From f84dbb4e1a22e12251c8ae0f11b10a3573af0a90 Mon Sep 17 00:00:00 2001 From: hexchen Date: Sun, 29 Nov 2020 12:54:35 +0000 Subject: [PATCH] livecdn: DRY the whole thing a bit --- .../hosts/cdn/loadbalancer/configuration.nix | 2 +- .../hosts/cdn/master/configuration.nix | 2 +- .../hosts/cdn/node-1/configuration.nix | 2 +- .../hosts/cdn/node-2/configuration.nix | 2 +- configuration/server/cdn-master.nix | 78 ------------------ configuration/server/cdn-node.nix | 79 ------------------- configuration/server/cdn/cdn-lb.nix | 25 ++++++ configuration/server/cdn/cdn-master.nix | 40 ++++++++++ configuration/server/cdn/cdn-node.nix | 43 ++++++++++ .../server/{cdn-lb.nix => cdn/common.nix} | 18 +---- 10 files changed, 115 insertions(+), 176 deletions(-) delete mode 100644 configuration/server/cdn-master.nix delete mode 100644 configuration/server/cdn-node.nix create mode 100644 configuration/server/cdn/cdn-lb.nix create mode 100644 configuration/server/cdn/cdn-master.nix create mode 100644 configuration/server/cdn/cdn-node.nix rename configuration/server/{cdn-lb.nix => cdn/common.nix} (80%) diff --git a/configuration/hosts/cdn/loadbalancer/configuration.nix b/configuration/hosts/cdn/loadbalancer/configuration.nix index 424f3d8..04d47b4 100644 --- a/configuration/hosts/cdn/loadbalancer/configuration.nix +++ b/configuration/hosts/cdn/loadbalancer/configuration.nix @@ -5,7 +5,7 @@ [ # Include the results of the hardware scan. ./hardware-config.nix ../../../common - ../../../server/cdn-lb.nix + ../../../server/cdn/cdn-lb.nix ]; boot.loader.grub.enable = true; diff --git a/configuration/hosts/cdn/master/configuration.nix b/configuration/hosts/cdn/master/configuration.nix index 420ea5d..fe0b839 100644 --- a/configuration/hosts/cdn/master/configuration.nix +++ b/configuration/hosts/cdn/master/configuration.nix @@ -5,7 +5,7 @@ [ # Include the results of the hardware scan. ./hardware-config.nix ../../../common - ../../../server/cdn-master.nix + ../../../server/cdn/cdn-master.nix ]; boot.loader.grub.enable = true; diff --git a/configuration/hosts/cdn/node-1/configuration.nix b/configuration/hosts/cdn/node-1/configuration.nix index ab56c19..e6600e8 100644 --- a/configuration/hosts/cdn/node-1/configuration.nix +++ b/configuration/hosts/cdn/node-1/configuration.nix @@ -5,7 +5,7 @@ [ # Include the results of the hardware scan. ./hardware-config.nix ../../../common - ../../../server/cdn-node.nix + ../../../server/cdn/cdn-node.nix ]; boot.loader.grub.enable = true; diff --git a/configuration/hosts/cdn/node-2/configuration.nix b/configuration/hosts/cdn/node-2/configuration.nix index f2aa9f9..c575f06 100644 --- a/configuration/hosts/cdn/node-2/configuration.nix +++ b/configuration/hosts/cdn/node-2/configuration.nix @@ -5,7 +5,7 @@ [ # Include the results of the hardware scan. ./hardware-config.nix ../../../common - ../../../server/cdn-node.nix + ../../../server/cdn/cdn-node.nix ]; boot.loader.grub.enable = true; diff --git a/configuration/server/cdn-master.nix b/configuration/server/cdn-master.nix deleted file mode 100644 index 13c9327..0000000 --- a/configuration/server/cdn-master.nix +++ /dev/null @@ -1,78 +0,0 @@ -{config, lib, pkgs, ...}: - -let - host-server = "https://rosenbaum.lukas.studio"; -in { - networking.firewall.allowedTCPPorts = [ - 80 # HTTP - 443 # HTTPs - ]; - - services.netdata = { - enable = true; - }; - - # Enable nginx service - services.nginx = { - enable = true; - # Use recommended settings - # Don't use recommendea Proxy settings because it does funky things with the setup - recommendedGzipSettings = true; - recommendedOptimisation = true; - recommendedTlsSettings = true; - virtualHosts."${config.networking.hostName}.live.hacc.media" = { - forceSSL = true; - enableACME = true; -# basicAuth = basicAuthLogin; - locations = { - "~* \\.(m3u8)$" = { - proxyPass = "${host-server}$request_uri"; - extraConfig = '' - #proxy_cache = off; - expires 2s; - auth_basic off; - ''; - }; - "/hls" = { - proxyPass = "${host-server}$request_uri"; - extraConfig = '' - types { - application/vnd.apple.mpegurl m3u8; - video/mp2t ts; - } - proxy_cache hls; - proxy_ignore_headers Cache-Control; - proxy_cache_valid any 30m; - auth_basic off; - ''; - }; - "/stats" = { - return = "301 /stats/"; - }; - "~ /stats/(?.*)" = { - proxyPass = "http://127.0.0.1:19999/$ndpath$is_args$args"; - extraConfig = '' - proxy_redirect off; - proxy_set_header Host $host; - - proxy_set_header X-Forwarded-Host $host; - proxy_set_header X-Forwarded-Server $host; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_http_version 1.1; - proxy_pass_request_headers on; - proxy_set_header Connection "keep-alive"; - proxy_store off; - - gzip on; - gzip_proxied any; - gzip_types *; - ''; - }; - }; - }; - appendHttpConfig = '' - proxy_cache_path /tmp keys_zone=hls:10m max_size=10g inactive=60m use_temp_path=on; - resolver 1.1.1.1; - ''; - }; -} diff --git a/configuration/server/cdn-node.nix b/configuration/server/cdn-node.nix deleted file mode 100644 index 2262c82..0000000 --- a/configuration/server/cdn-node.nix +++ /dev/null @@ -1,79 +0,0 @@ -{config, lib, pkgs, ...}: - -{ - networking.firewall.allowedTCPPorts = [ - 80 # HTTP - 443 # HTTPs - ]; - - services.netdata = { - enable = true; - }; - - # Enable nginx service - services.nginx = { - enable = true; - # Use recommended settings - # Don't use recommended Proxy settings because it does funky things with the setup - recommendedGzipSettings = true; - recommendedOptimisation = true; - recommendedTlsSettings = true; - virtualHosts."${config.networking.hostName}.live.hacc.media" = { - forceSSL = true; - enableACME = true; -# basicAuth = basicAuthLogin; - locations = { - "~* \\.(m3u8)$" = { - proxyPass = "https://cdn-master.live.hacc.media$request_uri"; - extraConfig = '' - #proxy_cache = off; - expires 3s; - auth_basic off; - ''; - }; - "/hls" = { - proxyPass = "https://cdn-master.live.hacc.media$request_uri"; - extraConfig = '' - types { - application/vnd.apple.mpegurl m3u8; - video/mp2t ts; - } - proxy_cache hls; - proxy_ignore_headers Cache-Control; - proxy_cache_valid any 30m; - auth_basic off; - ''; - - }; - "/stats" = { - return = "301 /stats/"; - }; - "~ /stats/(?.*)" = { - proxyPass = "http://127.0.0.1:19999/$ndpath$is_args$args"; - extraConfig = '' - proxy_redirect off; - proxy_set_header Host $host; - - proxy_set_header X-Forwarded-Host $host; - proxy_set_header X-Forwarded-Server $host; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_http_version 1.1; - proxy_pass_request_headers on; - proxy_set_header Connection "keep-alive"; - proxy_store off; - - gzip on; - gzip_proxied any; - gzip_types *; - ''; - }; - - }; - }; - - appendHttpConfig = '' - proxy_cache_path /tmp keys_zone=hls:10m max_size=10g inactive=60m use_temp_path=on; - resolver 1.1.1.1; - ''; - }; -} diff --git a/configuration/server/cdn/cdn-lb.nix b/configuration/server/cdn/cdn-lb.nix new file mode 100644 index 0000000..f717ba6 --- /dev/null +++ b/configuration/server/cdn/cdn-lb.nix @@ -0,0 +1,25 @@ +{config, lib, pkgs, ...}: + +{ + imports = [ + ./common.nix + ]; + services.nginx = { + virtualHosts."${config.networking.hostName}.live.hacc.media" = { + locations = { + "/" = { + return = "301 \"http://$cdnhosts$request_uri\""; + extraConfig = '' + auth_basic off; + ''; + }; + }; + }; + appendHttpConfig = '' + split_clients "$remote_addr" $cdnhosts { + 50% "cdn-node-1.live.hacc.media"; + 50% "cdn-node-2.live.hacc.media"; + } + ''; + }; +} diff --git a/configuration/server/cdn/cdn-master.nix b/configuration/server/cdn/cdn-master.nix new file mode 100644 index 0000000..14e866c --- /dev/null +++ b/configuration/server/cdn/cdn-master.nix @@ -0,0 +1,40 @@ +{config, lib, pkgs, ...}: + +let + host-server = "https://rosenbaum.lukas.studio"; +in { + imports = [ + ./common.nix + ]; + services.nginx = { + virtualHosts."${config.networking.hostName}.live.hacc.media" = { + locations = { + "~* \\.(m3u8)$" = { + proxyPass = "${host-server}$request_uri"; + extraConfig = '' + #proxy_cache = off; + expires 2s; + auth_basic off; + ''; + }; + "/hls" = { + proxyPass = "${host-server}$request_uri"; + extraConfig = '' + types { + application/vnd.apple.mpegurl m3u8; + video/mp2t ts; + } + proxy_cache hls; + proxy_ignore_headers Cache-Control; + proxy_cache_valid any 30m; + auth_basic off; + ''; + }; + }; + }; + appendHttpConfig = '' + proxy_cache_path /tmp keys_zone=hls:10m max_size=10g inactive=60m use_temp_path=on; + resolver 1.1.1.1; + ''; + }; +} diff --git a/configuration/server/cdn/cdn-node.nix b/configuration/server/cdn/cdn-node.nix new file mode 100644 index 0000000..5d86769 --- /dev/null +++ b/configuration/server/cdn/cdn-node.nix @@ -0,0 +1,43 @@ +{config, lib, pkgs, ...}: + +{ + imports = [ + ./common.nix + ]; + # Enable nginx service + services.nginx = { + virtualHosts."${config.networking.hostName}.live.hacc.media" = { + forceSSL = true; + enableACME = true; +# basicAuth = basicAuthLogin; + locations = { + "~* \\.(m3u8)$" = { + proxyPass = "https://cdn-master.live.hacc.media$request_uri"; + extraConfig = '' + #proxy_cache = off; + expires 3s; + auth_basic off; + ''; + }; + "/hls" = { + proxyPass = "https://cdn-master.live.hacc.media$request_uri"; + extraConfig = '' + types { + application/vnd.apple.mpegurl m3u8; + video/mp2t ts; + } + proxy_cache hls; + proxy_ignore_headers Cache-Control; + proxy_cache_valid any 30m; + auth_basic off; + ''; + + }; + }; + }; + appendHttpConfig = '' + proxy_cache_path /tmp keys_zone=hls:10m max_size=10g inactive=60m use_temp_path=on; + resolver 1.1.1.1; + ''; + }; +} diff --git a/configuration/server/cdn-lb.nix b/configuration/server/cdn/common.nix similarity index 80% rename from configuration/server/cdn-lb.nix rename to configuration/server/cdn/common.nix index eca7ee5..4952783 100644 --- a/configuration/server/cdn-lb.nix +++ b/configuration/server/cdn/common.nix @@ -13,20 +13,16 @@ # Enable nginx service services.nginx = { enable = true; - # Use recommended settings # Don't use recommended Proxy settings because it does funky things with the setup recommendedGzipSettings = true; recommendedOptimisation = true; recommendedTlsSettings = true; virtualHosts."${config.networking.hostName}.live.hacc.media" = { + forceSSL = true; + enableACME = true; +# basicAuth = basicAuthLogin; locations = { - "/" = { - return = "301 \"http://$cdnhosts$request_uri\""; - extraConfig = '' - auth_basic off; - ''; - }; "/stats" = { return = "301 /stats/"; }; @@ -50,14 +46,6 @@ ''; }; }; - forceSSL = true; - enableACME = true; }; - appendHttpConfig = '' - split_clients "$remote_addr" $cdnhosts { - 50% "cdn-node-1.live.hacc.media"; - 50% "cdn-node-2.live.hacc.media"; - } - ''; }; }