ynerant
/
ghostream
mirror of https://gitlab.crans.org/nounous/ghostream.git
1
0
Fork 0
Code Issues Releases Wiki Activity
ghostream/doc/nginx/sites-available/ghostream

67 lines
2.0 KiB
Plaintext
Raw Permalink Blame History

# This file is part of Ghostream
# Copyright (C) 2020 by Crans <roots@crans.org>
# SPDX-License-Identifier: GPL-2.0-or-later
# Automatic Connection header for WebSocket support
# See http://nginx.org/en/docs/http/websocket.html
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
# Redirect HTTP to HTTPS
server {
listen 80;
listen [::]:80;
server_name stream.crans.org;
location / {
return 301 https://$host$request_uri;
}
}
# HTTPS server
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name stream.crans.org;
# SSL configuration based on https://ssl-config.mozilla.org/
ssl_certificate /etc/letsencrypt/live/stream.crans.org/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/stream.crans.org/privkey.pem;
ssl_session_timeout 1d;
ssl_session_cache shared:MozSSL:10m;
ssl_session_tickets off;
# curl https://ssl-config.mozilla.org/ffdhe2048.txt > /etc/letsencrypt/dhparam
ssl_dhparam /etc/letsencrypt/dhparam;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers off;
# HSTS (ngx_http_headers_module is required) (63072000 seconds)
add_header Strict-Transport-Security "max-age=63072000" always;
# Log into separate log files
access_log /var/log/nginx/ghostream.log;
error_log /var/log/nginx/ghostream_error.log;
# Pass HTTP to Flask web server
location / {
proxy_pass http://127.0.0.1:8080;
proxy_redirect off;
}
# Pass WebSocket to OvenMediaEngine for WebRTC signalling
location /play/ {
proxy_pass http://127.0.0.1:3333;
proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
}
}
Reference in New Issue View Git Blame Copy Permalink