diff options
Diffstat (limited to 'templates/nginx')
| -rw-r--r-- | templates/nginx/nginx.conf.j2 | 147 |
1 files changed, 0 insertions, 147 deletions
diff --git a/templates/nginx/nginx.conf.j2 b/templates/nginx/nginx.conf.j2 deleted file mode 100644 index bb0930e..0000000 --- a/templates/nginx/nginx.conf.j2 +++ /dev/null @@ -1,147 +0,0 @@ -user www-data; -worker_processes auto; -pid /run/nginx.pid; -include /etc/nginx/modules-enabled/*.conf; - -events { - worker_connections 1024; - multi_accept on; -} - -http { - sendfile on; - tcp_nopush on; - tcp_nodelay on; - sendfile_max_chunk 512k; - keepalive_timeout 300s; - keepalive_requests 1000; - types_hash_max_size 2048; - server_tokens off; - - include /etc/nginx/mime.types; - default_type application/octet-stream; - - access_log /var/log/nginx/access.log; - error_log /var/log/nginx/error.log warn; - - gzip on; - gzip_vary on; - gzip_proxied any; - gzip_comp_level 6; - gzip_buffers 16 8k; - gzip_http_version 1.1; - gzip_min_length 256; - gzip_types - text/plain - text/css - application/json - application/javascript - text/xml - application/xml - application/xml+rss - text/javascript - image/svg+xml; - - upstream icecast_backend { - server 127.0.0.1:8000; - keepalive 32; - } - - server { - listen 80; - server_name {{ domain }}; - return 301 https://{{ domain }}$request_uri; - } - - server { - listen 443 ssl http2; - server_name {{ domain }}; - - ssl_certificate /etc/letsencrypt/live/{{ domain }}/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/{{ domain }}/privkey.pem; - #ssl_trusted_certificate /etc/letsencrypt/live/{{ domain }}/chain.pem; - - ssl_protocols TLSv1.2 TLSv1.3; - ssl_ciphers HIGH:!aNULL:!MD5; - ssl_prefer_server_ciphers off; - ssl_session_cache shared:SSL:10m; - ssl_session_timeout 1d; - ssl_session_tickets off; - - add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; - add_header X-Frame-Options "DENY" always; - add_header X-Content-Type-Options "nosniff" always; - add_header X-XSS-Protection "1; mode=block" always; - add_header Referrer-Policy "strict-origin-when-cross-origin" always; - add_header Content-Security-Policy "default-src 'self'; connect-src *; media-src * blob: data:; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline';" always; - add_header Permissions-Policy "geolocation=(), microphone=(), camera=()" always; - - root /var/www/html; - index index.html index.htm; - - location / { - try_files $uri $uri/ =404; - } - - location /stream { - proxy_pass http://icecast_backend/stream; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - - proxy_http_version 1.1; - proxy_buffering off; - proxy_request_buffering off; - - gzip off; - proxy_read_timeout 3600s; - proxy_connect_timeout 300s; - proxy_send_timeout 3600s; - chunked_transfer_encoding on; - - add_header Access-Control-Allow-Origin "{{ radio_url }}" always; - add_header Access-Control-Allow-Methods "GET, OPTIONS" always; - add_header Access-Control-Allow-Headers "Range" always; - add_header Access-Control-Expose-Headers "Content-Length,Content-Range" always; - - access_log off; - error_log /var/log/nginx/icecast-error.log warn; - } - - location /info { - proxy_pass http://127.0.0.1:8000/status-json.xsl; - - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - - proxy_http_version 1.1; - proxy_buffering off; - proxy_request_buffering off; - - add_header Access-Control-Allow-Origin "{{ radio_url }}" always; - add_header Access-Control-Allow-Methods "GET, OPTIONS" always; - add_header Access-Control-Allow-Headers "Content-Type" always; - } - - location /admin { - deny all; - return 403; - } - - location /admin/ { - deny all; - return 403; - } - - location ~ ^/(status|statistics|server|webadmin) { - deny all; - return 403; - } - - access_log /var/log/nginx/icecast-access.log; - error_log /var/log/nginx/icecast-error.log warn; - } -} |