GithubFollow/One-KVM
1
0
Fork 0
mirror of https://github.com/mofeng-git/One-KVM.git synced 2025-12-12 01:00:29 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

kvmd-nginx-mkconf: Render nginx config with kvmd settings

Browse Source
This commit is contained in:
Maxim Devaev 2024-02-03 16:11:34 +02:00
parent 272e3bf5e9
commit 8d702f8cc2
15 changed files with 160 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
Makefile
View File

@ -113,15 +113,14 @@ run: testenv $(TESTENV_GPIO)
--device $(TESTENV_VIDEO):$(TESTENV_VIDEO) \
--device $(TESTENV_GPIO):$(TESTENV_GPIO) \
$(if $(TESTENV_RELAY),--device $(TESTENV_RELAY):$(TESTENV_RELAY),) \
--publish 8080:80/tcp \
--publish 4430:443/tcp \
--publish 8080:8080/tcp \
--publish 4430:4430/tcp \
-it $(TESTENV_IMAGE) /bin/bash -c " \
mkdir -p /tmp/kvmd-nginx \
&& mount -t debugfs none /sys/kernel/debug \
&& test -d /sys/kernel/debug/gpio-mockup/`basename $(TESTENV_GPIO)`/ || (echo \"Missing GPIO mockup\" && exit 1) \
&& (socat PTY,link=$(TESTENV_HID) PTY,link=/dev/ttyS11 &) \
&& cp -r /usr/share/kvmd/configs.default/nginx/* /etc/kvmd/nginx \
&& cp testenv/redirect-to-https.conf /etc/kvmd/nginx \
&& cp -a /testenv/.ssl/nginx /etc/kvmd/nginx/ssl \
&& cp -a /testenv/.ssl/vnc /etc/kvmd/vnc/ssl \
&& cp /usr/share/kvmd/configs.default/kvmd/*.yaml /etc/kvmd \
@ -131,6 +130,7 @@ run: testenv $(TESTENV_GPIO)
&& ln -s /testenv/web.css /etc/kvmd/web.css \
&& mkdir -p /etc/kvmd/override.d \
&& cp /testenv/$(if $(P),$(P),$(DEFAULT_PLATFORM)).override.yaml /etc/kvmd/override.yaml \
&& python -m kvmd.apps.ngxmkconf /etc/kvmd/nginx/nginx.conf.mako /etc/kvmd/nginx/nginx.conf \
&& nginx -c /etc/kvmd/nginx/nginx.conf -g 'user http; error_log stderr;' \
&& ln -s $(TESTENV_VIDEO) /dev/kvmd-video \
&& ln -s $(TESTENV_GPIO) /dev/kvmd-gpio \

9
PKGBUILD
View File

@ -76,6 +76,7 @@ depends=(
python-pyrad
python-ldap
python-zstandard
python-mako
"libgpiod>=2.1"
freetype2
"v4l-utils>=1.22.1-1"
@ -136,9 +137,9 @@ backup=(
etc/kvmd/{ht,ipmi,vnc}passwd
etc/kvmd/totp.secret
etc/kvmd/nginx/{kvmd.ctx-{http,server},certbot.ctx-server}.conf
etc/kvmd/nginx/listen-http{,s}.conf
etc/kvmd/nginx/loc-{login,nocache,proxy,websocket,nobuffering,bigpost}.conf
etc/kvmd/nginx/{mime-types,ssl,redirect-to-https,nginx}.conf
etc/kvmd/nginx/{mime-types,ssl}.conf
etc/kvmd/nginx/nginx.conf.mako
etc/kvmd/janus/janus{,.plugin.ustreamer,.transport.websockets}.jcfg
etc/kvmd/web.css
)
@ -173,8 +174,8 @@ package_kvmd() {
mkdir -p "$pkgdir/etc/kvmd/"{nginx,vnc}"/ssl"
chmod 755 "$pkgdir/etc/kvmd/"{nginx,vnc}"/ssl"
install -Dm444 -t "$pkgdir/etc/kvmd/nginx" "$_cfg_default/nginx"/*.conf
chmod 644 "$pkgdir/etc/kvmd/nginx/"{nginx,redirect-to-https,ssl,listen-http{,s}}.conf
install -Dm444 -t "$pkgdir/etc/kvmd/nginx" "$_cfg_default/nginx"/*.conf*
chmod 644 "$pkgdir/etc/kvmd/nginx/"{nginx,ssl}.conf*
mkdir -p "$pkgdir/etc/kvmd/janus"
chmod 755 "$pkgdir/etc/kvmd/janus"

2
configs/nginx/listen-http.conf
View File

@ -1,2 +0,0 @@
listen 80;
listen [::]:80;

3
configs/nginx/listen-https.conf
View File

@ -1,3 +0,0 @@
listen 443 ssl;
listen [::]:443 ssl;
http2 on;

35
configs/nginx/nginx.conf → configs/nginx/nginx.conf.mako
View File

@ -36,16 +36,45 @@ http {
include /etc/kvmd/nginx/kvmd.ctx-http.conf;
include /usr/share/kvmd/extras/*/nginx.ctx-http.conf;
% if https_enabled:
server {
include /etc/kvmd/nginx/listen-http.conf;
listen ${http_port};
% if ipv6_enabled:
listen [::]:${http_port};
% endif
include /etc/kvmd/nginx/certbot.ctx-server.conf;
include /etc/kvmd/nginx/redirect-to-https.conf;
location / {
% if https_port == 443:
return 301 https://$host$request_uri;
% else:
return 301 https://$host:${https_port}$request_uri;
% endif
}
}
server {
include /etc/kvmd/nginx/listen-https.conf;
listen ${https_port} ssl;
% if ipv6_enabled:
listen [::]:${https_port} ssl;
% endif
http2 on;
include /etc/kvmd/nginx/ssl.conf;
include /etc/kvmd/nginx/kvmd.ctx-server.conf;
include /usr/share/kvmd/extras/*/nginx.ctx-server.conf;
}
% else:
server {
listen ${http_port};
% if ipv6_enabled:
listen [::]:${http_port};
% endif
include /etc/kvmd/nginx/certbot.ctx-server.conf;
include /etc/kvmd/nginx/kvmd.ctx-server.conf;
include /usr/share/kvmd/extras/*/nginx.ctx-server.conf;
}
% endif
}

3
configs/nginx/redirect-to-https.conf
View File

@ -1,3 +0,0 @@
location / {
return 301 https://$host$request_uri;
}

5
configs/os/services/kvmd-nginx.service
View File

@ -10,8 +10,9 @@ SyslogLevel=err
Restart=always
RestartSec=3
ExecStart=/usr/sbin/nginx -p /etc/kvmd/nginx -c /etc/kvmd/nginx/nginx.conf -g 'pid /run/kvmd/nginx.pid; user kvmd-nginx; error_log stderr;'
ExecReload=/usr/sbin/nginx -s reload -p /etc/kvmd/nginx -c /etc/kvmd/nginx/nginx.conf -g 'pid /run/kvmd/nginx.pid; user kvmd-nginx; error_log stderr;'
ExecStartPre=/usr/bin/kvmd-nginx-mkconf /etc/kvmd/nginx/nginx.conf.mako /run/kvmd/nginx.conf
ExecStart=/usr/sbin/nginx -p /etc/kvmd/nginx -c /run/kvmd/nginx.conf -g 'pid /run/kvmd/nginx.pid; user kvmd-nginx; error_log stderr;'
ExecReload=/usr/sbin/nginx -s reload -p /etc/kvmd/nginx -c /run/kvmd/nginx.conf -g 'pid /run/kvmd/nginx.pid; user kvmd-nginx; error_log stderr;'
KillSignal=SIGQUIT
KillMode=mixed
TimeoutStopSec=3

10
kvmd/apps/__init__.py
View File

@ -742,6 +742,16 @@ def _get_config_scheme() -> dict:
},
},
"nginx": {
"http": {
"port": Option(80, type=valid_port),
},
"https": {
"enabled": Option(True, type=valid_bool),
"port": Option(443, type=valid_port),
},
},
"janus": {
"stun": {
"host": Option("stun.l.google.com", type=valid_ip_or_host, unpack_as="stun_host"),

68
kvmd/apps/ngxmkconf/__init__.py Normal file
View File

@ -0,0 +1,68 @@
# ========================================================================== #
# #
# KVMD - The main PiKVM daemon. #
# #
# Copyright (C) 2018-2023 Maxim Devaev <mdevaev@gmail.com> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
# the Free Software Foundation, either version 3 of the License, or #
# (at your option) any later version. #
# #
# This program is distributed in the hope that it will be useful, #
# but WITHOUT ANY WARRANTY; without even the implied warranty of #
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
# GNU General Public License for more details. #
# #
# You should have received a copy of the GNU General Public License #
# along with this program. If not, see <https://www.gnu.org/licenses/>. #
# #
# ========================================================================== #
import os
import argparse
import mako.template
from ... import network
from .. import init
# =====
def main(argv: (list[str] | None)=None) -> None:
(parent_parser, argv, config) = init(
add_help=False,
argv=argv,
)
parser = argparse.ArgumentParser(
prog="kvmd-nginx-mkconf",
description="Generate KVMD-Nginx config",
parents=[parent_parser],
)
parser.add_argument("-p", "--print", action="store_true", help="Print the result to stdout besides the output file")
parser.add_argument("input", help="Input Mako template")
parser.add_argument("output", help="Output Nginx config")
options = parser.parse_args(argv[1:])
with open(options.input, "r") as in_file:
template = in_file.read()
rendered = mako.template.Template(template).render(
http_port=config.nginx.http.port,
https_enabled=config.nginx.https.enabled,
https_port=config.nginx.https.port,
ipv6_enabled=network.is_ipv6_enabled(),
)
if options.print:
print(rendered)
try:
os.remove(options.output)
except FileNotFoundError:
pass
with open(options.output, "w") as out_file:
out_file.write(rendered)

24
kvmd/apps/ngxmkconf/__main__.py Normal file
View File

@ -0,0 +1,24 @@
# ========================================================================== #
# #
# KVMD - The main PiKVM daemon. #
# #
# Copyright (C) 2018-2023 Maxim Devaev <mdevaev@gmail.com> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
# the Free Software Foundation, either version 3 of the License, or #
# (at your option) any later version. #
# #
# This program is distributed in the hope that it will be useful, #
# but WITHOUT ANY WARRANTY; without even the implied warranty of #
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
# GNU General Public License for more details. #
# #
# You should have received a copy of the GNU General Public License #
# along with this program. If not, see <https://www.gnu.org/licenses/>. #
# #
# ========================================================================== #
from . import main
main()

2
setup.py
View File

@ -99,6 +99,7 @@ def main() -> None:
"kvmd.apps.ipmi",
"kvmd.apps.vnc",
"kvmd.apps.vnc.rfb",
"kvmd.apps.ngxmkconf",
"kvmd.apps.janus",
"kvmd.apps.watchdog",
"kvmd.helpers",
@ -125,6 +126,7 @@ def main() -> None:
"kvmd-cleanup = kvmd.apps.cleanup:main",
"kvmd-ipmi = kvmd.apps.ipmi:main",
"kvmd-vnc = kvmd.apps.vnc:main",
"kvmd-nginx-mkconf = kvmd.apps.ngxmkconf",
"kvmd-janus = kvmd.apps.janus:main",
"kvmd-watchdog = kvmd.apps.watchdog:main",
"kvmd-helper-pst-remount = kvmd.helpers.remount:main",

1
testenv/Dockerfile
View File

@ -57,6 +57,7 @@ RUN pacman --noconfirm --ask=4 -Syy \
python-pam \
python-pillow \
python-xlib \
python-mako \
libxkbcommon \
python-hidapi \
python-ldap \

3
testenv/redirect-to-https.conf
View File

@ -1,3 +0,0 @@
location / {
return 301 https://$host:4430$request_uri;
}

6
testenv/v2-hdmi-rpi4.override.yaml
View File

@ -160,6 +160,12 @@ otgnet:
pre_stop_cmd:
- "/bin/true"
nginx:
http:
port: 8080
https:
port: 4430
janus:
cmd:
- "/bin/true"

6
testenv/v2-hdmiusb-rpi4.override.yaml
View File

@ -56,6 +56,12 @@ otgnet:
pre_stop_cmd:
- "/bin/true"
nginx:
http:
port: 8080
https:
port: 4430
janus:
cmd:
- "/bin/true"