added netdata with basicauth and index.m3u8-caching support

This commit is contained in:
Lukas Schulz 2020-11-28 18:16:22 +01:00
parent 717baa0482
commit 36899fc287

88
cdn.nix
View file

@ -1,4 +1,5 @@
let
basicAuthLogin = { admin = "jkblufies"; };
cdn-node-setup = args@{ domain, config_file, ... }: {
deployment.targetHost = domain;
nixpkgs.localSystem.system = "x86_64-linux";
@ -13,6 +14,10 @@ cdn-node-setup = args@{ domain, config_file, ... }: {
443 # HTTPs
];
services.netdata = {
enable = true;
};
# Enable nginx service
services.nginx = {
@ -26,13 +31,15 @@ cdn-node-setup = args@{ domain, config_file, ... }: {
forceSSL = true;
enableACME = true;
basicAuth = basicAuthLogin;
locations = {
"~* \\.(m3u8)$" = {
proxyPass = "https://cdn-master.lukas.studio$request_uri";
extraConfig = ''
#proxy_cache = off;
expires -1;
expires 3s;
auth_basic off;
'';
};
"/hls" = {
@ -45,9 +52,32 @@ cdn-node-setup = args@{ domain, config_file, ... }: {
proxy_cache hls;
proxy_ignore_headers Cache-Control;
proxy_cache_valid any 30m;
auth_basic off;
'';
};
"/stats" = {
return = "301 /stats/";
};
"~ /stats/(?<ndpath>.*)" = {
proxyPass = "http://127.0.0.1:19999/$ndpath$is_args$args";
extraConfig = ''
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_pass_request_headers on;
proxy_set_header Connection "keep-alive";
proxy_store off;
gzip on;
gzip_proxied any;
gzip_types *;
'';
};
};
@ -81,6 +111,10 @@ cdn-master-setup = args@{ domain, config_file, host-server, ... }: {
443 # HTTPs
];
services.netdata = {
enable = true;
};
# Enable nginx service
services.nginx = {
@ -94,13 +128,15 @@ cdn-master-setup = args@{ domain, config_file, host-server, ... }: {
forceSSL = true;
enableACME = true;
basicAuth = basicAuthLogin;
locations = {
"~* \\.(m3u8)$" = {
proxyPass = "${host-server}$request_uri";
extraConfig = ''
#proxy_cache = off;
expires -1;
expires 2s;
auth_basic off;
'';
};
"/hls" = {
@ -113,9 +149,32 @@ cdn-master-setup = args@{ domain, config_file, host-server, ... }: {
proxy_cache hls;
proxy_ignore_headers Cache-Control;
proxy_cache_valid any 30m;
auth_basic off;
'';
};
"/stats" = {
return = "301 /stats/";
};
"~ /stats/(?<ndpath>.*)" = {
proxyPass = "http://127.0.0.1:19999/$ndpath$is_args$args";
extraConfig = ''
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_pass_request_headers on;
proxy_set_header Connection "keep-alive";
proxy_store off;
gzip on;
gzip_proxied any;
gzip_types *;
'';
};
};
};
@ -159,6 +218,31 @@ cdn-loadbalancer-setup = args@{ domain, config_file, nodes, ... }: {
locations = {
"/" = {
return = "301 \"http://\$\{cdnhosts\}\$\{request_uri\}\"";
extraConfig = ''
auth_basic off;
'';
};
"/stats" = {
return = "301 /stats/";
};
"~ /stats/(?<ndpath>.*)" = {
proxyPass = "http://127.0.0.1:19999/$ndpath$is_args$args";
extraConfig = ''
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_pass_request_headers on;
proxy_set_header Connection "keep-alive";
proxy_store off;
gzip on;
gzip_proxied any;
gzip_types *;
'';
};
};
forceSSL = true;