diff --git a/src/modules/fluidd/filesystem/root/etc/nginx/conf.d/common_vars.conf b/src/modules/fluidd/filesystem/root/etc/nginx/conf.d/common_vars.conf deleted file mode 100644 index 0cc431c..0000000 --- a/src/modules/fluidd/filesystem/root/etc/nginx/conf.d/common_vars.conf +++ /dev/null @@ -1,4 +0,0 @@ -map $http_upgrade $connection_upgrade { - default upgrade; - '' close; -} diff --git a/src/modules/fluidd/filesystem/root/etc/nginx/conf.d/upstreams.conf b/src/modules/fluidd/filesystem/root/etc/nginx/conf.d/upstreams.conf deleted file mode 100644 index 113cb3c..0000000 --- a/src/modules/fluidd/filesystem/root/etc/nginx/conf.d/upstreams.conf +++ /dev/null @@ -1,24 +0,0 @@ -upstream apiserver { - ip_hash; - server 127.0.0.1:7125; -} - -upstream mjpgstreamer1 { - ip_hash; - server 127.0.0.1:8080; -} - -upstream mjpgstreamer2 { - ip_hash; - server 127.0.0.1:8081; -} - -upstream mjpgstreamer3 { - ip_hash; - server 127.0.0.1:8082; -} - -upstream mjpgstreamer4 { - ip_hash; - server 127.0.0.1:8083; -} diff --git a/src/modules/fluidd/filesystem/root/etc/nginx/nginx.conf b/src/modules/fluidd/filesystem/root/etc/nginx/nginx.conf new file mode 100644 index 0000000..ffd61be --- /dev/null +++ b/src/modules/fluidd/filesystem/root/etc/nginx/nginx.conf @@ -0,0 +1,44 @@ +user www-data; +worker_processes auto; + +pid /run/nginx.pid; +include /etc/nginx/modules-enabled/*.conf; + +events { + worker_connections 768; + # multi_accept on; +} + +http { + include /etc/nginx/mime.types; + default_type application/octet-stream; + + log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + + access_log /var/log/nginx/access.log main; + error_log /var/log/nginx/error.log warn; + + sendfile on; + tcp_nopush on; + tcp_nodelay on; + server_tokens off; + keepalive_timeout 65; + + gzip on; + gzip_vary on; + gzip_min_length 800; + gzip_proxied expired no-cache no-store private auth; + gzip_types text/plain text/css application/javascript application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript; + + log_format vhost '$host $remote_addr - $remote_user [$time_local] ' + '"$request" $status $body_bytes_sent ' + '"$http_referer" "$http_user_agent"'; + + access_log off; + + include /etc/nginx/proxy.conf; + include /etc/nginx/conf.d/*.conf; + include /etc/nginx/sites-enabled/*; +} diff --git a/src/modules/fluidd/filesystem/root/etc/nginx/proxy.conf b/src/modules/fluidd/filesystem/root/etc/nginx/proxy.conf new file mode 100644 index 0000000..cd98991 --- /dev/null +++ b/src/modules/fluidd/filesystem/root/etc/nginx/proxy.conf @@ -0,0 +1,8 @@ +proxy_http_version 1.1; +proxy_set_header Host $http_host; +proxy_set_header Upgrade $http_upgrade; +proxy_set_header Connection $proxy_connection; +proxy_set_header X-Real-IP $remote_addr; +proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; +proxy_set_header X-Forwarded-Port 443; +proxy_set_header X-Forwarded-Proto $proxy_x_forwarded_proto; diff --git a/src/modules/fluidd/filesystem/root/etc/nginx/sites-available/default b/src/modules/fluidd/filesystem/root/etc/nginx/sites-available/default new file mode 100644 index 0000000..1129872 --- /dev/null +++ b/src/modules/fluidd/filesystem/root/etc/nginx/sites-available/default @@ -0,0 +1,30 @@ +# If we receive X-Forwarded-Proto, pass it through; otherwise, pass along the +# scheme used to connect to this server +map $http_x_forwarded_proto $proxy_x_forwarded_proto { + default $http_x_forwarded_proto; + '' $scheme; +} +# If we receive Upgrade, set Connection to "upgrade"; otherwise, delete any +# Connection header that may have been passed to this server +map $http_upgrade $proxy_connection { + default upgrade; + '' close; +} + +## Enable default site +#server { +# server_name _; # This is just an invalid value which will never trigger on a real hostname. +# listen 80; +# listen [::]:80; +# access_log /var/log/nginx/access.log vhost; +# return 503; +#} +#server { +# server_name _; # This is just an invalid value which will never trigger on a real hostname. +# listen 443 ssl http2; +# listen [::]:443 ssl http2; +# access_log /var/log/nginx/access.log vhost; +# return 503; +# ssl_certificate /etc/nginx/certs/default.crt; +# ssl_certificate_key /etc/nginx/certs/default.key; +#} diff --git a/src/modules/fluidd/filesystem/root/etc/nginx/sites-available/fluidd b/src/modules/fluidd/filesystem/root/etc/nginx/sites-available/fluidd index dccc9f8..b0f2209 100644 --- a/src/modules/fluidd/filesystem/root/etc/nginx/sites-available/fluidd +++ b/src/modules/fluidd/filesystem/root/etc/nginx/sites-available/fluidd @@ -1,25 +1,41 @@ -server { - listen 80 default_server; - listen [::]:80 default_server; +upstream apiserver { + ip_hash; + server 127.0.0.1:7125; +} - access_log /var/log/nginx/fluidd-access.log; - error_log /var/log/nginx/fluidd-error.log; +upstream mjpgstreamer1 { + ip_hash; + server 127.0.0.1:8080; +} - # disable this section on smaller hardware like a pi zero - gzip on; - gzip_vary on; - gzip_proxied any; - gzip_proxied expired no-cache no-store private auth; - gzip_comp_level 4; - gzip_buffers 16 8k; - gzip_http_version 1.1; - gzip_types text/plain text/css text/xml text/javascript application/x-javascript application/json application/xml; +server { + server_name _; + listen 80; + listen [::]:80; + access_log /var/log/nginx/access.log vhost; +## Enable https +# return 301 https://$host$request_uri; +#} +# +#server { +# server_name _; +# listen 443 ssl http2; +# listen [::]:443 ssl http2; +# access_log /var/log/nginx/access.log vhost; +# ssl_protocols TLSv1.1 TLSv1.2; +# ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA; +# ssl_prefer_server_ciphers on; +# ssl_session_timeout 5m; +# ssl_session_cache shared:SSL:50m; +# ssl_certificate /etc/nginx/certs/fluidd.crt; +# ssl_certificate_key /etc/nginx/certs/fluidd.key; +# add_header Strict-Transport-Security "max-age=31536000"; +# add_header X-Frame-Options "SAMEORIGIN"; # web_path from fluidd static files root /home/pi/fluidd; index index.html; - server_name _; # disable max upload size checks client_max_body_size 0; @@ -37,36 +53,15 @@ server { location /websocket { proxy_pass http://apiserver/websocket; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection $connection_upgrade; - proxy_set_header Host $http_host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_read_timeout 86400; } location ~ ^/(printer|api|access|machine|server)/ { proxy_pass http://apiserver$request_uri; - proxy_set_header Host $http_host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Scheme $scheme; } - + location /webcam/ { proxy_pass http://mjpgstreamer1/; } - - location /webcam2/ { - proxy_pass http://mjpgstreamer2/; - } - - location /webcam3/ { - proxy_pass http://mjpgstreamer3/; - } - - location /webcam4/ { - proxy_pass http://mjpgstreamer4/; - } } + diff --git a/src/modules/fluidd/filesystem/root/etc/tmpfiles.d/nginx.conf b/src/modules/fluidd/filesystem/root/etc/tmpfiles.d/nginx.conf new file mode 100644 index 0000000..85d5ebf --- /dev/null +++ b/src/modules/fluidd/filesystem/root/etc/tmpfiles.d/nginx.conf @@ -0,0 +1 @@ +d /var/log/nginx 0755 www-data www-data - - diff --git a/src/modules/fluidd/start_chroot_script b/src/modules/fluidd/start_chroot_script index eb179eb..5f49cae 100644 --- a/src/modules/fluidd/start_chroot_script +++ b/src/modules/fluidd/start_chroot_script @@ -22,7 +22,8 @@ echo "Installing Fluidd" apt update apt install nginx -y rm /etc/nginx/sites-enabled/default -ln -s /etc/nginx/sites-available/fluidd /etc/nginx/sites-enabled/ +ln -s /etc/nginx/sites-available/default /etc/nginx/sites-enabled/default +ln -s /etc/nginx/sites-available/fluidd /etc/nginx/sites-enabled/fluidd cd /home/pi/ [ ! -d /home/pi/gcode_files ] && su -c "mkdir /home/pi/gcode_files" - pi su -c "mkdir /home/pi/fluidd" - pi @@ -37,4 +38,4 @@ ln -s /var/log/nginx/fluidd-error.log /home/pi/klipper_logs/ # Run installation steps defined above # Unpack root at the end, so files are modified before -unpack /filesystem/root / \ No newline at end of file +unpack /filesystem/root / diff --git a/src/modules/mjpgstreamer/filesystem/home/pi/klipper_config/webcam.txt b/src/modules/mjpgstreamer/filesystem/home/pi/klipper_config/webcam.txt index 8b7bb9c..81c35eb 100644 --- a/src/modules/mjpgstreamer/filesystem/home/pi/klipper_config/webcam.txt +++ b/src/modules/mjpgstreamer/filesystem/home/pi/klipper_config/webcam.txt @@ -69,7 +69,7 @@ # Current working directory is the mjpg-streamer base directory. # #camera_http_webroot="./www-fluidd" -#camera_http_options="-n" +camera_http_options="-n -l 127.0.0.1" ### EXPERIMENTAL # Support for different streamer types. diff --git a/src/modules/moonraker/filesystem/home/pi/klipper_config/moonraker.conf b/src/modules/moonraker/filesystem/home/pi/klipper_config/moonraker.conf index d89910b..8c74ff0 100644 --- a/src/modules/moonraker/filesystem/home/pi/klipper_config/moonraker.conf +++ b/src/modules/moonraker/filesystem/home/pi/klipper_config/moonraker.conf @@ -1,5 +1,5 @@ [server] -host: 0.0.0.0 +host: 127.0.0.1 port: 7125 enable_debug_logging: False config_path: ~/klipper_config @@ -37,4 +37,4 @@ enable_auto_refresh: True [update_manager client fluidd] type: web repo: fluidd-core/fluidd -path: ~/fluidd \ No newline at end of file +path: ~/fluidd