From 5107bcb277ee2ccf8e6015a16e2fe9a7c76ad8ad Mon Sep 17 00:00:00 2001
From: Nicolas Mowen <nickmowen213@gmail.com>
Date: Thu, 27 Jun 2024 09:05:14 -0600
Subject: [PATCH] Consolidate listen statements

---
 .../rootfs/usr/local/nginx/conf/nginx.conf    |  3 ---
 .../usr/local/nginx/templates/listen.gotmpl   |  3 +++
 docs/docs/configuration/advanced.md           | 27 +++++++++++++------
 3 files changed, 22 insertions(+), 11 deletions(-)

diff --git a/docker/main/rootfs/usr/local/nginx/conf/nginx.conf b/docker/main/rootfs/usr/local/nginx/conf/nginx.conf
index ec8ecb040..186b7037c 100644
--- a/docker/main/rootfs/usr/local/nginx/conf/nginx.conf
+++ b/docker/main/rootfs/usr/local/nginx/conf/nginx.conf
@@ -59,9 +59,6 @@ http {
     include go2rtc_upstream.conf;
 
     server {
-        # intended for internal traffic, not protected by auth
-        listen 5000;
-
         include listen.conf;
 
         # vod settings
diff --git a/docker/main/rootfs/usr/local/nginx/templates/listen.gotmpl b/docker/main/rootfs/usr/local/nginx/templates/listen.gotmpl
index cbac8c670..83f13b756 100644
--- a/docker/main/rootfs/usr/local/nginx/templates/listen.gotmpl
+++ b/docker/main/rootfs/usr/local/nginx/templates/listen.gotmpl
@@ -5,6 +5,9 @@ listen 8971;
 # intended for external traffic, protected by auth
 listen 8971 ssl;
 
+# intended for internal traffic, not protected by auth
+listen 5000;
+
 ssl_certificate /etc/letsencrypt/live/frigate/fullchain.pem;
 ssl_certificate_key /etc/letsencrypt/live/frigate/privkey.pem;
 
diff --git a/docs/docs/configuration/advanced.md b/docs/docs/configuration/advanced.md
index 5dc4d4db9..37a3b5ceb 100644
--- a/docs/docs/configuration/advanced.md
+++ b/docs/docs/configuration/advanced.md
@@ -118,25 +118,36 @@ services:
     volumes:
       ...
       - /path/to/your/nginx.conf:/usr/local/nginx/conf/nginx.conf
-
 ```
 
 ### Enabling IPv6
 
-IPv6 is disabled by default, to enable IPv6 nginx.conf needs to be bind mounted as described above with the IPv6 enabled. For example:
+IPv6 is disabled by default, to enable IPv6 listen.gotmpl needs to be bind mounted with IPv6 enabled. For example:
 
 ```
-server {
-  listen: 5000;
-}
+{{ if not .enabled }}
+# intended for external traffic, protected by auth
+listen 8971;
+{{ else }}
+# intended for external traffic, protected by auth
+listen 8971 ssl;
+
+# intended for internal traffic, not protected by auth
+listen 5000;
 ```
 
 becomes
 
 ```
-server {
-  listen [::]:5000 ipv6only=off;
-}
+{{ if not .enabled }}
+# intended for external traffic, protected by auth
+listen [::]:8971 ipv6only=off;
+{{ else }}
+# intended for external traffic, protected by auth
+listen [::]:8971 ipv6only=off ssl;
+
+# intended for internal traffic, not protected by auth
+listen [::]:5000 ipv6only=off;
 ```
 
 ## Custom Dependencies