diff options
| -rw-r--r-- | config/router.nix | 3 | ||||
| -rw-r--r-- | config/web-server.nix | 61 | ||||
| -rw-r--r-- | data/dns/db.kufieta.net.zone | 1 |
3 files changed, 60 insertions, 5 deletions
diff --git a/config/router.nix b/config/router.nix index 30cf32a..4d08cb2 100644 --- a/config/router.nix +++ b/config/router.nix @@ -67,6 +67,9 @@ in proto (tcp udp) dport (ssh domain bootpc bootps) ACCEPT; proto tcp dport (http https) ACCEPT; + # RTMP streaming + proto (tcp udp) dport 1935 ACCEPT; + # Chromecast # proto udp dport 32768:61000 ACCEPT; # proto udp dport (5353 1900) ACCEPT; diff --git a/config/web-server.nix b/config/web-server.nix index fed0814..0aa48c8 100644 --- a/config/web-server.nix +++ b/config/web-server.nix @@ -13,11 +13,12 @@ # I'm storing web files in /home. systemd.services.nginx.serviceConfig.ProtectHome = "read-only"; + systemd.services.nginx.serviceConfig.ReadWritePaths = ["/storage/srv/kj.orbekk.com/tmp/hls/"]; services.nginx = { enable = true; package = pkgs.nginxStable.override { - modules = with pkgs.nginxModules; [ dav ]; + modules = with pkgs.nginxModules; [ dav rtmp ]; }; recommendedProxySettings = true; appendHttpConfig = '' @@ -25,6 +26,28 @@ # large downloads. proxy_buffering off; charset utf-8; + tcp_nopush on; + aio on; + directio 512; + ''; + appendConfig = '' + rtmp { + server { + listen 1935; + allow publish 10.0.0.0/8; + deny publish all; + allow play all; + chunk_size 4906; + application live { + live on; + record off; + hls on; + hls_path /storage/srv/kj.orbekk.com/tmp/hls/; + hls_fragment 1s; + hls_playlist_length 2s; + } + } + } ''; virtualHosts = let template = { enableACME = true; @@ -45,7 +68,7 @@ locations."/" = { extraConfig = '' try_files $uri @storage; - # kill cache + # kill cache add_header Last-Modified $date_gmt; add_header Cache-Control 'no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0'; if_modified_since off; @@ -53,6 +76,34 @@ etag off; ''; }; + locations."/hls" = { + extraConfig = '' + default_type application/octet-stream; + + # Disable cache + # add_header Cache-Control no-cache; + + # CORS setup + add_header 'Access-Control-Allow-Origin' '*' always; + add_header 'Access-Control-Expose-Headers' 'Content-Length'; + + # allow CORS preflight requests + if ($request_method = 'OPTIONS') { + add_header 'Access-Control-Allow-Origin' '*'; + add_header 'Access-Control-Max-Age' 1728000; + add_header 'Content-Type' 'text/plain charset=UTF-8'; + add_header 'Content-Length' 0; + return 204; + } + + types { + application/vnd.apple.mpegurl m3u8; + video/mp2t ts; + } + + root /storage/srv/kj.orbekk.com/tmp/; + ''; + }; locations."@storage" = { root = "/storage/srv/kj.orbekk.com"; extraConfig = '' @@ -113,9 +164,9 @@ # proxyPass = "http://10.0.20.2:11101"; # }; # }; - "kufieta.net" = template // { - locations."/".proxyPass = "http://10.0.20.13:8080"; - }; + # "kufieta.net" = template // { + # locations."/".proxyPass = "http://10.0.20.13:8080"; + # }; "journal.orbekk.com" = template // { locations."/".proxyPass = "http://localhost:${toString pjournal_loc.port}"; }; diff --git a/data/dns/db.kufieta.net.zone b/data/dns/db.kufieta.net.zone index 4551235..c85f974 100644 --- a/data/dns/db.kufieta.net.zone +++ b/data/dns/db.kufieta.net.zone @@ -22,6 +22,7 @@ $TTL 3600 @ IN CAA 0 issue "letsencrypt.org" @ IN CAA 0 issuewild "letsencrypt.org" +@ IN CNAME dragon.orbekk.com. latdyr IN CNAME dragon.orbekk.com. _acme-challenge IN CNAME _acme-challenge.dynamic.orbekk.com. |