{config, lib, pkgs, ...}: { networking.firewall.allowedTCPPorts = [ 80 # HTTP 443 # HTTPs ]; services.netdata = { enable = true; }; # Enable nginx service services.nginx = { enable = true; # Use recommended settings # Don't use recommended Proxy settings because it does funky things with the setup recommendedGzipSettings = true; recommendedOptimisation = true; recommendedTlsSettings = true; virtualHosts."${config.networking.hostName}.live.hacc.media" = { forceSSL = true; enableACME = true; # basicAuth = basicAuthLogin; locations = { "~* \\.(m3u8)$" = { proxyPass = "https://cdn-master.live.hacc.media$request_uri"; extraConfig = '' #proxy_cache = off; expires 3s; auth_basic off; ''; }; "/hls" = { proxyPass = "https://cdn-master.live.hacc.media$request_uri"; extraConfig = '' types { application/vnd.apple.mpegurl m3u8; video/mp2t ts; } proxy_cache hls; proxy_ignore_headers Cache-Control; proxy_cache_valid any 30m; auth_basic off; ''; }; "/stats" = { return = "301 /stats/"; }; "~ /stats/(?<ndpath>.*)" = { proxyPass = "http://127.0.0.1:19999/$ndpath$is_args$args"; extraConfig = '' proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Server $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_http_version 1.1; proxy_pass_request_headers on; proxy_set_header Connection "keep-alive"; proxy_store off; gzip on; gzip_proxied any; gzip_types *; ''; }; }; }; appendHttpConfig = '' proxy_cache_path /tmp keys_zone=hls:10m max_size=10g inactive=60m use_temp_path=on; resolver 1.1.1.1; ''; }; }