Newer
Older
}
map $msuser_whitelist $msuser_allowed {
0 $secure_link;
1 1;
}
server {
listen 80;
server_name {{ server_name }};
location /.well-known/acme-challenge {
default_type "text/plain";
root /tmp/letsencrypt;
}
location / {
rewrite ^ https://$host$request_uri? permanent;
}
server_name {{ server_name }};
root /var/www/msuser;
access_log /var/log/nginx/access_msuser.log;
error_log /var/log/nginx/error_msuser.log;
location /static {
expires 30d;
add_header Pragma public;
add_header Cache-Control "public";
}
expires 30d;
add_header Pragma public;
add_header Cache-Control "public";
location /crossdomain {
expires 30d;
add_header Pragma public;
add_header Cache-Control "public";
}
location /resources {
location ~ \.ts$ {
}
location ~ \.xml$ {
}
secure_link $arg_st,$arg_e;
secure_link_md5 "{{ secret }}$uri$arg_e$remote_addr";
# link expired
if ($msuser_allowed = "0") {
return 410;
}
# bad hash
if ($msuser_allowed = "") {
return 403;
}
}
rewrite ^/streaming/(.*)$ /live/$1? break;
proxy_pass http://localhost:1935;
proxy_cache livecache;
# do not consider secure urls as new files
proxy_cache_key $scheme$proxy_host$uri;
# only one request at a time will be allowed to populate a new cache element
proxy_cache_lock on;
# show if playlist or fragment has been cached from wowza
add_header X-Cache $upstream_cache_status;
# wowza is defining expiration headers (m3u8 is 1s, ts is 3600)
}
location / {
uwsgi_pass unix:///home/msuser/mstmp/uwsgi.sock;
include /etc/nginx/uwsgi_params;
}
}