nginx: configurable listen ip addresses

Based by idea of pikvm/pikvm#189

Author: mdevaev

configs/nginx/nginx.conf.mako

@@ -39,9 +39,9 @@ http {
 	% if https_enabled:
 
 	server {
-		listen ${http_port};
+		listen ${http_ipv4}:${http_port};
 		% if ipv6_enabled:
-		listen [::]:${http_port};
+		listen [${http_ipv6}]:${http_port};
 		% endif
 		include /etc/kvmd/nginx/certbot.ctx-server.conf;
 		location / {
@@ -54,9 +54,9 @@ http {
 	}
 
 	server {
-		listen ${https_port} ssl;
+		listen ${https_ipv4}:${https_port} ssl;
 		% if ipv6_enabled:
-		listen [::]:${https_port} ssl;
+		listen [${https_ipv6}]:${https_port} ssl;
 		% endif
 		http2 on;
 		include /etc/kvmd/nginx/ssl.conf;
@@ -67,9 +67,9 @@ http {
 	% else:
 
 	server {
-		listen ${http_port};
+		listen ${http_ipv4}:${http_port};
 		% if ipv6_enabled:
-		listen [::]:${http_port};
+		listen [${http_ipv6}]:${http_port};
 		% endif
 		include /etc/kvmd/nginx/certbot.ctx-server.conf;
 		include /etc/kvmd/nginx/kvmd.ctx-server.conf;

kvmd/apps/__init__.py

@@ -74,6 +74,7 @@
 from ..validators.os import valid_options
 from ..validators.os import valid_command
 
+from ..validators.net import valid_ip
 from ..validators.net import valid_ip_or_host
 from ..validators.net import valid_net
 from ..validators.net import valid_port
@@ -806,11 +807,15 @@ def _get_config_scheme() -> dict:
 
         "nginx": {
             "http": {
-                "port": Option(80, type=valid_port),
+                "ipv4": Option("0.0.0.0", type=functools.partial(valid_ip, v6=False)),
+                "ipv6": Option("::",      type=functools.partial(valid_ip, v4=False)),
+                "port": Option(80,        type=valid_port),
             },
             "https": {
-                "enabled": Option(True, type=valid_bool),
-                "port":    Option(443,  type=valid_port),
+                "enabled": Option(True,      type=valid_bool),
+                "ipv4":    Option("0.0.0.0", type=functools.partial(valid_ip, v6=False)),
+                "ipv6":    Option("::",      type=functools.partial(valid_ip, v4=False)),
+                "port":    Option(443,       type=valid_port),
             },
         },
 

kvmd/apps/ngxmkconf/__init__.py

@@ -50,8 +50,12 @@ def main(argv: (list[str] | None)=None) -> None:
         template = in_file.read()
 
     rendered = mako.template.Template(template).render(
+        http_ipv4=config.nginx.http.ipv4,
+        http_ipv6=config.nginx.http.ipv6,
         http_port=config.nginx.http.port,
         https_enabled=config.nginx.https.enabled,
+        https_ipv4=config.nginx.https.ipv4,
+        https_ipv6=config.nginx.https.ipv6,
         https_port=config.nginx.https.port,
         ipv6_enabled=network.is_ipv6_enabled(),
     )