peter/haccfiles
1
0
Fork 0
forked from hacc/haccfiles
Code Issues Pull requests Projects Releases Wiki Activity

livecdn: DRY the whole thing a bit

Browse source
This commit is contained in:
hexchen 2020-11-29 12:54:35 +00:00
parent 30a3dcd77e
commit f84dbb4e1a
10 changed files with 115 additions and 176 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
configuration/hosts/cdn/loadbalancer/configuration.nix
View file

@ -5,7 +5,7 @@
[ # Include the results of the hardware scan. [ # Include the results of the hardware scan.
./hardware-config.nix ./hardware-config.nix
../../../common ../../../common
../../../server/cdn-lb.nix ../../../server/cdn/cdn-lb.nix
]; ];
boot.loader.grub.enable = true; boot.loader.grub.enable = true;

2
configuration/hosts/cdn/master/configuration.nix
View file

@ -5,7 +5,7 @@
[ # Include the results of the hardware scan. [ # Include the results of the hardware scan.
./hardware-config.nix ./hardware-config.nix
../../../common ../../../common
../../../server/cdn-master.nix ../../../server/cdn/cdn-master.nix
]; ];
boot.loader.grub.enable = true; boot.loader.grub.enable = true;

2
configuration/hosts/cdn/node-1/configuration.nix
View file

@ -5,7 +5,7 @@
[ # Include the results of the hardware scan. [ # Include the results of the hardware scan.
./hardware-config.nix ./hardware-config.nix
../../../common ../../../common
../../../server/cdn-node.nix ../../../server/cdn/cdn-node.nix
]; ];
boot.loader.grub.enable = true; boot.loader.grub.enable = true;

2
configuration/hosts/cdn/node-2/configuration.nix
View file

@ -5,7 +5,7 @@
[ # Include the results of the hardware scan. [ # Include the results of the hardware scan.
./hardware-config.nix ./hardware-config.nix
../../../common ../../../common
../../../server/cdn-node.nix ../../../server/cdn/cdn-node.nix
]; ];
boot.loader.grub.enable = true; boot.loader.grub.enable = true;

78
configuration/server/cdn-master.nix
View file

@ -1,78 +0,0 @@
{config, lib, pkgs, ...}:
let
host-server = "https://rosenbaum.lukas.studio";
in {
networking.firewall.allowedTCPPorts = [
80 # HTTP
443 # HTTPs
];
services.netdata = {
enable = true;
};
# Enable nginx service
services.nginx = {
enable = true;
# Use recommended settings
# Don't use recommendea Proxy settings because it does funky things with the setup
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedTlsSettings = true;
virtualHosts."${config.networking.hostName}.live.hacc.media" = {
forceSSL = true;
enableACME = true;
# basicAuth = basicAuthLogin;
locations = {
"~* \\.(m3u8)$" = {
proxyPass = "${host-server}$request_uri";
extraConfig = ''
#proxy_cache = off;
expires 2s;
auth_basic off;
'';
};
"/hls" = {
proxyPass = "${host-server}$request_uri";
extraConfig = ''
types {
application/vnd.apple.mpegurl m3u8;
video/mp2t ts;
}
proxy_cache hls;
proxy_ignore_headers Cache-Control;
proxy_cache_valid any 30m;
auth_basic off;
'';
};
"/stats" = {
return = "301 /stats/";
};
"~ /stats/(?<ndpath>.*)" = {
proxyPass = "http://127.0.0.1:19999/$ndpath$is_args$args";
extraConfig = ''
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_pass_request_headers on;
proxy_set_header Connection "keep-alive";
proxy_store off;
gzip on;
gzip_proxied any;
gzip_types *;
'';
};
};
};
appendHttpConfig = ''
proxy_cache_path /tmp keys_zone=hls:10m max_size=10g inactive=60m use_temp_path=on;
resolver 1.1.1.1;
'';
};
}

79
configuration/server/cdn-node.nix
View file

@ -1,79 +0,0 @@
{config, lib, pkgs, ...}:
{
networking.firewall.allowedTCPPorts = [
80 # HTTP
443 # HTTPs
];
services.netdata = {
enable = true;
};
# Enable nginx service
services.nginx = {
enable = true;
# Use recommended settings
# Don't use recommended Proxy settings because it does funky things with the setup
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedTlsSettings = true;
virtualHosts."${config.networking.hostName}.live.hacc.media" = {
forceSSL = true;
enableACME = true;
# basicAuth = basicAuthLogin;
locations = {
"~* \\.(m3u8)$" = {
proxyPass = "https://cdn-master.live.hacc.media$request_uri";
extraConfig = ''
#proxy_cache = off;
expires 3s;
auth_basic off;
'';
};
"/hls" = {
proxyPass = "https://cdn-master.live.hacc.media$request_uri";
extraConfig = ''
types {
application/vnd.apple.mpegurl m3u8;
video/mp2t ts;
}
proxy_cache hls;
proxy_ignore_headers Cache-Control;
proxy_cache_valid any 30m;
auth_basic off;
'';
};
"/stats" = {
return = "301 /stats/";
};
"~ /stats/(?<ndpath>.*)" = {
proxyPass = "http://127.0.0.1:19999/$ndpath$is_args$args";
extraConfig = ''
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_pass_request_headers on;
proxy_set_header Connection "keep-alive";
proxy_store off;
gzip on;
gzip_proxied any;
gzip_types *;
'';
};
};
};
appendHttpConfig = ''
proxy_cache_path /tmp keys_zone=hls:10m max_size=10g inactive=60m use_temp_path=on;
resolver 1.1.1.1;
'';
};
}

25
configuration/server/cdn/cdn-lb.nix Normal file
View file

@ -0,0 +1,25 @@
{config, lib, pkgs, ...}:
{
imports = [
./common.nix
];
services.nginx = {
virtualHosts."${config.networking.hostName}.live.hacc.media" = {
locations = {
"/" = {
return = "301 \"http://$cdnhosts$request_uri\"";
extraConfig = ''
auth_basic off;
'';
};
};
};
appendHttpConfig = ''
split_clients "$remote_addr" $cdnhosts {
50% "cdn-node-1.live.hacc.media";
50% "cdn-node-2.live.hacc.media";
}
'';
};
}

40
configuration/server/cdn/cdn-master.nix Normal file
View file

@ -0,0 +1,40 @@
{config, lib, pkgs, ...}:
let
host-server = "https://rosenbaum.lukas.studio";
in {
imports = [
./common.nix
];
services.nginx = {
virtualHosts."${config.networking.hostName}.live.hacc.media" = {
locations = {
"~* \\.(m3u8)$" = {
proxyPass = "${host-server}$request_uri";
extraConfig = ''
#proxy_cache = off;
expires 2s;
auth_basic off;
'';
};
"/hls" = {
proxyPass = "${host-server}$request_uri";
extraConfig = ''
types {
application/vnd.apple.mpegurl m3u8;
video/mp2t ts;
}
proxy_cache hls;
proxy_ignore_headers Cache-Control;
proxy_cache_valid any 30m;
auth_basic off;
'';
};
};
};
appendHttpConfig = ''
proxy_cache_path /tmp keys_zone=hls:10m max_size=10g inactive=60m use_temp_path=on;
resolver 1.1.1.1;
'';
};
}

43
configuration/server/cdn/cdn-node.nix Normal file
View file

@ -0,0 +1,43 @@
{config, lib, pkgs, ...}:
{
imports = [
./common.nix
];
# Enable nginx service
services.nginx = {
virtualHosts."${config.networking.hostName}.live.hacc.media" = {
forceSSL = true;
enableACME = true;
# basicAuth = basicAuthLogin;
locations = {
"~* \\.(m3u8)$" = {
proxyPass = "https://cdn-master.live.hacc.media$request_uri";
extraConfig = ''
#proxy_cache = off;
expires 3s;
auth_basic off;
'';
};
"/hls" = {
proxyPass = "https://cdn-master.live.hacc.media$request_uri";
extraConfig = ''
types {
application/vnd.apple.mpegurl m3u8;
video/mp2t ts;
}
proxy_cache hls;
proxy_ignore_headers Cache-Control;
proxy_cache_valid any 30m;
auth_basic off;
'';
};
};
};
appendHttpConfig = ''
proxy_cache_path /tmp keys_zone=hls:10m max_size=10g inactive=60m use_temp_path=on;
resolver 1.1.1.1;
'';
};
}

18
configuration/server/cdn-lb.nix → configuration/server/cdn/common.nix
View file

@ -13,20 +13,16 @@
# Enable nginx service # Enable nginx service
services.nginx = { services.nginx = {
enable = true; enable = true;
# Use recommended settings # Use recommended settings
# Don't use recommended Proxy settings because it does funky things with the setup # Don't use recommended Proxy settings because it does funky things with the setup
recommendedGzipSettings = true; recommendedGzipSettings = true;
recommendedOptimisation = true; recommendedOptimisation = true;
recommendedTlsSettings = true; recommendedTlsSettings = true;
virtualHosts."${config.networking.hostName}.live.hacc.media" = { virtualHosts."${config.networking.hostName}.live.hacc.media" = {
forceSSL = true;
enableACME = true;
# basicAuth = basicAuthLogin;
locations = { locations = {
"/" = {
return = "301 \"http://$cdnhosts$request_uri\"";
extraConfig = ''
auth_basic off;
'';
};
"/stats" = { "/stats" = {
return = "301 /stats/"; return = "301 /stats/";
}; };
@ -50,14 +46,6 @@
''; '';
}; };
}; };
forceSSL = true;
enableACME = true;
}; };
appendHttpConfig = ''
split_clients "$remote_addr" $cdnhosts {
50% "cdn-node-1.live.hacc.media";
50% "cdn-node-2.live.hacc.media";
}
'';
}; };
} }