2020-11-12 11:41:52 +01:00
|
|
|
user http;
|
|
|
|
worker_processes auto;
|
|
|
|
|
|
|
|
# pid in nginx.service
|
|
|
|
# pid /run/nginx.pid;
|
|
|
|
|
|
|
|
events {
|
|
|
|
worker_connections 1024;
|
|
|
|
multi_accept on;
|
|
|
|
use epoll;
|
|
|
|
}
|
|
|
|
|
|
|
|
http {
|
2020-11-12 17:19:04 +01:00
|
|
|
types_hash_max_size 2048;
|
|
|
|
types_hash_bucket_size 128;
|
|
|
|
|
2020-11-12 11:41:52 +01:00
|
|
|
include mime.types;
|
|
|
|
default_type application/octet-stream;
|
|
|
|
|
2020-12-09 00:25:50 +01:00
|
|
|
proxy_cache_path /tmp/osp levels=1:2 keys_zone=auth_cache:5m max_size=1g inactive=24h;
|
2020-11-12 11:41:52 +01:00
|
|
|
|
|
|
|
sendfile on;
|
|
|
|
tcp_nopush on;
|
|
|
|
gzip on;
|
|
|
|
gzip_comp_level 5;
|
|
|
|
gzip_min_length 256;
|
|
|
|
gzip_proxied any;
|
|
|
|
gzip_vary on;
|
|
|
|
|
|
|
|
gzip_types
|
|
|
|
application/atom+xml
|
|
|
|
application/javascript
|
|
|
|
application/json
|
|
|
|
application/ld+json
|
|
|
|
application/manifest+json
|
|
|
|
application/rss+xml
|
|
|
|
application/vnd.geo+json
|
|
|
|
application/vnd.ms-fontobject
|
|
|
|
application/x-font-ttf
|
|
|
|
application/x-web-app-manifest+json
|
|
|
|
application/xhtml+xml
|
|
|
|
application/xml
|
|
|
|
font/opentype
|
|
|
|
image/bmp
|
|
|
|
image/svg+xml
|
|
|
|
image/x-icon
|
|
|
|
image/gif
|
|
|
|
image/png
|
|
|
|
video/mp4
|
|
|
|
video/mpeg
|
|
|
|
video/x-flv
|
|
|
|
text/cache-manifest
|
|
|
|
text/css
|
|
|
|
text/plain
|
|
|
|
text/vcard
|
|
|
|
text/vnd.rim.location.xloc
|
|
|
|
text/vtt
|
|
|
|
text/x-component
|
|
|
|
text/x-cross-domain-policy;
|
|
|
|
|
|
|
|
|
|
|
|
keepalive_timeout 65;
|
|
|
|
|
|
|
|
# Load Balancing for Gunicorn
|
|
|
|
upstream socket_nodes {
|
|
|
|
# sticky only on commercial nginx
|
|
|
|
# sticky cookie srv_id expires=8h;
|
2020-11-28 01:00:34 +01:00
|
|
|
hash $remote_addr consistent;
|
2020-11-12 11:41:52 +01:00
|
|
|
{% for n in range(osp_worker_count) %}
|
2020-11-27 23:44:27 +01:00
|
|
|
{% if n != 0 or osp_worker_count == 1 %}
|
2020-11-12 11:41:52 +01:00
|
|
|
server 127.0.0.1:{{ osp_worker_start_port + n }};
|
2020-11-14 12:27:25 +01:00
|
|
|
{% endif %}
|
2020-11-12 11:41:52 +01:00
|
|
|
{% endfor %}
|
|
|
|
}
|
|
|
|
|
|
|
|
# OSP Edge Streaming Nodes
|
2020-11-12 22:02:15 +01:00
|
|
|
include /opt/osp/conf/osp-edge.conf;
|
2020-11-12 11:41:52 +01:00
|
|
|
|
|
|
|
|
|
|
|
server {
|
|
|
|
listen 9000;
|
|
|
|
|
|
|
|
allow 127.0.0.1;
|
|
|
|
deny all;
|
|
|
|
|
|
|
|
location /stat {
|
|
|
|
rtmp_stat all;
|
|
|
|
rtmp_stat_stylesheet stat.xsl;
|
|
|
|
}
|
|
|
|
|
|
|
|
location /stat.xsl {
|
2020-11-12 22:02:15 +01:00
|
|
|
root /opt/osp/static;
|
2020-11-12 11:41:52 +01:00
|
|
|
}
|
|
|
|
}
|
2020-12-09 00:25:50 +01:00
|
|
|
{% if osp_tls_enabled %}
|
|
|
|
server {
|
|
|
|
listen [::]:80;
|
|
|
|
listen 80;
|
|
|
|
location / {
|
|
|
|
return 301 https://$host$request_uri;
|
|
|
|
}
|
|
|
|
|
|
|
|
include snippets/letsencrypt.conf;
|
|
|
|
}
|
|
|
|
{% endif %}
|
2020-11-12 11:41:52 +01:00
|
|
|
|
|
|
|
# NGINX to OSP Gunicorn Processes Reverse Proxy
|
|
|
|
server {
|
2020-12-09 00:25:50 +01:00
|
|
|
{% if osp_tls_enabled %}
|
|
|
|
listen [::]:443 ssl http2;
|
|
|
|
listen 443 ssl http2;
|
|
|
|
|
|
|
|
server_name {{ osp_hostname }};
|
|
|
|
|
|
|
|
ssl_certificate /etc/dehydrated/certs/{{ osp_hostname }}/fullchain.pem;
|
|
|
|
ssl_certificate_key /etc/dehydrated/certs/{{ osp_hostname }}/privkey.pem;
|
|
|
|
{% else %}
|
2020-11-12 11:41:52 +01:00
|
|
|
listen 80;
|
|
|
|
listen [::]:80;
|
2020-12-09 00:25:50 +01:00
|
|
|
{% endif %}
|
2020-11-12 11:41:52 +01:00
|
|
|
|
|
|
|
# set client body size to 16M #
|
|
|
|
client_max_body_size 16M;
|
|
|
|
|
|
|
|
location / {
|
|
|
|
proxy_pass http://socket_nodes;
|
|
|
|
proxy_redirect off;
|
|
|
|
|
|
|
|
proxy_set_header Host $host:$server_port;
|
|
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
|
|
}
|
2020-12-09 00:25:50 +01:00
|
|
|
{% if osp_tls_enabled %}
|
|
|
|
include snippets/letsencrypt.conf;
|
|
|
|
{% endif %}
|
2020-11-12 11:41:52 +01:00
|
|
|
include osp-socketio.conf;
|
|
|
|
include osp-redirects.conf;
|
|
|
|
|
|
|
|
# redirect server error pages to the static page /50x.html
|
|
|
|
error_page 500 502 503 504 /50x.html;
|
|
|
|
location = /50x.html {
|
|
|
|
root html;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
# Ejabberd Reverse Proxy Config to Allow for ejabberd acme-challenge
|
|
|
|
# Uncomment and change server_name to match
|
|
|
|
#server {
|
|
|
|
# listen 80;
|
|
|
|
# server_name conference.subdomain.domain.tld;
|
|
|
|
# location / {
|
|
|
|
# proxy_pass http://localhost:5280;
|
|
|
|
# }
|
|
|
|
#}
|
|
|
|
# server {
|
|
|
|
# listen 80;
|
|
|
|
# server_name proxy.subdomain.domain.tld;
|
|
|
|
# location / {
|
|
|
|
# proxy_pass http://localhost:5280;
|
|
|
|
# }
|
|
|
|
#}
|
|
|
|
#server {
|
|
|
|
# listen 80;
|
|
|
|
# server_name pubsub.subdomain.domain.tld;
|
|
|
|
# location / {
|
|
|
|
# proxy_pass http://localhost:5280;
|
|
|
|
# }
|
|
|
|
#}
|
|
|
|
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
include osp-rtmp.conf;
|