{{if isTrue .Env.ENABLE_REDIS }} upstream redis_server { nchan_redis_server "redis://localhost:6379"; } {{end}} server { listen 9010; location ~ /pub/([^\/]+)$ { nchan_publisher; {{if isTrue .Env.ENABLE_REDIS}} nchan_redis_pass redis_server; {{end}} nchan_channel_group "azuracast_nowplaying"; nchan_channel_id $1; nchan_message_buffer_length 1; nchan_message_timeout 16s; } } server { listen 80; listen 443 default_server http2 ssl; {{if exists "/etc/nginx/certs/ssl.crt"}} ssl_certificate /etc/nginx/certs/ssl.crt; ssl_certificate_key /etc/nginx/certs/ssl.key; {{else}} ssl_certificate /etc/nginx/certs/default.crt; ssl_certificate_key /etc/nginx/certs/default.key; {{end}} ssl_protocols TLSv1.3 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ecdh_curve secp521r1:secp384r1; ssl_ciphers EECDH+AESGCM:EECDH+AES256; ssl_session_cache shared:TLS:2m; ssl_buffer_size 4k; root /var/azuracast/www/web; index index.php; server_name localhost; add_header X-XSS-Protection 1; add_header X-Content-Type-Options nosniff; add_header Referrer-Policy no-referrer-when-downgrade; # LetsEncrypt handling location /.well-known/acme-challenge/ { root /usr/share/nginx/html; try_files $uri =404; } # Serve a static version of the nowplaying data for non-PHP-blocking delivery. location /api/nowplaying_static { expires 10s; add_header Access-Control-Allow-Origin *; alias /var/azuracast/www_tmp/nowplaying; try_files $uri =404; } # Default clean URL routing location / { try_files $uri @clean_url; } location @clean_url { rewrite ^(.*)$ /index.php last; } # Set up caching for static assets. location /static { add_header Access-Control-Allow-Origin *; } location /static/uploads { rewrite ^(.+)\.(?:\w+)\.(js|css|png|jpg)$ $1.$2 last; alias /var/azuracast/uploads; try_files $uri =404; } location /static/dist { expires 365d; } location /static/webpack_dist { expires 365d; } location ~ ^/index\.php(/|$) { fastcgi_split_path_info ^(.+\.php)(/.+)$; # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini fastcgi_pass localhost:9000; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name; fastcgi_param DOCUMENT_ROOT $realpath_root; include fastcgi_params; fastcgi_read_timeout {{ default .Env.NGINX_TIMEOUT "1800" }}; fastcgi_buffering off; internal; } # Return 404 for all other php files not matching the front controller location ~ \.php$ { return 404; } # Reverse proxy all possible radio listening ports (8000, 8010...8480, 8490) {{ if eq .Env.NGINX_RADIO_PORTS "default" }} location ~ ^/radio/(8[0-9][0-9]0)(/?)(.*)$ { {{ else }} location ~ ^/radio/{{ .Env.NGINX_RADIO_PORTS }}(/?)(.*)$ { {{ end }} include proxy_params; proxy_intercept_errors on; proxy_next_upstream error timeout invalid_header; proxy_redirect off; proxy_connect_timeout 60; proxy_set_header Host localhost:$1; proxy_pass http://127.0.0.1:$1/$3?$args; } # Reverse proxy the Liquidsoap harbor inputs to allow for streaming. {{ if eq .Env.NGINX_WEBDJ_PORTS "default" }} location ~ ^/radio/(8[0-9][0-9]5)(/?)(.*)$ { {{ else }} location ~ ^/radio/{{ .Env.NGINX_WEBDJ_PORTS }}(/?)(.*)$ { {{ end }} include proxy_params; proxy_pass http://127.0.0.1:$1/$3; } # pub/sub endpoints location ~ /api/live/nowplaying/([^\/]+)$ { nchan_access_control_allow_origin "*"; nchan_subscriber; {{if isTrue .Env.ENABLE_REDIS}} nchan_redis_pass redis_server; {{end}} nchan_channel_group "azuracast_nowplaying"; nchan_channel_id "$1"; nchan_channel_id_split_delimiter ","; nchan_subscriber_first_message -1; } # deny access to .htaccess files, if Apache's document root # concurs with nginx's one location ~ /\.ht { deny all; } # Internal handlers used by the application to perform X-Accel-Redirect's for higher performance. location /internal/backups/ { internal; alias /var/azuracast/backups/; } location /internal/stations/ { internal; alias /var/azuracast/stations/; } include /etc/nginx/azuracast.conf.d/*.conf; }