[% PROCESS '/usr/lib/ngcp-ngcpcfg/get_hostname'; hostname = out; argv.host=hostname; argv.type='sip_ext'; PROCESS '/usr/lib/ngcp-ngcpcfg/get_all_shared_ips_for_host'; sip_ext_ips = out; IF !sip_ext_ips.size; argv.type='sip_ext'; PROCESS '/usr/lib/ngcp-ngcpcfg/get_all_ips_for_host'; sip_ext_ips = out; END; ext_ip = sip_ext_ips.0; argv.type='web_ext'; PROCESS '/usr/lib/ngcp-ngcpcfg/get_all_shared_ips_for_host'; web_ext_ips = out; PROCESS '/usr/lib/ngcp-ngcpcfg/get_all_shared_v6ips_for_host'; web_ext_v6ips = out; argv.type='web_ext'; PROCESS '/usr/lib/ngcp-ngcpcfg/get_all_ips_for_host'; web_ext_ips = out.merge(web_ext_ips); argv.type='web_ext'; PROCESS '/usr/lib/ngcp-ngcpcfg/get_all_v6ips_for_host'; web_ext_v6ips = out.merge(web_ext_v6ips); argv.role='mgmt'; PROCESS '/usr/lib/ngcp-ngcpcfg/has_role'; is_mgmt = out; argv.role='proxy'; argv.type='sip_int'; PROCESS '/usr/lib/ngcp-ngcpcfg/get_all_shared_ips'; sip_int_ips = out; IF !sip_int_ips.size; argv.type='sip_int'; PROCESS '/usr/lib/ngcp-ngcpcfg/get_all_ips_for_host'; sip_int_ips = out; END; -%] [% IF www_admin.enable == 'yes' && is_mgmt -%] [% IF www_admin.http_admin.port != 80 && www_admin.http_csc.port != 80 -%] server { listen [::]:80 ipv6only=off; location /handbook { return 301 http://$host:[% www_admin.http_admin.port %]$request_uri; } location /login/subscriber { return 301 https://$host:[% www_admin.http_csc.port %]$request_uri; } location /login/admin { return 301 https://$host:[% www_admin.http_admin.port %]$request_uri; } location / { return 301 https://$host:[% www_admin.http_csc.port %]$request_uri; } } [% END -%] [% IF rtcengine.enable == 'yes' -%] upstream rtc_ws { [% FOREACH ip IN sip_int_ips -%] [% IF ip -%] server [% ip %]:[% rtcengine.port %]; [% END -%] [% END -%] } [% END -%] server { [% FOREACH ip IN web_ext_ips -%] [% IF ip -%] listen [% ip %]:[% www_admin.http_csc.port %]; [% END -%] [% END -%] [% FOREACH ip IN web_ext_v6ips -%] [% IF ip -%] listen [[% ip %]]:[% www_admin.http_csc.port %]; [% END -%] [% END -%] server_name [% www_admin.http_csc.servername.remove('\"') %]; ssl_certificate [% www_admin.http_csc.sslcertfile %]; ssl_certificate_key [% www_admin.http_csc.sslcertkeyfile %]; include /etc/nginx/ssl_params; client_max_body_size [% www_admin.filesize_limit ? www_admin.filesize_limit : "128M"%]; location ~* /login(/)?$ { return 301 /login/subscriber; } location /login/admin { return 301 https://$host:[% www_admin.http_admin.port %]$request_uri; } location /favicon.ico { alias /usr/share/ngcp-panel/static/favicon.ico; } location /static { root /usr/share/ngcp-panel; } [% IF rtcengine.enable == 'yes' -%] location ~* /rtc/api(/)?$ { add_header 'Access-Control-Allow-Origin' '*' always; add_header 'Access-Control-Allow-Headers' 'Prefer,Authorization,DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type' always; add_header 'Access-Control-Allow-Methods' 'POST, GET, PUT, DELETE, PATCH, OPTIONS' always; add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range,Location'; if ($request_method = 'OPTIONS') { add_header 'Access-Control-Allow-Origin' '*' always; add_header 'Access-Control-Allow-Headers' 'Prefer,Authorization,DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type' always; add_header 'Access-Control-Allow-Methods' 'POST, GET, PUT, DELETE, PATCH, OPTIONS' always; add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range,Location'; add_header 'Access-Control-Max-Age' '1728000' always; add_header 'Content-Type' 'text/plain charset=UTF-8' always; add_header 'Content-Length' '0' always; return 204; } ### Set proxy #### proxy_max_temp_file_size 0; proxy_connect_timeout 43200000; proxy_send_timeout 43200000; proxy_read_timeout 43200000; proxy_buffer_size 4k; proxy_buffers 4 32k; proxy_busy_buffers_size 64k; proxy_temp_file_write_size 64k; ### Set headers #### proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $connection_upgrade; proxy_set_header Accept-Encoding ""; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Server-IP $server_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; add_header Front-End-Https on; proxy_pass http://rtc_ws; proxy_http_version 1.1; } location /rtc/files { add_header 'Access-Control-Allow-Origin' '*' always; add_header 'Access-Control-Allow-Headers' 'Prefer,Authorization,DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type' always; add_header 'Access-Control-Allow-Methods' 'POST, GET, PUT, DELETE, PATCH, OPTIONS' always; add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range,Location'; if ($request_method = 'OPTIONS') { add_header 'Access-Control-Allow-Origin' '*' always; add_header 'Access-Control-Allow-Headers' 'Prefer,Authorization,DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type' always; add_header 'Access-Control-Allow-Methods' 'POST, GET, PUT, DELETE, PATCH, OPTIONS' always; add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range,Location'; add_header 'Access-Control-Max-Age' '1728000' always; add_header 'Content-Type' 'text/plain charset=UTF-8' always; add_header 'Content-Length' '0' always; return 204; } rewrite /rtc/files/(.*) /$1 break; index index.html; root /usr/share/ngcp-rtcengine/public/; } [% END -%] [% IF rtcengine.expose_provisioning_api == 'yes' %] location /rtc/prov/ { rewrite /rtc/prov/(.*) /$1 break; proxy_pass http://rtc_ws; proxy_http_version 1.1; } [% END %] location /api { include /etc/nginx/ngcp-panel_params; # fastcgi_param SSL_CLIENT_CERT $ssl_client_raw_cert; # fastcgi_param SSL_CLIENT_M_SERIAL $ssl_client_serial; # fastcgi_param SSL_CLIENT_M_DN $ssl_client_s_dn; fastcgi_param NGCP_API_REALM "subscriber"; proxy_buffers 8 1024k; proxy_buffer_size 1024k; proxy_busy_buffers_size 1024k; fastcgi_buffers 8 16k; fastcgi_buffer_size 32k; } location / { include /etc/nginx/ngcp-panel_params; } location ~ ^/wss/xmpp/(.*)$ { proxy_pass https://127.0.0.1:5281/xmpp-websocket/$1; proxy_set_header Host $host; proxy_buffering off; tcp_nodelay on; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } location ~ ^/wss/sip/(.*)$ { proxy_pass https://[% ext_ip %]:[% kamailio.lb.tls.port %]/ws/$1; proxy_set_header Host $host; proxy_buffering off; tcp_nodelay on; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } [% IF www_admin.http_csc.csc_js_enable == "yes" -%] location /csc { root /usr/share/ngcp-csc; } [% END -%] } [% END -%]