kirkins/nginx.conf

## nginx.conf
daemon off;

worker_processes auto;

error_log /var/log/nginx/error.log debug;

events {
  worker_connections 1024;
}

rtmp {


  server {
    listen 1935;

    # Any origin can play the stream
    allow play all;

    chunk_size 4000;

    # Get methods contains all arguments
    notify_method get;

    application publish {
      live on;

      # Any ip can publish
      allow publish all;

      # Publish only endpoint
      deny play all;

      # Get the publish server
      on_publish http://172.17.0.1:3000/rtmp/publish;

      # Notify the API that the rtmp has finish
      on_publish_done http://172.17.0.1:3000/rtmp/publish_done;
    }

    # Public endpoint for playing RTMP
    application play {
      deny publish all;
      allow play all;

      live on;

      # Get play server
      on_play http://172.17.0.1:3000/rtmp/play;
    }

    # Public endpoint
    application live {
      live on;

      # Non publishable endpoint. Plya from private subnets only.
      allow play 127.0.0.1;
      allow play 172.17.0.1;
      allow play 10.0.0.0/8;
      allow play 172.16.0.0/12;
      allow play 192.0.0.0/16;
      deny play all;
      allow publish 127.0.0.1;
      deny publish all;
    }

    application encode {
      live on;

      # Publish from private subnets only
      allow publish 127.0.0.1;
      allow publish 172.17.0.1;
      allow publish 10.0.0.0/8;
      allow publish 172.16.0.0/12;
      allow publish 192.0.0.0/16;
      deny publish all;

      # Not playable endpoint
      allow play 127.0.0.1;
      allow play 172.17.0.1;
      allow play 10.0.0.0/8;
      allow play 172.16.0.0/12;
      allow play 192.0.0.0/16;
      deny play all;

      hls_keys on;
      hls_key_path /data/keys;
      hls_key_url https://localhost/keys/;
      hls_fragments_per_key 10;

      exec ffmpeg -i rtmp://localhost:1935/encode/$name
        # no conversion
        #-c:a libfdk_aac -c:v libx264 -f flv -preset superfast -profile:v baseline rtmp://localhost:1935/hls/$name
        #-c:a libfdk_aac -b:a 128k -c:v libx264 -b:v 2500k -f flv -g 30 -r 30 -s 1280x720 -preset superfast -profile:v baseline rtmp://localhost:1935/hls/$name_720p2628kbs
        -c:a libfdk_aac -b:a 128k -c:v libx264 -b:v 1000k -f flv -g 30 -r 30 -s 854x480 -preset superfast -profile:v baseline rtmp://localhost:1935/hls/$name_480p1128kbs
        -c:a libfdk_aac -b:a 128k -c:v libx264 -b:v 750k -f flv -g 30 -r 30 -s 640x360 -preset superfast -profile:v baseline rtmp://localhost:1935/hls/$name_360p878kbs
        -c:a libfdk_aac -b:a 128k -c:v libx264 -b:v 400k -f flv -g 30 -r 30 -s 426x240 -preset superfast -profile:v baseline rtmp://localhost:1935/hls/$name_240p528kbs
        -c:a libfdk_aac -b:a 64k -c:v libx264 -b:v 200k -f flv -g 15 -r 15 -s 426x240 -preset superfast -profile:v baseline rtmp://localhost:1935/hls/$name_240p264kbs
        ;

      # Stream locally on /live
      exec ffmpeg -i rtmp://localhost:1935/encode/$name
        -c:a libfdk_aac -b:a 128k -c:v libx264 -b:v 1000k -f flv -g 30 -r 30 -s 854x480 -preset superfast -profile:v baseline rtmp://localhost:1935/live/$name
        ;

    }

    application hls {
      live on;

      allow publish 127.0.0.1;
      deny publish all;
      allow play all;

      hls_fragment_naming system;
      hls_fragment 2s;
      hls on;
      hls_path /data/hls;

      # Split streams into folders
      hls_nested on;

      # multi bitrate HLS
      # https://support.jwplayer.com/customer/en/portal/articles/1430240-hls-adaptive-streaming
      #hls_variant _720p2628kbs BANDWIDTH=2628000,RESOLUTION=1280x720;
      hls_variant _480p1128kbs BANDWIDTH=1128000,RESOLUTION=854x480;
      hls_variant _360p878kbs BANDWIDTH=878000,RESOLUTION=640x360;
      hls_variant _240p528kbs BANDWIDTH=528000,RESOLUTION=426x240;
      hls_variant _240p264kbs BANDWIDTH=264000,RESOLUTION=426x240;

      # make previews
      recorder preview {
        record keyframes;
        record_max_frames 4;
        record_path /data/recordings;
        record_interval 30s;

        exec_record_done ffmpeg -i $path -vcodec png -vframes 1 -an -f rawvideo -s 320x240 -ss 00:00:01 -y /data/thumbnails/$name.png;
      }

      # TODO Recording
      recorder rec1 {
         record all manual;
         record_suffix all.flv;
         record_path /tmp/rec;
         record_unique on;
      }

    }
  }
}

http {

  log_format main
      '$remote_addr - $remote_user [$time_local] '
      '"$request_method $scheme://$host$request_uri $server_protocol" '
      '"$request" $status $bytes_sent '
      '"$http_referer" "$http_user_agent" '
      '"$gzip_ratio"';

  access_log /var/log/nginx/access.log main;

  # TODO setup another endpoint for controls
  # https://github.com/arut/nginx-rtmp-module/wiki/Control-module
  server {
    listen 8080;
    server_name localhost;
    location /control {
      rtmp_control all;
    }
  }

  server {
    listen 443 ssl;
    server_name localhost 127.0.0.1 video.2klic.io *.2klic.io;

    # location /redirect {
    #   rewrite ^/redirect(.*) https://$server_name/hls/test.m3u8 permanent;
    # }

    # certificate for prod
    #ssl_certificate /config/ssl/2klic.com/ssl_certificate.crt;
    #ssl_certificate_key /config/ssl/2klic.com/2klic-io.key;

    # self-signed certificate for localhost tests
    #ssl_certificate /config/ssl/localhost/server.crt;
    #ssl_certificate_key /config/ssl/localhost/server.key;

    # self-signed certificate for *.2klic.io tests
    #ssl_certificate /config/ssl/wildcard/server.crt;
    #ssl_certificate_key /config/ssl/wildcard/server.key;

    include mime.types;
    default_type application/octet-stream;

    # full-resolution (desktop) HLS stream - "http://<my-ip>:<port>/hls/<stream-key>/index.m3u8"
    location /hls {
      types {
        application/vnd.apple.mpegurl m3u8;
        video/mp2t ts;
      }
      root /data;
      add_header Cache-Control no-cache;
      add_header Access-Control-Allow-Origin *;
      add_header 'Access-Control-Max-Age' 0;
      add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range';
      add_header 'Access-Control-Allow-Headers' 'Range';
      expires off;
    }

    # Stats in user readable format
    location /stat {
      rtmp_stat all;
      rtmp_stat_stylesheet static/stat.xsl;

      allow 127.0.0.1;
      allow 172.17.0.1;
      allow 66.131.186.208;
      deny all;
    }

    # Stats in XML format
    location /stat.xml {
      rtmp_stat all;

      allow 127.0.0.1;
      allow 172.17.0.1;
      allow 66.131.186.208;
      deny all;
    }

    location /static {
      alias /static;
    }

    location /crossdomain.xml {
      default_type text/xml;
      return 200 '<?xml version="1.0"?>
        <!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
        <cross-domain-policy>
          <site-control permitted-cross-domain-policies="all"/>
          <allow-access-from domain="*" secure="false"/>
          <allow-http-request-headers-from domain="*" headers="*" secure="false"/>
        </cross-domain-policy>';
      expires 24h;
    }
  }

}
	daemon off;

	worker_processes auto;

	error_log /var/log/nginx/error.log debug;

	events {
	worker_connections 1024;
	}

	rtmp {


	server {
	listen 1935;

	# Any origin can play the stream
	allow play all;

	chunk_size 4000;

	# Get methods contains all arguments
	notify_method get;

	application publish {
	live on;

	# Any ip can publish
	allow publish all;

	# Publish only endpoint
	deny play all;

	# Get the publish server
	on_publish http://172.17.0.1:3000/rtmp/publish;

	# Notify the API that the rtmp has finish
	on_publish_done http://172.17.0.1:3000/rtmp/publish_done;
	}

	# Public endpoint for playing RTMP
	application play {
	deny publish all;
	allow play all;

	live on;

	# Get play server
	on_play http://172.17.0.1:3000/rtmp/play;
	}

	# Public endpoint
	application live {
	live on;

	# Non publishable endpoint. Plya from private subnets only.
	allow play 127.0.0.1;
	allow play 172.17.0.1;
	allow play 10.0.0.0/8;
	allow play 172.16.0.0/12;
	allow play 192.0.0.0/16;
	deny play all;
	allow publish 127.0.0.1;
	deny publish all;
	}

	application encode {
	live on;

	# Publish from private subnets only
	allow publish 127.0.0.1;
	allow publish 172.17.0.1;
	allow publish 10.0.0.0/8;
	allow publish 172.16.0.0/12;
	allow publish 192.0.0.0/16;
	deny publish all;

	# Not playable endpoint
	allow play 127.0.0.1;
	allow play 172.17.0.1;
	allow play 10.0.0.0/8;
	allow play 172.16.0.0/12;
	allow play 192.0.0.0/16;
	deny play all;

	hls_keys on;
	hls_key_path /data/keys;
	hls_key_url https://localhost/keys/;
	hls_fragments_per_key 10;

	exec ffmpeg -i rtmp://localhost:1935/encode/$name
	# no conversion
	#-c:a libfdk_aac -c:v libx264 -f flv -preset superfast -profile:v baseline rtmp://localhost:1935/hls/$name
	#-c:a libfdk_aac -b:a 128k -c:v libx264 -b:v 2500k -f flv -g 30 -r 30 -s 1280x720 -preset superfast -profile:v baseline rtmp://localhost:1935/hls/$name_720p2628kbs
	-c:a libfdk_aac -b:a 128k -c:v libx264 -b:v 1000k -f flv -g 30 -r 30 -s 854x480 -preset superfast -profile:v baseline rtmp://localhost:1935/hls/$name_480p1128kbs
	-c:a libfdk_aac -b:a 128k -c:v libx264 -b:v 750k -f flv -g 30 -r 30 -s 640x360 -preset superfast -profile:v baseline rtmp://localhost:1935/hls/$name_360p878kbs
	-c:a libfdk_aac -b:a 128k -c:v libx264 -b:v 400k -f flv -g 30 -r 30 -s 426x240 -preset superfast -profile:v baseline rtmp://localhost:1935/hls/$name_240p528kbs
	-c:a libfdk_aac -b:a 64k -c:v libx264 -b:v 200k -f flv -g 15 -r 15 -s 426x240 -preset superfast -profile:v baseline rtmp://localhost:1935/hls/$name_240p264kbs
	;

	# Stream locally on /live
	exec ffmpeg -i rtmp://localhost:1935/encode/$name
	-c:a libfdk_aac -b:a 128k -c:v libx264 -b:v 1000k -f flv -g 30 -r 30 -s 854x480 -preset superfast -profile:v baseline rtmp://localhost:1935/live/$name
	;

	}

	application hls {
	live on;

	allow publish 127.0.0.1;
	deny publish all;
	allow play all;

	hls_fragment_naming system;
	hls_fragment 2s;
	hls on;
	hls_path /data/hls;

	# Split streams into folders
	hls_nested on;

	# multi bitrate HLS
	# https://support.jwplayer.com/customer/en/portal/articles/1430240-hls-adaptive-streaming
	#hls_variant _720p2628kbs BANDWIDTH=2628000,RESOLUTION=1280x720;
	hls_variant _480p1128kbs BANDWIDTH=1128000,RESOLUTION=854x480;
	hls_variant _360p878kbs BANDWIDTH=878000,RESOLUTION=640x360;
	hls_variant _240p528kbs BANDWIDTH=528000,RESOLUTION=426x240;
	hls_variant _240p264kbs BANDWIDTH=264000,RESOLUTION=426x240;

	# make previews
	recorder preview {
	record keyframes;
	record_max_frames 4;
	record_path /data/recordings;
	record_interval 30s;

	exec_record_done ffmpeg -i $path -vcodec png -vframes 1 -an -f rawvideo -s 320x240 -ss 00:00:01 -y /data/thumbnails/$name.png;
	}

	# TODO Recording
	recorder rec1 {
	record all manual;
	record_suffix all.flv;
	record_path /tmp/rec;
	record_unique on;
	}

	}
	}
	}

	http {

	log_format main
	'$remote_addr - $remote_user [$time_local] '
	'"$request_method $scheme://$host$request_uri $server_protocol" '
	'"$request" $status $bytes_sent '
	'"$http_referer" "$http_user_agent" '
	'"$gzip_ratio"';

	access_log /var/log/nginx/access.log main;

	# TODO setup another endpoint for controls
	# https://github.com/arut/nginx-rtmp-module/wiki/Control-module
	server {
	listen 8080;
	server_name localhost;
	location /control {
	rtmp_control all;
	}
	}

	server {
	listen 443 ssl;
	server_name localhost 127.0.0.1 video.2klic.io *.2klic.io;

	# location /redirect {
	# rewrite ^/redirect(.*) https://$server_name/hls/test.m3u8 permanent;
	# }

	# certificate for prod
	#ssl_certificate /config/ssl/2klic.com/ssl_certificate.crt;
	#ssl_certificate_key /config/ssl/2klic.com/2klic-io.key;

	# self-signed certificate for localhost tests
	#ssl_certificate /config/ssl/localhost/server.crt;
	#ssl_certificate_key /config/ssl/localhost/server.key;

	# self-signed certificate for *.2klic.io tests
	#ssl_certificate /config/ssl/wildcard/server.crt;
	#ssl_certificate_key /config/ssl/wildcard/server.key;

	include mime.types;
	default_type application/octet-stream;

	# full-resolution (desktop) HLS stream - "http://<my-ip>:<port>/hls/<stream-key>/index.m3u8"
	location /hls {
	types {
	application/vnd.apple.mpegurl m3u8;
	video/mp2t ts;
	}
	root /data;
	add_header Cache-Control no-cache;
	add_header Access-Control-Allow-Origin *;
	add_header 'Access-Control-Max-Age' 0;
	add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range';
	add_header 'Access-Control-Allow-Headers' 'Range';
	expires off;
	}

	# Stats in user readable format
	location /stat {
	rtmp_stat all;
	rtmp_stat_stylesheet static/stat.xsl;

	allow 127.0.0.1;
	allow 172.17.0.1;
	allow 66.131.186.208;
	deny all;
	}

	# Stats in XML format
	location /stat.xml {
	rtmp_stat all;

	allow 127.0.0.1;
	allow 172.17.0.1;
	allow 66.131.186.208;
	deny all;
	}

	location /static {
	alias /static;
	}

	location /crossdomain.xml {
	default_type text/xml;
	return 200 '<?xml version="1.0"?>
	<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
	<cross-domain-policy>
	<site-control permitted-cross-domain-policies="all"/>
	<allow-access-from domain="*" secure="false"/>
	<allow-http-request-headers-from domain="" headers="" secure="false"/>
	</cross-domain-policy>';
	expires 24h;
	}
	}

	}