Skip to content
Snippets Groups Projects
Commit 28afd136 authored by Stéphane Diemer's avatar Stéphane Diemer
Browse files

Updated skyreach Nginx conf for SSH tunnels to MC (refs #26028).

parent 445a0eed
No related branches found
No related tags found
No related merge requests found
...@@ -51,13 +51,16 @@ server { ...@@ -51,13 +51,16 @@ server {
} }
location /proxy/ { location /proxy/ {
allow 127.0.0.1; # proxy to local SSH tunnels (for MediaCoder UI and files)
deny all;
# proxy for MediaCoder UI and files
# ?: means that the group should not be stored as variable # ?: means that the group should not be stored as variable
# 404 for ports outside of range (40000-60000)
location ~ "^/proxy/(?!(4|5\d{4}/)).*$" {
return 404;
}
# proxy for m3u8 and ts files with cache # proxy for m3u8 and ts files with cache
location ~ ^/proxy/([\d\.\:]+)/(.+\.(?:m3u8|ts))$ { location ~ "^/proxy/(\d+)/(.+\.(?:m3u8|ts))$" {
proxy_cache livecache; proxy_cache livecache;
# do not consider secure urls as new files # do not consider secure urls as new files
proxy_cache_key $scheme$proxy_host$uri; proxy_cache_key $scheme$proxy_host$uri;
...@@ -66,19 +69,19 @@ server { ...@@ -66,19 +69,19 @@ server {
# show if playlist or fragment has been cached from wowza # show if playlist or fragment has been cached from wowza
add_header X-Cache $upstream_cache_status; add_header X-Cache $upstream_cache_status;
# wowza is defining expiration headers (m3u8 is 1s, ts is 3600) # wowza is defining expiration headers (m3u8 is 1s, ts is 3600)
proxy_pass https://$1/$2; proxy_pass https://127.0.0.1:$1/$2;
} }
# proxy for other urls including websocket # proxy for other urls including websocket
location ~ ^/proxy/([\d\.\:]+)/(.*)$ { location ~ "^/proxy/(\d+)/(.*)$" {
proxy_http_version 1.1; proxy_http_version 1.1;
proxy_buffering off; proxy_buffering off;
# needed for websocket # needed for websocket
proxy_set_header Upgrade $http_upgrade; proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade; proxy_set_header Connection $connection_upgrade;
# change scheme of "Origin" to https # change scheme of "Origin" to https
proxy_set_header Origin https://$1; proxy_set_header Origin https://127.0.0.1:$1;
proxy_pass https://$1/$2$is_args$args; proxy_pass https://127.0.0.1:$1/$2$is_args$args;
} }
} }
...@@ -88,7 +91,7 @@ server { ...@@ -88,7 +91,7 @@ server {
} }
# APT proxy urls # APT proxy urls
location ~ /[\w\d\.\-\_]+.ubuntu.com/ubuntu { location ~ "/[\w\d\.\-\_]+.ubuntu.com/ubuntu" {
proxy_pass http://127.0.0.1:3142; proxy_pass http://127.0.0.1:3142;
} }
} }
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment