;
+	client_max_body_size 4k;
+
+	client_body_temp_path	/tmp/kvmd-nginx/client_body_temp;
+	fastcgi_temp_path		/tmp/kvmd-nginx/fastcgi_temp;
+	proxy_temp_path			/tmp/kvmd-nginx/proxy_temp;
+	scgi_temp_path			/tmp/kvmd-nginx/scgi_temp;
+	uwsgi_temp_path			/tmp/kvmd-nginx/uwsgi_temp;
+
+	include /etc/kvmd/nginx/kvmd.ctx-http.conf;
+	include /usr/share/kvmd/extras/*/nginx.ctx-http.conf;
+
+	% if https_enabled:
+
+	server {
+		listen ${http_port};
+		% if ipv6_enabled:
+		listen [::]:${http_port};
+		% endif
+		include /etc/kvmd/nginx/certbot.ctx-server.conf;
+		location / {
+			% if https_port == 443:
+			return 301 https://$host$request_uri;
+			% else:
+			return 301 https://$host:${https_port}$request_uri;
+			% endif
+		}
+	}
+
+	server {
+		listen ${https_port} ssl;
+		% if ipv6_enabled:
+		listen [::]:${https_port} ssl;
+		% endif
+		http2 on;
+		include /etc/kvmd/nginx/ssl.conf;
+		include /etc/kvmd/nginx/kvmd.ctx-server.conf;
+		include /usr/share/kvmd/extras/*/nginx.ctx-server.conf;
+	}
+
+	% else:
+
+	server {
+		listen ${http_port};
+		% if ipv6_enabled:
+		listen [::]:${http_port};
+		% endif
+		include /etc/kvmd/nginx/certbot.ctx-server.conf;
+		include /etc/kvmd/nginx/kvmd.ctx-server.conf;
+		include /usr/share/kvmd/extras/*/nginx.ctx-server.conf;
+	}
+
+	% endif
+}
diff --git a/configs/nginx/redirect-to-https.conf b/configs/nginx/redirect-to-https.conf
deleted file mode 100644
index 385fb49a..00000000
--- a/configs/nginx/redirect-to-https.conf
+++ /dev/null
@@ -1,3 +0,0 @@
-location / {
-	return 301 https://$host$request_uri;
-}
diff --git a/configs/os/services/kvmd-nginx.service b/configs/os/services/kvmd-nginx.service
index 51529dd5..c0eff485 100644
--- a/configs/os/services/kvmd-nginx.service
+++ b/configs/os/services/kvmd-nginx.service
@@ -10,8 +10,9 @@ SyslogLevel=err
 Restart=always
 RestartSec=3
 
-ExecStart=/usr/sbin/nginx -p /etc/kvmd/nginx -c /etc/kvmd/nginx/nginx.conf -g 'pid /run/kvmd/nginx.pid; user kvmd-nginx; error_log stderr;'
-ExecReload=/usr/sbin/nginx -s reload -p /etc/kvmd/nginx -c /etc/kvmd/nginx/nginx.conf -g 'pid /run/kvmd/nginx.pid; user kvmd-nginx; error_log stderr;'
+ExecStartPre=/usr/bin/kvmd-nginx-mkconf /etc/kvmd/nginx/nginx.conf.mako /run/kvmd/nginx.conf
+ExecStart=/usr/sbin/nginx -p /etc/kvmd/nginx -c /run/kvmd/nginx.conf -g 'pid /run/kvmd/nginx.pid; user kvmd-nginx; error_log stderr;'
+ExecReload=/usr/sbin/nginx -s reload -p /etc/kvmd/nginx -c /run/kvmd/nginx.conf -g 'pid /run/kvmd/nginx.pid; user kvmd-nginx; error_log stderr;'
 KillSignal=SIGQUIT
 KillMode=mixed
 TimeoutStopSec=3
-- 
cgit v1.2.3