Commit 76acfa62 authored by Knott Eye's avatar Knott Eye

ADD nginx.conf

parent cba5a832
worker_processes auto;
events {
worker_connections 1024;
}
http {
server {
listen 80;
listen 443 ssl;
listen [::]:80;
listen [::]:443;
ssl_trusted_certificate /etc/letsencrypt/live/spacecowboy.cc/chain.pem;
ssl_certificate /etc/letsencrypt/live/spacecowboy.cc/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/spacecowboy.cc/privkey.pem;
server_name spacecowboy.cc;
location / {
#the actual website
root /var/www/spacecowboy.cc;
index index.html;
}
#necessary for HLS for some reason
#I genuinely do not know why
#something to with ssl i think
location /keys {
root /tmp;
}
#should be the same name as the public facing application
location /live {
# Disable cache
add_header Cache-Control no-cache;
# CORS setup
add_header 'Access-Control-Allow-Origin' '*' always;
add_header 'Access-Control-Expose-Headers' 'Content-Length';
# allow CORS preflight requests
if ($request_method = 'OPTIONS') {
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Max-Age' 1728000;
add_header 'Content-Type' 'text/plain charset=UTF-8';
add_header 'Content-Length' 0;
return 204;
}
types {
application/vnd.apple.mpegurl m3u8;
}
root /tmp;
}
}
#server {
#also unused, my irc server is not behind nginx
# listen 80;
# listen 443 ssl;
# listen [::]:80;
# listen [::]:443 ssl;
# ssl_trusted_certificate /etc/letsencrypt/live/irc.spacecowboy.cc/chain.pem;
# ssl_certificate /etc/letsencrypt/live/irc.spacecowboy.cc/fullchain.pem;
# ssl_certificate_key /etc/letsencrypt/live/irc.spacecowboy.cc/privkey.pem;
# server_name irc.spacecowboy.cc;
# root /var/www/irc.spacecowboy.cc;
#}
#server {
#unused. in here for posterity or something
# listen 80;
# listen 443 ssl;
# listen [::]:80;
# listen [::]:443 ssl;
# ssl_trusted_certificate /etc/letsencrypt/live/stream.spacecowboy.cc/chain.pem;
# ssl_certificate /etc/letsencrypt/live/stream.spacecowboy.cc/fullchain.pem;
# ssl_certificate_key /etc/letsencrypt/live/stream.spacecowboy.cc/privkey.pem;
# server_name stream.spacecowboy.cc;
# root /var/www/stream.spacecowboy.cc;
#}
}
rtmp {
server {
listen 1935;
chunk_size 4000;
#this is a private application that only exists to stream to
#point obs at rtmp://spacecowboy.cc/stream and enter a valid stream key
application stream {
allow play 127.0.0.1;
deny play all;
live on;
record off;
#refuse to allow anyone to play video from this endpoint,
#then push a specific name (stream key) to the public facing endpoint
push 127.0.0.1:1935/live name=streamkeygoeshere playPath=knotteye;
#technically anyone can stream to the server, we're not checking the validity of stream keys here
#but there's not much point because only valid stream keys get pushed to the public facing endpoint
#incoming bandwidth doesn't cost me any money and there are more efficient ways of DDoSing
#so the only incentive to fix this is so that stream keys aren't hardcoded in the config anymore
}
#this application, hls_path, and the relevant http{} block all need to have the same name.
application live {
live on;
hls on;
hls_path /tmp/live;
hls_fragment 5s;
#refuse to allow anyone except localhost to publish to this endpoint
#so no one can stream to this endpoint without going through /stream
allow publish 127.0.0.1;
deny publish all;
}
}
}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment