blob: ce4b57993d7db3d8bb460aa7290564a141531220 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
|
load_module /usr/lib/nginx/modules/ngx_http_lua_module.so;
user http;
worker_processes 4;
# error_log /tmp/nginx.error.log;
error_log stderr;
include /etc/nginx/ext.d/*/main-ctx.conf;
events {
worker_connections 1024;
use epoll;
multi_accept on;
}
http {
access_log off;
include /etc/nginx/mime-types.conf;
default_type application/octet-stream;
charset utf-8;
sendfile on;
tcp_nodelay on;
tcp_nopush on;
keepalive_timeout 10;
client_body_temp_path /tmp/nginx.client_body_temp;
fastcgi_temp_path /tmp/nginx.fastcgi_temp;
proxy_temp_path /tmp/nginx.proxy_temp;
scgi_temp_path /tmp/nginx.scgi_temp;
uwsgi_temp_path /tmp/nginx.uwsgi_temp;
upstream kvmd {
server 127.0.0.1:8081 fail_timeout=0s max_fails=0;
}
upstream ustreamer {
server 127.0.0.1:8082 fail_timeout=0s max_fails=0;
}
include /etc/nginx/ext.d/*/http-ctx.conf;
lua_shared_dict WS_TOKENS 10m;
init_by_lua_block {
WS_TOKEN_EXPIRES = 10;
local cjson = require("cjson");
local io = require("io");
EXTENSIONS = {};
local extensions_dir_path = "/etc/nginx/ext.d";
for extension in io.popen("ls " .. extensions_dir_path):lines() do
local manifest_file = assert(io.open(extensions_dir_path .. "/" .. extension .. "/manifest.json", "r"));
local manifest = cjson.decode(manifest_file:read("*all"));
manifest_file:close();
EXTENSIONS[manifest["name"]] = manifest;
end
}
#PROD server {
#PROD listen 80;
#PROD server_name localhost;
#PROD return 301 https://$host$request_uri;
#PROD }
server {
#PROD listen 443 ssl http2;
server_name localhost;
#PROD ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
#PROD ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
#PROD ssl_certificate /etc/nginx/ssl/server.crt;
#PROD ssl_certificate_key /etc/nginx/ssl/server.key;
#PROD add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
#PROD auth_basic "Restricted Area";
#PROD auth_basic_user_file /etc/nginx/htpasswd;
location / {
root /usr/share/kvmd/web;
index index.html;
}
location /wsauth {
# Workaround for Safari: https://bugs.webkit.org/show_bug.cgi?id=80362
#PROD access_by_lua_block {
#PROD local token = ngx.encode_base64(ngx.sha1_bin(ngx.var.http_Authorization));
#PROD ngx.shared.WS_TOKENS:set(token, token, WS_TOKEN_EXPIRES);
#PROD ngx.header["Set-Cookie"] = "WS_ACCESS_TOKEN=" .. token .. "; Path=/; Expires=" .. ngx.cookie_time(ngx.time() + WS_TOKEN_EXPIRES);
#PROD }
content_by_lua_block {
ngx.say("ok");
}
}
location /extensions {
default_type "application/json";
content_by_lua_block {
local cjson = require("cjson");
ngx.say(cjson.encode(EXTENSIONS));
}
}
location /kvmd/ws {
#PROD auth_basic off;
#PROD access_by_lua_block {
#PROD local token = ngx.var.cookie_WS_ACCESS_TOKEN;
#PROD local value, _ = ngx.shared.WS_TOKENS:get(token);
#PROD if value == nil then
#PROD ngx.exec("/wsauth");
#PROD end
#PROD }
rewrite ^/kvmd/ws$ /ws break;
rewrite ^/kvmd/ws\?(.*)$ /ws?$1 break;
proxy_pass http://kvmd;
include /etc/nginx/proxy-params.conf;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_connect_timeout 7d;
proxy_send_timeout 7d;
proxy_read_timeout 7d;
}
location /kvmd/msd/write {
rewrite ^/kvmd/msd/write$ /msd/write break;
rewrite ^/kvmd/msd/write\?(.*)$ /msd/write?$1 break;
proxy_pass http://kvmd;
include /etc/nginx/proxy-params.conf;
limit_rate 6250k;
limit_rate_after 50k;
client_max_body_size 0;
proxy_request_buffering off;
}
location /kvmd/log {
rewrite ^/kvmd/log$ /log break;
rewrite ^/kvmd/log\?(.*)$ /log?$1 break;
proxy_pass http://kvmd;
include /etc/nginx/proxy-params.conf;
proxy_read_timeout 7d;
postpone_output 0;
proxy_buffering off;
proxy_ignore_headers X-Accel-Buffering;
}
location /kvmd {
rewrite ^/kvmd$ / break;
rewrite ^/kvmd/(.*)$ /$1 break;
proxy_pass http://kvmd;
include /etc/nginx/proxy-params.conf;
}
location /streamer {
rewrite ^/streamer$ / break;
rewrite ^/streamer\?(.*)$ ?$1 break;
rewrite ^/streamer/(.*)$ /$1 break;
proxy_pass http://ustreamer;
include /etc/nginx/proxy-params.conf;
postpone_output 0;
proxy_buffering off;
proxy_ignore_headers X-Accel-Buffering;
}
include /etc/nginx/ext.d/*/server-ctx.conf;
}
}
|
