diff options
-rw-r--r-- | nginx_config | 59 |
1 files changed, 39 insertions, 20 deletions
diff --git a/nginx_config b/nginx_config index 8c1f13e..6e30ad4 100644 --- a/nginx_config +++ b/nginx_config @@ -5,30 +5,54 @@ upstream dash_server_py { server [::1]:8000; } +# this server handles media ingest +# authentication is handled throught TLS client certificates +server { + # network config + listen [::]:8001 ssl default_server; + server_name <server name>; + + # server's TLS cert+key + ssl_certificate <path to TLS cert>; + ssl_certificate_key <path to TLS key>; + #ssl_dhparam <path to DH params, optional>; + + # source authentication with TLS client certificates + ssl_client_certificate <path to CA for client certs>; + ssl_verify_client on; + + # only allow upload requests + # TODO: handle DELETE + if ($request_method !~ ^(POST|PUT)$) { + return 405; # Method Not Allowed + } + + root <path to site root>; + + # define parameters for communicating with dash_server.py + # enable chunked transfers + proxy_http_version 1.1; + proxy_buffering off; + proxy_request_buffering off; + # finish the upload even if the client does not bother waiting for our + # response + proxy_ignore_client_abort on; + + location /live/ { + proxy_pass http://dash_server_py; + } +} + server { # network config listen [::]:80 default_server; + server_name <server name>; # tweak to your site and uncomment for TLS #listen [::]:443 ssl; #ssl_certificate <path to TLS cert>; #ssl_certificate_key <path to TLS key>; - #ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'; #ssl_dhparam <path to DH params, optional>; - # optional, verify the client certificate for authenticated uploading - #ssl_verify_client optional; - #ssl_client_certificate <path to CA for client certs>; - #if ($request_method ~ ^(POST|PUT)$) { - # set $reject "1"; - #} - #if ($ssl_client_verify = "SUCCESS") { - # set $reject "0"; - #} - #if ($reject = "1") { - # return 403; - #} - - server_name dash; root <path to site root>; @@ -50,11 +74,6 @@ server { } location /live/ { - - limit_except GET { - proxy_pass http://dash_server_py; - } - try_files $uri @dash_server; } |