upstream php-fpm-internal { server unix:/var/run/php-fpm-internal.sock; } upstream php-fpm-www { server unix:/var/run/php-fpm-www.sock; } upstream redis_server { nchan_redis_server "redis://localhost:6379"; } server { listen 127.0.0.1:6010; root {{ app_base }}/www/web; index index.php; location ~ /pub/([^\/]+)$ { nchan_publisher; nchan_redis_pass redis_server; nchan_channel_group "azuracast_nowplaying"; nchan_channel_id $1; nchan_message_buffer_length 1; nchan_message_timeout 16s; } # Default clean URL routing location / { try_files $uri @clean_url; } location @clean_url { rewrite ^(.*)$ /index.php last; } location ~ ^/index\.php(/|$) { fastcgi_split_path_info ^(.+\.php)(/.+)$; fastcgi_pass php-fpm-internal; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name; fastcgi_param DOCUMENT_ROOT $realpath_root; include fastcgi_params; fastcgi_read_timeout 600; fastcgi_buffering off; internal; } } server { listen 80; listen 443 default_server ssl; listen [::]:80; listen [::]:443 default_server ssl; ssl_certificate {{ app_base }}/acme/ssl.crt; ssl_certificate_key {{ app_base }}/acme/ssl.key; root {{ app_base }}/www/web; index index.php; server_name localhost; add_header X-XSS-Protection 1; add_header X-Content-Type-Options nosniff; add_header Referrer-Policy no-referrer-when-downgrade; access_log {{ app_base }}/www_tmp/access.log; error_log {{ app_base }}/www_tmp/error.log; # LetsEncrypt handling location /.well-known/acme-challenge { alias {{ app_base }}/acme/challenges; try_files $uri =404; } # Serve a static version of the nowplaying data for non-PHP-blocking delivery. location /api/nowplaying_static { expires 10s; add_header Access-Control-Allow-Origin *; alias {{ app_base }}/www_tmp/nowplaying; try_files $uri =404; } location / { try_files $uri @clean_url; } location @clean_url { rewrite ^(.*)$ /index.php last; } # Set up caching for static assets. location /static { add_header Access-Control-Allow-Origin *; } location /static/uploads { rewrite ^(.+)\.(?:\w+)\.(js|css|png|jpg)$ $1.$2 last; alias /var/azuracast/uploads; try_files $uri =404; } location /static/dist { expires 365d; } location /static/webpack_dist { expires 365d; } location ~ ^/index\.php(/|$) { fastcgi_split_path_info ^(.+\.php)(/.+)$; # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini fastcgi_pass php-fpm-www; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name; fastcgi_param DOCUMENT_ROOT $realpath_root; include fastcgi_params; fastcgi_read_timeout 1800; fastcgi_buffering off; internal; } # Reverse proxy all possible radio listening ports (8000, 8010...8480, 8490) location ~ ^/radio/(8[0-4][0-9]0)(/?)(.*)$ { proxy_buffering off; proxy_ignore_client_abort off; proxy_intercept_errors on; proxy_next_upstream error timeout invalid_header; proxy_redirect off; proxy_connect_timeout 60; proxy_send_timeout 21600; proxy_read_timeout 21600; proxy_set_header Host localhost:$1; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $remote_addr; proxy_pass http://127.0.0.1:$1/$3?$args; } # pub/sub endpoints location ~ /api/live/nowplaying/([^\/]+)$ { nchan_subscriber; nchan_redis_pass redis_server; nchan_channel_group "azuracast_nowplaying"; nchan_channel_id "$1"; nchan_channel_id_split_delimiter ","; nchan_subscriber_first_message -1; } # deny access to .htaccess files, if Apache's document root # concurs with nginx's one # location ~ /\.ht { deny all; } # Internal handlers used by the application to perform X-Accel-Redirect's for higher performance. location /internal/backups/ { internal; alias {{ app_base }}/backups/; } location /internal/stations/ { internal; alias {{ app_base }}/stations/; } include {{ app_base }}/stations/*/config/nginx.conf; }