Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
HLS - Origin / Edge Cache
proxy_cache_path /mnt/ramdisk/cache_temp use_temp_path=off keys_zone=cache_temp:10m max_size=1536m inactive=1h;
server {
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/edge.example.org/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/edge.example.org/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
server_name edge.example.org;
set $upstream origin.example.org;
add_header X-Frame-Options SAMEORIGIN;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";
keepalive_timeout 0;
set $cors_origin '';
if ($http_origin ~ '^https?://(localhost|example\.org|edge\.example\.org)') {
set $cors_origin $http_origin;
}
location / {
add_header 'Access-Control-Allow-Origin' $cors_origin;
add_header X-Cache-Status $upstream_cache_status;
proxy_cache cache_temp;
proxy_cache_lock on;
proxy_cache_valid 404 1s;
proxy_pass https://$upstream;
}
access_log off;
}
server {
listen 443 ssl;
# SSL config
ssl_certificate /etc/letsencrypt/live/origin.example.org/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/origin.example.org/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
# Make site accessible from http://localhost/
server_name origin.example.org;
set $upstream hls.example.org;
gzip on;
gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript application/javascript application/vnd.apple.mpegurl;
gzip_min_length 1000;
add_header X-Frame-Options SAMEORIGIN;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";
location / {
add_header Access-Control-Expose-Headers Content-Length;
add_header Cache-Control "max-age=86400";
}
location ~* \.(m3u8|ts)$ {
add_header Access-Control-Expose-Headers Content-Length;
add_header Cache-Control "max-age=3600";
types {
application/vnd.apple.mpegurl m3u8;
video/mp2t ts;
}
location ~* \.m3u8$ {
add_header Access-Control-Expose-Headers Content-Length;
add_header Cache-Control "max-age=1";
proxy_pass http://$upstream;
}
proxy_pass_header Authorization;
proxy_pass http://$upstream;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_buffering off;
client_max_body_size 0;
proxy_read_timeout 36000s;
proxy_redirect off;
proxy_ssl_session_reuse off;
}
access_log off;
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment