Auto-generate a self-signed SSL cert, configure nginx to serve via SSL by default and make the use of the :80/:443 web proxy a configurable system-wide setting. Together, these changes enable full support for CloudFlare Full SSL on any AzuraCast instance.
This commit is contained in:
parent
efc5ce7e13
commit
fab92c7a96
|
@ -187,11 +187,14 @@ class IceCast extends FrontendAbstract
|
|||
$fe_config = (array)$this->station->frontend_config;
|
||||
$radio_port = $fe_config['port'];
|
||||
|
||||
$base_url = $this->di['em']->getRepository('Entity\Settings')->getSetting('base_url', 'localhost');
|
||||
$settings_rep o = $this->di['em']->getRepository('Entity\Settings');
|
||||
|
||||
// Vagrant port-forwarding mode.
|
||||
if (APP_APPLICATION_ENV == 'development')
|
||||
return 'http://'.$base_url.':8080/radio/'.$radio_port;
|
||||
$base_url = $settings_repo->getSetting('base_url', 'localhost');
|
||||
$use_radio_proxy = $settings_repo->getSetting('use_radio_proxy', 0);
|
||||
|
||||
// Web proxy support.
|
||||
if (APP_APPLICATION_ENV == 'development' || $use_radio_proxy)
|
||||
return '/radio/'.$radio_port;
|
||||
else
|
||||
return 'http://'.$base_url.':'.$radio_port;
|
||||
}
|
||||
|
|
|
@ -25,6 +25,16 @@ return [
|
|||
'default' => $base_url_default,
|
||||
]],
|
||||
|
||||
'use_radio_proxy' => ['radio', [
|
||||
'label' => _('Use Web Proxy for Radio'),
|
||||
'description' => _('By default, radio stations broadcast on their own ports (i.e. 8000). If you\'re using a service like CloudFlare or accessing your radio station by SSL, you should enable this feature, which routes all radio through the web ports (80 and 443).'),
|
||||
'options' => [
|
||||
0 => 'No',
|
||||
1 => 'Yes',
|
||||
],
|
||||
'default' => 0,
|
||||
]],
|
||||
|
||||
],
|
||||
],
|
||||
|
||||
|
|
|
@ -3,6 +3,10 @@
|
|||
become: true
|
||||
apt: pkg=nginx state=latest
|
||||
|
||||
- name: create self-signed SSL cert
|
||||
command: openssl req -new -nodes -x509 -subj "/C=US/ST=Texas/L=Austin/O=IT/CN=${ansible_fqdn}" -days 3650 -keyout /etc/nginx/ssl/server.key -out /etc/nginx/ssl/server.crt -extensions v3_ca creates=/etc/nginx/ssl/server.crt
|
||||
notify: reload nginx
|
||||
|
||||
- name: Change default nginx site
|
||||
become: true
|
||||
template: src=default.j2 dest=/etc/nginx/sites-available/default
|
||||
|
|
|
@ -1,7 +1,11 @@
|
|||
client_max_body_size 50M;
|
||||
|
||||
server {
|
||||
listen 80 default_server;
|
||||
listen 80;
|
||||
listen 443 default_server ssl;
|
||||
|
||||
ssl_certificate /etc/nginx/ssl/server.crt;
|
||||
ssl_certificate_key /etc/nginx/ssl/server.key;
|
||||
|
||||
root {{ app_base }}/www/web;
|
||||
index index.php;
|
||||
|
|
|
@ -13,6 +13,7 @@
|
|||
- init
|
||||
- azuracast-config
|
||||
- azuracast-radio
|
||||
- nginx
|
||||
- php
|
||||
- influxdb
|
||||
- supervisord
|
||||
|
|
Loading…
Reference in New Issue