Created
September 29, 2020 10:10
-
-
Save jb-alvarado/a7c8c5e0ce612138291370265a2b1097 to your computer and use it in GitHub Desktop.
HLS - Origin / Edge Cache
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| proxy_cache_path /mnt/ramdisk/cache_temp use_temp_path=off keys_zone=cache_temp:10m max_size=1536m inactive=1h; | |
| server { | |
| listen 443 ssl; # managed by Certbot | |
| ssl_certificate /etc/letsencrypt/live/edge.example.org/fullchain.pem; | |
| ssl_certificate_key /etc/letsencrypt/live/edge.example.org/privkey.pem; | |
| include /etc/letsencrypt/options-ssl-nginx.conf; | |
| ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; | |
| server_name edge.example.org; | |
| set $upstream origin.example.org; | |
| add_header X-Frame-Options SAMEORIGIN; | |
| add_header X-Content-Type-Options nosniff; | |
| add_header X-XSS-Protection "1; mode=block"; | |
| add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload"; | |
| keepalive_timeout 0; | |
| set $cors_origin ''; | |
| if ($http_origin ~ '^https?://(localhost|example\.org|edge\.example\.org)') { | |
| set $cors_origin $http_origin; | |
| } | |
| location / { | |
| add_header 'Access-Control-Allow-Origin' $cors_origin; | |
| add_header X-Cache-Status $upstream_cache_status; | |
| proxy_cache cache_temp; | |
| proxy_cache_lock on; | |
| proxy_cache_valid 404 1s; | |
| proxy_pass https://$upstream; | |
| } | |
| access_log off; | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| server { | |
| listen 443 ssl; | |
| # SSL config | |
| ssl_certificate /etc/letsencrypt/live/origin.example.org/fullchain.pem; | |
| ssl_certificate_key /etc/letsencrypt/live/origin.example.org/privkey.pem; | |
| include /etc/letsencrypt/options-ssl-nginx.conf; | |
| ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; | |
| # Make site accessible from http://localhost/ | |
| server_name origin.example.org; | |
| set $upstream hls.example.org; | |
| gzip on; | |
| gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript application/javascript application/vnd.apple.mpegurl; | |
| gzip_min_length 1000; | |
| add_header X-Frame-Options SAMEORIGIN; | |
| add_header X-Content-Type-Options nosniff; | |
| add_header X-XSS-Protection "1; mode=block"; | |
| add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload"; | |
| location / { | |
| add_header Access-Control-Expose-Headers Content-Length; | |
| add_header Cache-Control "max-age=86400"; | |
| } | |
| location ~* \.(m3u8|ts)$ { | |
| add_header Access-Control-Expose-Headers Content-Length; | |
| add_header Cache-Control "max-age=3600"; | |
| types { | |
| application/vnd.apple.mpegurl m3u8; | |
| video/mp2t ts; | |
| } | |
| location ~* \.m3u8$ { | |
| add_header Access-Control-Expose-Headers Content-Length; | |
| add_header Cache-Control "max-age=1"; | |
| proxy_pass http://$upstream; | |
| } | |
| proxy_pass_header Authorization; | |
| proxy_pass http://$upstream; | |
| proxy_set_header Host $host; | |
| proxy_set_header X-Real-IP $remote_addr; | |
| proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
| proxy_http_version 1.1; | |
| proxy_set_header Connection ""; | |
| proxy_buffering off; | |
| client_max_body_size 0; | |
| proxy_read_timeout 36000s; | |
| proxy_redirect off; | |
| proxy_ssl_session_reuse off; | |
| } | |
| access_log off; | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment