{% if ansible_distribution_release != 'xenial' %} upstream redis_server { nchan_redis_server "redis://localhost:6379"; } server { listen; location ~ /pub/(\w+)$ { nchan_publisher; nchan_redis_pass redis_server; nchan_channel_group "azuracast_nowplaying"; nchan_channel_id $1; nchan_message_buffer_length 1; nchan_message_timeout 16s; } } {% endif %} server { listen 80; listen 443 default_server ssl; listen [::]:80; listen [::]:443 default_server ssl; ssl_certificate /etc/nginx/ssl/server.crt; ssl_certificate_key /etc/nginx/ssl/server.key; root {{ app_base }}/www/web; index index.php; server_name localhost; add_header X-XSS-Protection 1; add_header X-Content-Type-Options nosniff; add_header Referrer-Policy no-referrer-when-downgrade; access_log {{ app_base }}/www_tmp/access.log; error_log {{ app_base }}/www_tmp/error.log; # Serve a static version of the nowplaying data for non-PHP-blocking delivery. location /api/nowplaying_static { expires 10s; add_header Access-Control-Allow-Origin *; alias {{ app_base }}/www_tmp/nowplaying; try_files $uri =404; } location / { try_files $uri @clean_url; } location @clean_url { rewrite ^(.*)$ /index.php last; } # Set up caching for static assets. location /static { add_header Access-Control-Allow-Origin *; } location /static/uploads { rewrite ^(.+)\.(?:\w+)\.(js|css|png|jpg)$ $1.$2 last; alias /var/azuracast/uploads; try_files $uri =404; } location /static/dist { expires 365d; } location /static/webpack_dist { expires 365d; } location ~ \.php$ { fastcgi_split_path_info ^(.+\.php)(/.+)$; # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini fastcgi_pass; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME {{ app_base }}/www/web$fastcgi_script_name; include fastcgi_params; fastcgi_read_timeout 1800; fastcgi_buffering off; } # Reverse proxy all possible radio listening ports (8000, 8010...8480, 8490) location ~ ^/radio/(8[0-4][0-9]0)(/?)(.*)$ { proxy_buffering off; proxy_ignore_client_abort off; proxy_intercept_errors on; proxy_next_upstream error timeout invalid_header; proxy_redirect off; proxy_connect_timeout 60; proxy_send_timeout 21600; proxy_read_timeout 21600; proxy_set_header Host localhost:$1; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $remote_addr; proxy_pass$1/$3?$args; } # Reverse proxy the Liquidsoap harbor inputs to allow for streaming. location ~ ^/radio/(8[0-4][0-9]5)(/?)(.*)$ { proxy_buffering off; proxy_ignore_client_abort off; proxy_send_timeout 21600; proxy_read_timeout 21600; proxy_pass$1/$3; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "Upgrade"; } {% if ansible_distribution_release != 'xenial' %} # pub/sub endpoints location ~ /api/live/nowplaying/(\w+)$ { nchan_subscriber; nchan_redis_pass redis_server; nchan_channel_group "azuracast_nowplaying"; nchan_channel_id "$1"; nchan_channel_id_split_delimiter ","; nchan_subscriber_first_message -1; } {% endif %} # deny access to .htaccess files, if Apache's document root # concurs with nginx's one # location ~ /\.ht { deny all; } # Internal handlers used by the application to perform X-Accel-Redirect's for higher performance. location /internal/backups/ { internal; alias {{ app_base }}/backups/; } location /internal/stations/ { internal; alias {{ app_base }}/stations/; } }