my eye
Angelo Gladding
Hacker for right homesteading into the future.
@ragt.ag@angelo@ragt.agangelo@ragt.ag@tyosxbghzcf5

nginx.conf

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125

$def with (run_dir, ip, onions, domains)
user  admin  admin;
load_module "modules/ngx_rtmp_module.so";

worker_processes  auto;

events {
    worker_connections  1024;
}

http {
    include       mime.types;
    default_type  application/octet-stream;

    types_hash_max_size            2048;
    sendfile                       on;
    tcp_nopush                     on;
    tcp_nodelay                    on;
    keepalive_timeout              65;
    server_tokens                  off;
    server_names_hash_bucket_size  128;
    gzip                           on;

    map $$http_upgrade $$connection_upgrade {
        default  upgrade;
        ''       close;
    }

    server {
        listen       80  default_server;
        listen       [::]:80  default_server;
        server_name  $ip$"".join([f"  {d}  www.{d}" for d in domains]);

        include  acme-challenge.conf;

        location  /  {
            return  308  https://$$host$$request_uri;
        }
    }

    server {
        listen       80;
        listen       [::]:80;
        server_name  $"  ".join(onions);

        include  application.conf;
    }

    server {
        listen       443  ssl  http2;
        listen       [::]:443  ssl  http2;
        server_name  $ip;

        ssl_certificate      $run_dir/certs/selfsigned-ip.crt;
        ssl_certificate_key  $run_dir/certs/selfsigned-ip.key;

        include  ssl-params.conf;
        include  application.conf;
    }

    $for domain, active in domains.items():
        $if not active:
            $continue
        server {
            listen       443  ssl  http2;
            listen       [::]:443  ssl  http2;
            server_name  $domain  www.$domain;

            if ($$host = "www.$domain") {
                return  308  https://$$host$$request_uri;
            }

            ssl_certificate      $run_dir/certs/$domain/domain.crt;
            ssl_certificate_key  $run_dir/certs/$domain/domain.key;

            include  ssl-params.conf;
            include  acme-challenge.conf;
            include  application.conf;
        }
}

$ streaming_dir = f"{run_dir}/media/streaming"
rtmp {
    hls           on;
    hls_path      $streaming_dir/hls;
    hls_fragment  5s;

    record         all;
    record_path    $streaming_dir/rec;
    record_suffix  _%Y-%m-%d_%H-%M-%S.flv;
    record_lock    on;

    exec_publish      $streaming_dir/publish.sh;
    exec_record_done  $streaming_dir/finished.sh  $$path  $$basename.mp4;

    access_log  /var/log/nginx/rtmp_access.log  combined;
    access_log  on;

    server {
        listen      1935;
        chunk_size  4096;

        application  live  {
            live    on;
            record  all;
            # push  rtmp://localhost/twitch;
            # push  rtmp://localhost/youtube;
        }
        application  twitch  {
            live    on;
            record  off;
            allow   publish 127.0.0.1;
            deny    publish  all;
            push    rtmp://lax.contribute.live-video.net/app/live_784014614_hwNuA2Gl5fz3SxETlrFcMmk0H2qynG;
        }
        application  youtube  {
            live    on;
            record  off;
            allow   publish 127.0.0.1;
            deny    publish  all;
            push    rtmp://a.rtmp.youtube.com/live2/4505-6umr-xemj-tm3g-959h;
        }
    }
}
# leave this here for cat'ing over SSH...