my eye
Angelo Gladding
Hacker for right homesteading into the future.
@ragt.ag@angelo@ragt.agangelo@ragt.ag@tyosxbghzcf5

nginx_application.conf

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82

$def with (run_dir, onion)
add_header  Strict-Transport-Security
              "max-age=63072000; includeSubDomains; preload"  always;
add_header  X-Frame-Options  SAMEORIGIN;
add_header  X-Content-Type-Options  nosniff;
add_header  X-XSS-Protection  "1; mode=block";
add_header  Onion-Location  http://$onion$$request_uri;

charset               utf-8;
client_max_body_size  0;

location  ~  /code/projects/([\w.-]+)\.git(/git-receive-pack)$$  {
    auth_basic            "Restricted";
    auth_basic_user_file  $run_dir/code/meta/gitpasswd;
    # TODO auth_request      /auth/introspection;

    fastcgi_pass   unix:/var/run/fcgiwrap.socket;
    include        fastcgi_params;
    fastcgi_param  SCRIPT_FILENAME      /usr/lib/git-core/git-http-backend;
    fastcgi_param  GIT_HTTP_EXPORT_ALL  "";
    fastcgi_param  GIT_PROJECT_ROOT     $run_dir/code/meta/$$1/source.git;
    fastcgi_param  PATH_INFO            $$2;
}
location  ~  /code/projects/([\w.-]+)\.git(.+)  {
    fastcgi_pass   unix:/var/run/fcgiwrap.socket;
    include        fastcgi_params;
    fastcgi_param  SCRIPT_FILENAME      /usr/lib/git-core/git-http-backend;
    fastcgi_param  GIT_HTTP_EXPORT_ALL  "";
    fastcgi_param  GIT_PROJECT_ROOT     $run_dir/code/meta/$$1/source.git;
    fastcgi_param  PATH_INFO            $$2;
}
location  ~  /code/projects/([\w\.-]+)/releases/([a-z0-9\._]+\-.+)  {
    alias  $run_dir/code/meta/$$1/releases/$$2;
}

location  /X/  {
    internal;
    alias  $run_dir/;
}

location  /hls  {
    root  $run_dir/media/streaming;
    add_header  Cache-Control  no-cache;
    add_header  Access-Control-Allow-Origin  *;
    types {
        application/vnd.apple.mpegurl  m3u8;
    }
}
location  /stream-stats  {
    rtmp_stat  all;
}

location  /assets/  {
    alias  $run_dir/media/assets/;
}

location  /chats/  {
    alias  $run_dir/media/chat/mediasoup-demo/server/public/;
}

location  /pads/  {
    proxy_pass          http://127.0.0.1:9001/;
    proxy_buffering     off;
    proxy_http_version  1.1;
    proxy_pass_header   Server;

    proxy_set_header  Host  $$host;
    proxy_set_header  Upgrade  $$http_upgrade;
    proxy_set_header  Connection  $$connection_upgrade;
    proxy_set_header  X-Real-IP  $$remote_addr;
    proxy_set_header  X-Forwarded-For  $$remote_addr;
    proxy_set_header  X-Forwarded-Proto  $$scheme;
}

location  /  {
    proxy_set_header  X-Forwarded-Proto  $$scheme;
    proxy_set_header  Host  $$http_host;
    proxy_set_header  X-Forwarded-For  $$proxy_add_x_forwarded_for;
    proxy_redirect  off;
    proxy_pass  http://unix:$run_dir/gunicorn.sock;
}
# leave this here for cat'ing over SSH...