summaryrefslogtreecommitdiff
path: root/configs/nginx/nginx.conf
blob: f0d6965b4a467e8b39a70fff6f67ef6b722195e4 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123

load_module /usr/lib/nginx/modules/ngx_http_lua_module.so;

user http;
worker_processes 4;

# error_log /tmp/nginx.error.log;
error_log /dev/null crit;

events {
	worker_connections 1024;
	use epoll;
}

http {
	access_log off;

	include /etc/nginx/mime-types.conf;
	default_type application/octet-stream;
	charset utf-8;

	sendfile on;
	keepalive_timeout 10;

	client_body_temp_path	/tmp/nginx.client_body_temp;
	fastcgi_temp_path		/tmp/nginx.fastcgi_temp;
	proxy_temp_path			/tmp/nginx.proxy_temp;
	scgi_temp_path			/tmp/nginx.scgi_temp;
	uwsgi_temp_path			/tmp/nginx.uwsgi_temp;

	upstream kvmd {
		server localhost:8081 fail_timeout=0s max_fails=0;
	}

	upstream ustreamer {
		server localhost:8082 fail_timeout=0s max_fails=0;
	}

#PROD	server {
#PROD		listen 80;
#PROD		server_name localhost;
#PROD		return 301 https://$host$request_uri;
#PROD	}

#PROD	lua_shared_dict WS_TOKENS 10m;
#PROD	init_by_lua_block {
#PROD		WS_TOKEN_EXPIRES = 10;
#PROD	}

	server {
#PROD		listen 443 ssl http2;
		server_name localhost;

#PROD		ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
#PROD		ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
#PROD		ssl_certificate /etc/nginx/ssl/server.crt;
#PROD		ssl_certificate_key /etc/nginx/ssl/server.key;

#PROD		add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;

#PROD		auth_basic "Restricted Area";
#PROD		auth_basic_user_file /etc/nginx/htpasswd;

		location / {
			root /usr/share/kvmd/web;
			index index.html;
		}

		location /wsauth {
			# Workaround for Safari: https://bugs.webkit.org/show_bug.cgi?id=80362
#PROD			access_by_lua_block {
#PROD				local token = ngx.encode_base64(ngx.sha1_bin(ngx.var.http_Authorization));
#PROD				ngx.shared.WS_TOKENS:set(token, token, WS_TOKEN_EXPIRES);
#PROD				ngx.header["Set-Cookie"] = "WS_ACCESS_TOKEN=" .. token .. "; Path=/; Expires=" .. ngx.cookie_time(ngx.time() + WS_TOKEN_EXPIRES);
#PROD			}
			content_by_lua_block {
				ngx.say("ok");
			}
		}

		location /kvmd/ws {
#PROD			auth_basic off;
#PROD			access_by_lua_block {
#PROD				local token = ngx.var.cookie_WS_ACCESS_TOKEN;
#PROD				local value, _ = ngx.shared.WS_TOKENS:get(token);
#PROD				if value == nil then
#PROD					ngx.exec("/wsauth");
#PROD				end
#PROD			}
			rewrite /kvmd/ws /ws break;
			proxy_pass http://kvmd;
			include /etc/nginx/proxy-params.conf;
			proxy_set_header Upgrade $http_upgrade;
			proxy_set_header Connection "upgrade";
			proxy_connect_timeout 7d;
			proxy_send_timeout 7d;
			proxy_read_timeout 7d;
		}

		location /kvmd/msd/write {
			rewrite /kvmd/msd/write /msd/write break;
			proxy_pass http://kvmd;
			include /etc/nginx/proxy-params.conf;
			limit_rate 6250k;
			limit_rate_after 50k;
			client_max_body_size 0;
			proxy_request_buffering off;
		}

		location /kvmd {
			rewrite /kvmd/?(.*) /$1 break;
			proxy_pass http://kvmd;
			include /etc/nginx/proxy-params.conf;
		}

		location /streamer {
			rewrite /streamer/?(.*) /$1 break;
			proxy_pass http://ustreamer;
			include /etc/nginx/proxy-params.conf;
			proxy_buffering off;
			proxy_ignore_headers X-Accel-Buffering;
		}
	}
}
generated by cgit v1.2.3 (git 2.25.1) at 2025-01-23 23:29:10 +0000