blob: 5a368833bebaae87bb7051b9ff01e72ffd26c7e6 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
|
load_module /usr/lib/nginx/modules/ngx_http_lua_module.so;
user http;
worker_processes 4;
# error_log /tmp/nginx.error.log;
error_log stderr;
include /usr/share/kvmd/extras/*/nginx.main-ctx.conf;
events {
worker_connections 1024;
use epoll;
multi_accept on;
}
http {
access_log off;
include /etc/nginx/mime-types.conf;
default_type application/octet-stream;
charset utf-8;
absolute_redirect off;
index index.html;
sendfile on;
tcp_nodelay on;
tcp_nopush on;
keepalive_timeout 10;
client_body_temp_path /tmp/nginx.client_body_temp;
fastcgi_temp_path /tmp/nginx.fastcgi_temp;
proxy_temp_path /tmp/nginx.proxy_temp;
scgi_temp_path /tmp/nginx.scgi_temp;
uwsgi_temp_path /tmp/nginx.uwsgi_temp;
upstream kvmd {
server 127.0.0.1:8081 fail_timeout=0s max_fails=0;
}
upstream ustreamer {
server 127.0.0.1:8082 fail_timeout=0s max_fails=0;
}
include /usr/share/kvmd/extras/*/nginx.http-ctx.conf;
#PROD lua_shared_dict WS_TOKENS 10m;
#PROD init_by_lua_block {
#PROD WS_TOKEN_EXPIRES = 10;
#PROD }
#PROD server {
#PROD listen 80;
#PROD server_name localhost;
#PROD return 301 https://$host$request_uri;
#PROD }
server {
#PROD listen 443 ssl http2;
server_name localhost;
#PROD ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
#PROD ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
#PROD ssl_certificate /etc/nginx/ssl/server.crt;
#PROD ssl_certificate_key /etc/nginx/ssl/server.key;
#PROD add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
#PROD auth_basic "Restricted Area";
#PROD auth_basic_user_file /etc/nginx/htpasswd;
location / {
root /usr/share/kvmd/web;
}
location /ws_auth {
# Workaround for Safari: https://bugs.webkit.org/show_bug.cgi?id=80362
#PROD access_by_lua_block {
#PROD local token = ngx.encode_base64(ngx.sha1_bin(ngx.var.http_Authorization));
#PROD ngx.shared.WS_TOKENS:set(token, token, WS_TOKEN_EXPIRES);
#PROD ngx.header["Set-Cookie"] = "WS_ACCESS_TOKEN=" .. token .. "; Path=/; Expires=" .. ngx.cookie_time(ngx.time() + WS_TOKEN_EXPIRES);
#PROD }
content_by_lua_block {
ngx.say("ok");
}
}
location /kvmd/ws {
#PROD auth_basic off;
#PROD access_by_lua_block {
#PROD local token = ngx.var.cookie_WS_ACCESS_TOKEN;
#PROD local value, _ = ngx.shared.WS_TOKENS:get(token);
#PROD if value == nil then
#PROD ngx.exec("/ws_auth");
#PROD end
#PROD }
rewrite ^/kvmd/ws$ /ws break;
rewrite ^/kvmd/ws\?(.*)$ /ws?$1 break;
proxy_pass http://kvmd;
include /etc/nginx/proxy-params.conf;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_connect_timeout 7d;
proxy_send_timeout 7d;
proxy_read_timeout 7d;
}
location /kvmd/msd/write {
rewrite ^/kvmd/msd/write$ /msd/write break;
rewrite ^/kvmd/msd/write\?(.*)$ /msd/write?$1 break;
proxy_pass http://kvmd;
include /etc/nginx/proxy-params.conf;
limit_rate 6250k;
limit_rate_after 50k;
client_max_body_size 0;
proxy_request_buffering off;
}
location /kvmd/log {
rewrite ^/kvmd/log$ /log break;
rewrite ^/kvmd/log\?(.*)$ /log?$1 break;
proxy_pass http://kvmd;
include /etc/nginx/proxy-params.conf;
proxy_read_timeout 7d;
postpone_output 0;
proxy_buffering off;
proxy_ignore_headers X-Accel-Buffering;
}
location /kvmd {
rewrite ^/kvmd$ / break;
rewrite ^/kvmd/(.*)$ /$1 break;
proxy_pass http://kvmd;
include /etc/nginx/proxy-params.conf;
}
location /streamer {
rewrite ^/streamer$ / break;
rewrite ^/streamer\?(.*)$ ?$1 break;
rewrite ^/streamer/(.*)$ /$1 break;
proxy_pass http://ustreamer;
include /etc/nginx/proxy-params.conf;
postpone_output 0;
proxy_buffering off;
proxy_ignore_headers X-Accel-Buffering;
}
include /usr/share/kvmd/extras/*/nginx.server-ctx.conf;
}
}
|
