diff --git a/cdn.nix b/cdn.nix index f3472d1..e02d52e 100644 --- a/cdn.nix +++ b/cdn.nix @@ -1,4 +1,5 @@ let +basicAuthLogin = { admin = "jkblufies"; }; cdn-node-setup = args@{ domain, config_file, ... }: { deployment.targetHost = domain; nixpkgs.localSystem.system = "x86_64-linux"; @@ -13,6 +14,10 @@ cdn-node-setup = args@{ domain, config_file, ... }: { 443 # HTTPs ]; + services.netdata = { + enable = true; + }; + # Enable nginx service services.nginx = { @@ -26,13 +31,15 @@ cdn-node-setup = args@{ domain, config_file, ... }: { forceSSL = true; enableACME = true; + basicAuth = basicAuthLogin; locations = { "~* \\.(m3u8)$" = { proxyPass = "https://cdn-master.lukas.studio$request_uri"; extraConfig = '' #proxy_cache = off; - expires -1; + expires 3s; + auth_basic off; ''; }; "/hls" = { @@ -45,9 +52,32 @@ cdn-node-setup = args@{ domain, config_file, ... }: { proxy_cache hls; proxy_ignore_headers Cache-Control; proxy_cache_valid any 30m; + auth_basic off; ''; }; + "/stats" = { + return = "301 /stats/"; + }; + "~ /stats/(?.*)" = { + proxyPass = "http://127.0.0.1:19999/$ndpath$is_args$args"; + extraConfig = '' + proxy_redirect off; + proxy_set_header Host $host; + + proxy_set_header X-Forwarded-Host $host; + proxy_set_header X-Forwarded-Server $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_http_version 1.1; + proxy_pass_request_headers on; + proxy_set_header Connection "keep-alive"; + proxy_store off; + + gzip on; + gzip_proxied any; + gzip_types *; + ''; + }; }; @@ -81,6 +111,10 @@ cdn-master-setup = args@{ domain, config_file, host-server, ... }: { 443 # HTTPs ]; + services.netdata = { + enable = true; + }; + # Enable nginx service services.nginx = { @@ -94,13 +128,15 @@ cdn-master-setup = args@{ domain, config_file, host-server, ... }: { forceSSL = true; enableACME = true; + basicAuth = basicAuthLogin; locations = { "~* \\.(m3u8)$" = { proxyPass = "${host-server}$request_uri"; extraConfig = '' #proxy_cache = off; - expires -1; + expires 2s; + auth_basic off; ''; }; "/hls" = { @@ -113,9 +149,32 @@ cdn-master-setup = args@{ domain, config_file, host-server, ... }: { proxy_cache hls; proxy_ignore_headers Cache-Control; proxy_cache_valid any 30m; + auth_basic off; ''; }; + "/stats" = { + return = "301 /stats/"; + }; + "~ /stats/(?.*)" = { + proxyPass = "http://127.0.0.1:19999/$ndpath$is_args$args"; + extraConfig = '' + proxy_redirect off; + proxy_set_header Host $host; + + proxy_set_header X-Forwarded-Host $host; + proxy_set_header X-Forwarded-Server $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_http_version 1.1; + proxy_pass_request_headers on; + proxy_set_header Connection "keep-alive"; + proxy_store off; + + gzip on; + gzip_proxied any; + gzip_types *; + ''; + }; }; }; @@ -159,6 +218,31 @@ cdn-loadbalancer-setup = args@{ domain, config_file, nodes, ... }: { locations = { "/" = { return = "301 \"http://\$\{cdnhosts\}\$\{request_uri\}\""; + extraConfig = '' + auth_basic off; + ''; + }; + "/stats" = { + return = "301 /stats/"; + }; + "~ /stats/(?.*)" = { + proxyPass = "http://127.0.0.1:19999/$ndpath$is_args$args"; + extraConfig = '' + proxy_redirect off; + proxy_set_header Host $host; + + proxy_set_header X-Forwarded-Host $host; + proxy_set_header X-Forwarded-Server $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_http_version 1.1; + proxy_pass_request_headers on; + proxy_set_header Connection "keep-alive"; + proxy_store off; + + gzip on; + gzip_proxied any; + gzip_types *; + ''; }; }; forceSSL = true;