kvmd-nginx-mkconf: Render nginx config with kvmd settings

2025-12-12 01:00:29 +08:00 · 2024-02-03 16:11:34 +02:00 · 2024-02-03 16:11:34 +02:00 · 8d702f8cc2
commit 8d702f8cc2
parent 272e3bf5e9
15 changed files with 160 additions and 23 deletions
--- a/6
+++ b/6
@ -113,15 +113,14 @@ run: testenv $(TESTENV_GPIO)
 			--device $(TESTENV_VIDEO):$(TESTENV_VIDEO) \
 			--device $(TESTENV_GPIO):$(TESTENV_GPIO) \
 			$(if $(TESTENV_RELAY),--device $(TESTENV_RELAY):$(TESTENV_RELAY),) \
-			--publish 8080:80/tcp \
+			--publish 8080:8080/tcp \
-			--publish 4430:443/tcp \
+			--publish 4430:4430/tcp \
 		-it $(TESTENV_IMAGE) /bin/bash -c " \
 			mkdir -p /tmp/kvmd-nginx \
 			&& mount -t debugfs none /sys/kernel/debug \
 			&& test -d /sys/kernel/debug/gpio-mockup/`basename $(TESTENV_GPIO)`/ || (echo \"Missing GPIO mockup\" && exit 1) \
 			&& (socat PTY,link=$(TESTENV_HID) PTY,link=/dev/ttyS11 &) \
 			&& cp -r /usr/share/kvmd/configs.default/nginx/* /etc/kvmd/nginx \
 			&& cp testenv/redirect-to-https.conf /etc/kvmd/nginx \
 			&& cp -a /testenv/.ssl/nginx /etc/kvmd/nginx/ssl \
 			&& cp -a /testenv/.ssl/vnc /etc/kvmd/vnc/ssl \
 			&& cp /usr/share/kvmd/configs.default/kvmd/*.yaml /etc/kvmd \
@ -131,6 +130,7 @@ run: testenv $(TESTENV_GPIO)
 			&& ln -s /testenv/web.css /etc/kvmd/web.css \
 			&& mkdir -p /etc/kvmd/override.d \
 			&& cp /testenv/$(if $(P),$(P),$(DEFAULT_PLATFORM)).override.yaml /etc/kvmd/override.yaml \
 			&& python -m kvmd.apps.ngxmkconf /etc/kvmd/nginx/nginx.conf.mako /etc/kvmd/nginx/nginx.conf \
 			&& nginx -c /etc/kvmd/nginx/nginx.conf -g 'user http; error_log stderr;' \
 			&& ln -s $(TESTENV_VIDEO) /dev/kvmd-video \
 			&& ln -s $(TESTENV_GPIO) /dev/kvmd-gpio \
--- a/9
+++ b/9
@ -76,6 +76,7 @@ depends=(
 	python-pyrad
 	python-ldap
 	python-zstandard
 	python-mako
 	"libgpiod>=2.1"
 	freetype2
 	"v4l-utils>=1.22.1-1"
@ -136,9 +137,9 @@ backup=(
 	etc/kvmd/{ht,ipmi,vnc}passwd
 	etc/kvmd/totp.secret
 	etc/kvmd/nginx/{kvmd.ctx-{http,server},certbot.ctx-server}.conf
 	etc/kvmd/nginx/listen-http{,s}.conf
 	etc/kvmd/nginx/loc-{login,nocache,proxy,websocket,nobuffering,bigpost}.conf
-	etc/kvmd/nginx/{mime-types,ssl,redirect-to-https,nginx}.conf
+	etc/kvmd/nginx/{mime-types,ssl}.conf
 	etc/kvmd/nginx/nginx.conf.mako
 	etc/kvmd/janus/janus{,.plugin.ustreamer,.transport.websockets}.jcfg
 	etc/kvmd/web.css
 )
@ -173,8 +174,8 @@ package_kvmd() {
 	mkdir -p "$pkgdir/etc/kvmd/"{nginx,vnc}"/ssl"
 	chmod 755 "$pkgdir/etc/kvmd/"{nginx,vnc}"/ssl"
-	install -Dm444 -t "$pkgdir/etc/kvmd/nginx" "$_cfg_default/nginx"/*.conf
+	install -Dm444 -t "$pkgdir/etc/kvmd/nginx" "$_cfg_default/nginx"/*.conf*
-	chmod 644 "$pkgdir/etc/kvmd/nginx/"{nginx,redirect-to-https,ssl,listen-http{,s}}.conf
+	chmod 644 "$pkgdir/etc/kvmd/nginx/"{nginx,ssl}.conf*
 	mkdir -p "$pkgdir/etc/kvmd/janus"
 	chmod 755 "$pkgdir/etc/kvmd/janus"
--- a/configs/nginx/listen-http.conf
+++ b/configs/nginx/listen-http.conf
@ -1,2 +0,0 @@
 listen 80;
 listen [::]:80;
--- a/configs/nginx/listen-https.conf
+++ b/configs/nginx/listen-https.conf
@ -1,3 +0,0 @@
 listen 443 ssl;
 listen [::]:443 ssl;
 http2 on;
--- a/configs/nginx/nginx.conf.mako
+++ b/configs/nginx/nginx.conf.mako
@ -36,16 +36,45 @@ http {
 	include /etc/kvmd/nginx/kvmd.ctx-http.conf;
 	include /usr/share/kvmd/extras/*/nginx.ctx-http.conf;
 	% if https_enabled:
 	server {
-		include /etc/kvmd/nginx/listen-http.conf;
+		listen ${http_port};
 		% if ipv6_enabled:
 		listen [::]:${http_port};
 		% endif
 		include /etc/kvmd/nginx/certbot.ctx-server.conf;
-		include /etc/kvmd/nginx/redirect-to-https.conf;
+		location / {
 			% if https_port == 443:
 			return 301 https://$host$request_uri;
 			% else:
 			return 301 https://$host:${https_port}$request_uri;
 			% endif
 		}
 	}
 	server {
-		include /etc/kvmd/nginx/listen-https.conf;
+		listen ${https_port} ssl;
 		% if ipv6_enabled:
 		listen [::]:${https_port} ssl;
 		% endif
 		http2 on;
 		include /etc/kvmd/nginx/ssl.conf;
 		include /etc/kvmd/nginx/kvmd.ctx-server.conf;
 		include /usr/share/kvmd/extras/*/nginx.ctx-server.conf;
 	}
 	% else:
 	server {
 		listen ${http_port};
 		% if ipv6_enabled:
 		listen [::]:${http_port};
 		% endif
 		include /etc/kvmd/nginx/certbot.ctx-server.conf;
 		include /etc/kvmd/nginx/kvmd.ctx-server.conf;
 		include /usr/share/kvmd/extras/*/nginx.ctx-server.conf;
 	}
 	% endif
 }
--- a/configs/nginx/redirect-to-https.conf
+++ b/configs/nginx/redirect-to-https.conf
@ -1,3 +0,0 @@
 location / {
 	return 301 https://$host$request_uri;
 }
--- a/configs/os/services/kvmd-nginx.service
+++ b/configs/os/services/kvmd-nginx.service
@ -10,8 +10,9 @@ SyslogLevel=err
 Restart=always
 RestartSec=3
-ExecStart=/usr/sbin/nginx -p /etc/kvmd/nginx -c /etc/kvmd/nginx/nginx.conf -g 'pid /run/kvmd/nginx.pid; user kvmd-nginx; error_log stderr;'
+ExecStartPre=/usr/bin/kvmd-nginx-mkconf /etc/kvmd/nginx/nginx.conf.mako /run/kvmd/nginx.conf
-ExecReload=/usr/sbin/nginx -s reload -p /etc/kvmd/nginx -c /etc/kvmd/nginx/nginx.conf -g 'pid /run/kvmd/nginx.pid; user kvmd-nginx; error_log stderr;'
+ExecStart=/usr/sbin/nginx -p /etc/kvmd/nginx -c /run/kvmd/nginx.conf -g 'pid /run/kvmd/nginx.pid; user kvmd-nginx; error_log stderr;'
 ExecReload=/usr/sbin/nginx -s reload -p /etc/kvmd/nginx -c /run/kvmd/nginx.conf -g 'pid /run/kvmd/nginx.pid; user kvmd-nginx; error_log stderr;'
 KillSignal=SIGQUIT
 KillMode=mixed
 TimeoutStopSec=3
--- a/kvmd/apps/init.py
+++ b/kvmd/apps/init.py
@ -742,6 +742,16 @@ def _get_config_scheme() -> dict:
            },
        },
        "nginx": {
            "http": {
                "port": Option(80, type=valid_port),
            },
            "https": {
                "enabled": Option(True, type=valid_bool),
                "port":    Option(443,  type=valid_port),
            },
        },
        "janus": {
            "stun": {
                "host":          Option("stun.l.google.com", type=valid_ip_or_host, unpack_as="stun_host"),
--- a/kvmd/apps/ngxmkconf/init.py
+++ b/kvmd/apps/ngxmkconf/init.py
@ -0,0 +1,68 @@
 # ========================================================================== #
 #                                                                            #
 #    KVMD - The main PiKVM daemon.                                           #
 #                                                                            #
 #    Copyright (C) 2018-2023  Maxim Devaev <mdevaev@gmail.com>               #
 #                                                                            #
 #    This program is free software: you can redistribute it and/or modify    #
 #    it under the terms of the GNU General Public License as published by    #
 #    the Free Software Foundation, either version 3 of the License, or       #
 #    (at your option) any later version.                                     #
 #                                                                            #
 #    This program is distributed in the hope that it will be useful,         #
 #    but WITHOUT ANY WARRANTY; without even the implied warranty of          #
 #    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the           #
 #    GNU General Public License for more details.                            #
 #                                                                            #
 #    You should have received a copy of the GNU General Public License       #
 #    along with this program.  If not, see <https://www.gnu.org/licenses/>.  #
 #                                                                            #
 # ========================================================================== #
 import os
 import argparse
 import mako.template
 from ... import network
 from .. import init
 # =====
 def main(argv: (list[str] | None)=None) -> None:
    (parent_parser, argv, config) = init(
        add_help=False,
        argv=argv,
    )
    parser = argparse.ArgumentParser(
        prog="kvmd-nginx-mkconf",
        description="Generate KVMD-Nginx config",
        parents=[parent_parser],
    )
    parser.add_argument("-p", "--print", action="store_true", help="Print the result to stdout besides the output file")
    parser.add_argument("input", help="Input Mako template")
    parser.add_argument("output", help="Output Nginx config")
    options = parser.parse_args(argv[1:])
    with open(options.input, "r") as in_file:
        template = in_file.read()
    rendered = mako.template.Template(template).render(
        http_port=config.nginx.http.port,
        https_enabled=config.nginx.https.enabled,
        https_port=config.nginx.https.port,
        ipv6_enabled=network.is_ipv6_enabled(),
    )
    if options.print:
        print(rendered)
    try:
        os.remove(options.output)
    except FileNotFoundError:
        pass
    with open(options.output, "w") as out_file:
        out_file.write(rendered)
--- a/kvmd/apps/ngxmkconf/main.py
+++ b/kvmd/apps/ngxmkconf/main.py
@ -0,0 +1,24 @@
 # ========================================================================== #
 #                                                                            #
 #    KVMD - The main PiKVM daemon.                                           #
 #                                                                            #
 #    Copyright (C) 2018-2023  Maxim Devaev <mdevaev@gmail.com>               #
 #                                                                            #
 #    This program is free software: you can redistribute it and/or modify    #
 #    it under the terms of the GNU General Public License as published by    #
 #    the Free Software Foundation, either version 3 of the License, or       #
 #    (at your option) any later version.                                     #
 #                                                                            #
 #    This program is distributed in the hope that it will be useful,         #
 #    but WITHOUT ANY WARRANTY; without even the implied warranty of          #
 #    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the           #
 #    GNU General Public License for more details.                            #
 #                                                                            #
 #    You should have received a copy of the GNU General Public License       #
 #    along with this program.  If not, see <https://www.gnu.org/licenses/>.  #
 #                                                                            #
 # ========================================================================== #
 from . import main
 main()
--- a/setup.py
+++ b/setup.py
@ -99,6 +99,7 @@ def main() -> None:
            "kvmd.apps.ipmi",
            "kvmd.apps.vnc",
            "kvmd.apps.vnc.rfb",
            "kvmd.apps.ngxmkconf",
            "kvmd.apps.janus",
            "kvmd.apps.watchdog",
            "kvmd.helpers",
@ -125,6 +126,7 @@ def main() -> None:
                "kvmd-cleanup = kvmd.apps.cleanup:main",
                "kvmd-ipmi = kvmd.apps.ipmi:main",
                "kvmd-vnc = kvmd.apps.vnc:main",
                "kvmd-nginx-mkconf = kvmd.apps.ngxmkconf",
                "kvmd-janus = kvmd.apps.janus:main",
                "kvmd-watchdog = kvmd.apps.watchdog:main",
                "kvmd-helper-pst-remount = kvmd.helpers.remount:main",
--- a/testenv/Dockerfile
+++ b/testenv/Dockerfile
@ -57,6 +57,7 @@ RUN pacman --noconfirm --ask=4 -Syy \
 		python-pam \
 		python-pillow \
 		python-xlib \
 		python-mako \
 		libxkbcommon \
 		python-hidapi \
 		python-ldap \
--- a/testenv/redirect-to-https.conf
+++ b/testenv/redirect-to-https.conf
@ -1,3 +0,0 @@
 location / {
 	return 301 https://$host:4430$request_uri;
 }
--- a/testenv/v2-hdmi-rpi4.override.yaml
+++ b/testenv/v2-hdmi-rpi4.override.yaml
@ -160,6 +160,12 @@ otgnet:
        pre_stop_cmd:
            - "/bin/true"
 nginx:
    http:
        port: 8080
    https:
        port: 4430
 janus:
    cmd:
        - "/bin/true"
--- a/testenv/v2-hdmiusb-rpi4.override.yaml
+++ b/testenv/v2-hdmiusb-rpi4.override.yaml
@ -56,6 +56,12 @@ otgnet:
        pre_stop_cmd:
            - "/bin/true"
 nginx:
    http:
        port: 8080
    https:
        port: 4430
 janus:
    cmd:
        - "/bin/true"