ansible-role-openstreamingp.../templates/nginx.conf

175 lines
4.1 KiB
Nginx Configuration File
Raw Normal View History

2020-11-12 11:41:52 +01:00
user http;
worker_processes auto;
# pid in nginx.service
# pid /run/nginx.pid;
events {
worker_connections 1024;
multi_accept on;
use epoll;
}
http {
2020-11-12 17:19:04 +01:00
types_hash_max_size 2048;
types_hash_bucket_size 128;
2020-11-12 11:41:52 +01:00
include mime.types;
default_type application/octet-stream;
2020-12-09 00:25:50 +01:00
proxy_cache_path /tmp/osp levels=1:2 keys_zone=auth_cache:5m max_size=1g inactive=24h;
2020-11-12 11:41:52 +01:00
sendfile on;
tcp_nopush on;
gzip on;
gzip_comp_level 5;
gzip_min_length 256;
gzip_proxied any;
gzip_vary on;
gzip_types
application/atom+xml
application/javascript
application/json
application/ld+json
application/manifest+json
application/rss+xml
application/vnd.geo+json
application/vnd.ms-fontobject
application/x-font-ttf
application/x-web-app-manifest+json
application/xhtml+xml
application/xml
font/opentype
image/bmp
image/svg+xml
image/x-icon
image/gif
image/png
video/mp4
video/mpeg
video/x-flv
text/cache-manifest
text/css
text/plain
text/vcard
text/vnd.rim.location.xloc
text/vtt
text/x-component
text/x-cross-domain-policy;
keepalive_timeout 65;
# Load Balancing for Gunicorn
upstream socket_nodes {
# sticky only on commercial nginx
# sticky cookie srv_id expires=8h;
2020-11-28 01:00:34 +01:00
hash $remote_addr consistent;
2020-11-12 11:41:52 +01:00
{% for n in range(osp_worker_count) %}
2020-11-27 23:44:27 +01:00
{% if n != 0 or osp_worker_count == 1 %}
2020-11-12 11:41:52 +01:00
server 127.0.0.1:{{ osp_worker_start_port + n }};
2020-11-14 12:27:25 +01:00
{% endif %}
2020-11-12 11:41:52 +01:00
{% endfor %}
}
# OSP Edge Streaming Nodes
2020-11-12 22:02:15 +01:00
include /opt/osp/conf/osp-edge.conf;
2020-11-12 11:41:52 +01:00
server {
listen 9000;
allow 127.0.0.1;
deny all;
location /stat {
rtmp_stat all;
rtmp_stat_stylesheet stat.xsl;
}
location /stat.xsl {
2020-11-12 22:02:15 +01:00
root /opt/osp/static;
2020-11-12 11:41:52 +01:00
}
}
2020-12-09 00:25:50 +01:00
{% if osp_tls_enabled %}
server {
listen [::]:80;
listen 80;
location / {
return 301 https://$host$request_uri;
}
include snippets/letsencrypt.conf;
}
{% endif %}
2020-11-12 11:41:52 +01:00
# NGINX to OSP Gunicorn Processes Reverse Proxy
server {
2020-12-09 00:25:50 +01:00
{% if osp_tls_enabled %}
listen [::]:443 ssl http2;
listen 443 ssl http2;
server_name {{ osp_hostname }};
ssl_certificate /etc/dehydrated/certs/{{ osp_hostname }}/fullchain.pem;
ssl_certificate_key /etc/dehydrated/certs/{{ osp_hostname }}/privkey.pem;
{% else %}
2020-11-12 11:41:52 +01:00
listen 80;
listen [::]:80;
2020-12-09 00:25:50 +01:00
{% endif %}
2020-11-12 11:41:52 +01:00
# set client body size to 16M #
client_max_body_size 16M;
location / {
proxy_pass http://socket_nodes;
proxy_redirect off;
proxy_set_header Host $host:$server_port;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
2020-12-09 00:25:50 +01:00
{% if osp_tls_enabled %}
include snippets/letsencrypt.conf;
{% endif %}
2020-11-12 11:41:52 +01:00
include osp-socketio.conf;
include osp-redirects.conf;
# redirect server error pages to the static page /50x.html
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
# Ejabberd Reverse Proxy Config to Allow for ejabberd acme-challenge
# Uncomment and change server_name to match
#server {
# listen 80;
# server_name conference.subdomain.domain.tld;
# location / {
# proxy_pass http://localhost:5280;
# }
#}
# server {
# listen 80;
# server_name proxy.subdomain.domain.tld;
# location / {
# proxy_pass http://localhost:5280;
# }
#}
#server {
# listen 80;
# server_name pubsub.subdomain.domain.tld;
# location / {
# proxy_pass http://localhost:5280;
# }
#}
}
include osp-rtmp.conf;