blob: 49776d9d6fb85cd72e2db212436aa7a9fea09725 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
|
user http;
worker_processes 4;
# error_log /tmp/nginx.error.log;
error_log stderr;
include /usr/share/kvmd/extras/*/nginx.main-ctx.conf;
events {
worker_connections 1024;
use epoll;
multi_accept on;
}
http {
access_log off;
include /etc/nginx/mime-types.conf;
default_type application/octet-stream;
charset utf-8;
absolute_redirect off;
index index.html;
sendfile on;
tcp_nodelay on;
tcp_nopush on;
keepalive_timeout 10;
client_max_body_size 4k;
client_body_temp_path /tmp/nginx.client_body_temp;
fastcgi_temp_path /tmp/nginx.fastcgi_temp;
proxy_temp_path /tmp/nginx.proxy_temp;
scgi_temp_path /tmp/nginx.scgi_temp;
uwsgi_temp_path /tmp/nginx.uwsgi_temp;
upstream kvmd {
server 127.0.0.1:8081 fail_timeout=0s max_fails=0;
}
upstream ustreamer {
server 127.0.0.1:8082 fail_timeout=0s max_fails=0;
}
include /usr/share/kvmd/extras/*/nginx.http-ctx.conf;
#PROD server {
#PROD listen 80;
#PROD server_name localhost;
#PROD return 301 https://$host$request_uri;
#PROD }
server {
#PROD listen 443 ssl http2;
server_name localhost;
#PROD ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
#PROD ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
#PROD ssl_certificate /etc/nginx/ssl/server.crt;
#PROD ssl_certificate_key /etc/nginx/ssl/server.key;
#PROD add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
auth_request /auth;
location = /auth {
internal;
proxy_pass http://kvmd/auth/check;
proxy_pass_request_body off;
proxy_set_header Content-Length "";
auth_request off;
}
location / {
root /usr/share/kvmd/web;
error_page 401 = @login;
error_page 403 = @login;
}
location @login {
return 302 /login;
}
location /login {
root /usr/share/kvmd/web;
auth_request off;
}
location /share {
root /usr/share/kvmd/web;
auth_request off;
}
location = /favicon.ico {
alias /usr/share/kvmd/web/favicon.ico;
auth_request off;
}
location = /robots.txt {
alias /usr/share/kvmd/web/robots.txt;
auth_request off;
}
location /kvmd/ws {
rewrite ^/kvmd/ws$ /ws break;
rewrite ^/kvmd/ws\?(.*)$ /ws?$1 break;
proxy_pass http://kvmd;
include /etc/nginx/proxy-params.conf;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_connect_timeout 7d;
proxy_send_timeout 7d;
proxy_read_timeout 7d;
auth_request off;
}
location /kvmd/msd/write {
rewrite ^/kvmd/msd/write$ /msd/write break;
rewrite ^/kvmd/msd/write\?(.*)$ /msd/write?$1 break;
proxy_pass http://kvmd;
include /etc/nginx/proxy-params.conf;
limit_rate 6250k;
limit_rate_after 50k;
client_max_body_size 0;
proxy_request_buffering off;
auth_request off;
}
location /kvmd/log {
rewrite ^/kvmd/log$ /log break;
rewrite ^/kvmd/log\?(.*)$ /log?$1 break;
proxy_pass http://kvmd;
include /etc/nginx/proxy-params.conf;
proxy_read_timeout 7d;
postpone_output 0;
proxy_buffering off;
proxy_ignore_headers X-Accel-Buffering;
auth_request off;
}
location /kvmd {
rewrite ^/kvmd$ / break;
rewrite ^/kvmd/(.*)$ /$1 break;
proxy_pass http://kvmd;
include /etc/nginx/proxy-params.conf;
auth_request off;
}
location /streamer {
rewrite ^/streamer$ / break;
rewrite ^/streamer\?(.*)$ ?$1 break;
rewrite ^/streamer/(.*)$ /$1 break;
proxy_pass http://ustreamer;
include /etc/nginx/proxy-params.conf;
postpone_output 0;
proxy_buffering off;
proxy_ignore_headers X-Accel-Buffering;
}
include /usr/share/kvmd/extras/*/nginx.server-ctx.conf;
}
}
|
