Ticket #1689: nginx.conf.opensocket

File nginx.conf.opensocket, 16.1 KB (added by dadmin-admin@…, 6 years ago)
Line 
1# configuration file /etc/nginx/nginx.conf:
2
3
4#######################################################################
5#
6# This is the main Nginx configuration file.
7#
8# More information about the configuration options is available on
9# * the English wiki - http://wiki.nginx.org/Main
10# * the Russian documentation - http://sysoev.ru/nginx/
11#
12#######################################################################
13
14#----------------------------------------------------------------------
15# Main Module - directives that cover basic functionality
16#
17# http://wiki.nginx.org/NginxHttpMainModule
18#
19#----------------------------------------------------------------------
20
21user mediaservice;
22worker_processes auto;
23worker_rlimit_nofile 245760;
24
25error_log /var/log/nginx/error.log;
26#error_log /var/log/nginx/error.log debug;
27#error_log /var/log/nginx/error.log notice;
28#error_log /var/log/nginx/error.log info;
29
30pid /var/run/nginx.pid;
31
32
33load_module modules/ngx_http_vod_module.so;
34
35
36#----------------------------------------------------------------------
37# Events Module
38#
39# http://wiki.nginx.org/NginxHttpEventsModule
40#
41#----------------------------------------------------------------------
42
43events {
44 worker_connections 131070;
45 multi_accept on;
46 use epoll;
47}
48
49
50#----------------------------------------------------------------------
51# HTTP Core Module
52#
53# http://wiki.nginx.org/NginxHttpCoreModule
54#
55#----------------------------------------------------------------------
56
57http {
58 include /etc/nginx/mime.types;
59 default_type application/octet-stream;
60
61 log_format main '$remote_addr - $remote_user [$time_local] "$request" '
62 '$status $body_bytes_sent "$http_referer" '
63 '"$http_user_agent" "$http_x_forwarded_for"';
64
65 log_format account '$body_bytes_sent $request_time';
66 log_format debugunmasked 'Unmasked $body_bytes_sent $request_time $msec $remote_addr $arg_st $uri $arg_e - $secure_link $status "$http_referer" "$http_user_agent"';
67# log_format debugmasked 'Masked $body_bytes_sent $request_time $msec $remote_addr $arg_st $uri $arg_e $arg_mask $secure_link $status "$http_referer" "$http_user_agent"';
68 log_format debugmasked 'Masked $body_bytes_sent $request_time $msec $remote_addr $status $request_filename';
69# access_log /var/log/nginx/access.log main;
70 access_log off;
71
72 sendfile on;
73 tcp_nopush on;
74 tcp_nodelay on;
75 reset_timedout_connection on;
76 client_body_timeout 10;
77 send_timeout 5;
78
79 keepalive_disable none;
80 keepalive_timeout 20;
81
82 ssl_session_timeout 5m;
83 ssl_protocols TLSv1.1 TLSv1.2;
84 ssl_prefer_server_ciphers on;
85 ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !MEDIUM";
86
87 #gzip on;
88
89
90 upstream main {
91 server unix:/var/run/php-fpm.sock;
92 keepalive 32;
93 }
94
95 #
96 # The default server
97 #
98 server {
99 listen 222.111.80.7:80 default;
100 listen 127.0.0.1:80 default;
101 listen 222.111.80.7:443 ssl http2 default;
102
103 ssl_certificate /etc/nginx/foobar.net.pem;
104 ssl_certificate_key /etc/nginx/foobar.net.key;
105 ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
106 ssl_ciphers HIGH:!aNULL:!MD5;
107
108
109 server_name _;
110
111 #charset koi8-r;
112
113 #access_log logs/host.access.log main;
114
115 root /filedata/html;
116
117
118 open_file_cache max=200000 inactive=200s;
119 open_file_cache_valid 300s;
120 open_file_cache_min_uses 2;
121
122 aio on;
123 vod_metadata_cache metadata_cache 512m;
124 vod_response_cache response_cache 256m;
125
126
127
128
129 location /h/ {
130 access_log /var/log/nginx/stats.log.norotate debugmasked;
131 alias /filedata/flv/;
132
133 fastcgi_pass main;
134 fastcgi_keep_conn on;
135 fastcgi_param SCRIPT_FILENAME /filedata/bin/vod_fpm.php;
136 fastcgi_param QUERY_STRING $query_string;
137 fastcgi_param REQUEST_METHOD $request_method;
138 fastcgi_param CONTENT_TYPE $content_type;
139 fastcgi_param CONTENT_LENGTH $content_length;
140 fastcgi_param SCRIPT_NAME $fastcgi_script_name;
141 fastcgi_param REQUEST_URI $request_uri;
142 fastcgi_param DOCUMENT_URI $document_uri;
143 fastcgi_param DOCUMENT_ROOT /filedata;
144 fastcgi_param SERVER_PROTOCOL $server_protocol;
145 fastcgi_param HTTPS $https if_not_empty;
146 fastcgi_param GATEWAY_INTERFACE CGI/1.1;
147 fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
148 fastcgi_param REMOTE_ADDR $remote_addr;
149 fastcgi_param REMOTE_PORT $remote_port;
150 fastcgi_param SERVER_ADDR $server_addr;
151 fastcgi_param SERVER_PORT $server_port;
152 fastcgi_param SERVER_NAME $server_name;
153 fastcgi_param REDIRECT_STATUS 200;
154 gzip on;
155 gzip_types application/vnd.apple.mpegurl video/f4m application/dash+xml text/xml;
156 if ( $http_origin ~* (https?://(.+\.)?(foobar\.net)$) ) {
157 add_header Access-Control-Allow-Headers "origin,range,accept-encoding,referer" always;
158 add_header Access-Control-Expose-Headers "Server,range,Content-Length,Content-Range" always;
159 add_header Access-Control-Allow-Methods "GET, HEAD, OPTIONS" always;
160 add_header Access-Control-Allow-Origin "$http_origin" always;
161 }
162 }
163
164 location /hfi/ {
165 internal;
166 access_log /var/log/nginx/stats.log.norotate debugmasked;
167 alias /filedata/flv/;
168 vod hls;
169 vod_mode local;
170 #vod_manifest_segment_durations_mode accurate;
171 vod_align_segments_to_key_frames on;
172 vod_bootstrap_segment_durations 5000;
173 vod_segment_duration 10000;
174
175 vod_hls_mpegts_interleave_frames on;
176 vod_hls_mpegts_align_frames on;
177
178
179 add_header Cache-Control "max-age=0, no-cache, no-store";
180 if ( $http_origin ~* (https?://(.+\.)?(foobar\.net)$) ) {
181 add_header Access-Control-Allow-Headers "origin,range,accept-encoding,referer" always;
182 add_header Access-Control-Expose-Headers "Server,range,Content-Length,Content-Range" always;
183 add_header Access-Control-Allow-Methods "GET, HEAD, OPTIONS" always;
184 add_header Access-Control-Allow-Origin "$http_origin" always;
185 }
186 }
187
188
189
190 location /hf/ {
191 access_log /var/log/nginx/stats.log.norotate debugmasked;
192 alias /filedata/flv/;
193 vod hls;
194 vod_mode local;
195 #vod_manifest_segment_durations_mode accurate;
196 vod_align_segments_to_key_frames on;
197 vod_bootstrap_segment_durations 5000;
198 vod_segment_duration 10000;
199
200 vod_hls_mpegts_interleave_frames on;
201 vod_hls_mpegts_align_frames on;
202
203 allow 127.0.0.1;
204 deny all;
205
206 add_header Cache-Control "max-age=0, no-cache, no-store";
207
208 }
209
210 location /download/ {
211 fastcgi_pass main;
212 fastcgi_param SCRIPT_FILENAME /filedata/bin/download.php;
213 fastcgi_param QUERY_STRING $query_string;
214 fastcgi_param REQUEST_METHOD $request_method;
215 fastcgi_param CONTENT_TYPE $content_type;
216 fastcgi_param CONTENT_LENGTH $content_length;
217 fastcgi_param SCRIPT_NAME $fastcgi_script_name;
218 fastcgi_param REQUEST_URI $request_uri;
219 fastcgi_param DOCUMENT_URI $document_uri;
220 fastcgi_param DOCUMENT_ROOT /filedata;
221 fastcgi_param SERVER_PROTOCOL $server_protocol;
222 fastcgi_param HTTPS $https if_not_empty;
223 fastcgi_param GATEWAY_INTERFACE CGI/1.1;
224 fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
225 fastcgi_param REMOTE_ADDR $remote_addr;
226 fastcgi_param REMOTE_PORT $remote_port;
227 fastcgi_param SERVER_ADDR $server_addr;
228 fastcgi_param SERVER_PORT $server_port;
229 fastcgi_param SERVER_NAME $server_name;
230 fastcgi_param REDIRECT_STATUS 200;
231 access_log /var/log/nginx/stats.log.norotate debugmasked;
232 }
233
234 location /di/ {
235 alias /filedata/flv/;
236 internal;
237 access_log /var/log/nginx/stats.log.norotate debugmasked;
238 }
239
240
241
242 location /t/ {
243 root /filedata;
244 default_type image/jpeg;
245 try_files $uri @thumbnail;
246 expires 365d;
247 access_log off;
248 }
249
250 location @thumbnail {
251 fastcgi_pass main;
252 fastcgi_param SCRIPT_FILENAME /filedata/bin/thumbnail_fpm.php;
253 fastcgi_param QUERY_STRING $query_string;
254 fastcgi_param REQUEST_METHOD $request_method;
255 fastcgi_param CONTENT_TYPE $content_type;
256 fastcgi_param CONTENT_LENGTH $content_length;
257 fastcgi_param SCRIPT_NAME $fastcgi_script_name;
258 fastcgi_param REQUEST_URI $request_uri;
259 fastcgi_param DOCUMENT_URI $document_uri;
260 fastcgi_param DOCUMENT_ROOT /filedata;
261 fastcgi_param SERVER_PROTOCOL $server_protocol;
262 fastcgi_param HTTPS $https if_not_empty;
263 fastcgi_param GATEWAY_INTERFACE CGI/1.1;
264 fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
265 fastcgi_param REMOTE_ADDR $remote_addr;
266 fastcgi_param REMOTE_PORT $remote_port;
267 fastcgi_param SERVER_ADDR $server_addr;
268 fastcgi_param SERVER_PORT $server_port;
269 fastcgi_param SERVER_NAME $server_name;
270 fastcgi_param REDIRECT_STATUS 200;
271 access_log off;
272 }
273
274 location /thumbnail-internal {
275 alias /filedata/t;
276 internal;
277 expires 365d;
278 access_log off;
279 }
280
281 location = /test.jpg {
282 add_header Access-Control-Allow-Headers "origin,range,accept-encoding,referer";
283 add_header Access-Control-Expose-Headers "Server,range,Content-Length,Content-Range";
284 add_header Access-Control-Allow-Methods "GET, HEAD, OPTIONS";
285 add_header Access-Control-Allow-Origin "*";
286 add_header Cache-Control "max-age=0, no-cache, no-store";
287 access_log off;
288 }
289
290 location /server-status {
291 stub_status on;
292 access_log off;
293 allow 77.105.132.185;
294 allow 211.13.210.54;
295 allow 192.240.126.194;
296 deny all;
297 }
298
299 location /vod-status {
300 vod_status;
301 access_log off;
302 allow 77.105.132.185;
303 allow 211.13.210.54;
304 allow 192.240.126.194;
305 deny all;
306 }
307
308
309 }
310
311
312 server {
313 listen 222.111.80.7:80;
314 listen 222.111.80.7:443 http2 ssl;
315
316 ssl_certificate /etc/nginx/foobar.net.pem;
317 ssl_certificate_key /etc/nginx/foobar.net.key;
318 ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
319 ssl_ciphers HIGH:!aNULL:!MD5;
320
321
322 server_name isfile35.foobar.net;
323
324 #charset koi8-r;
325
326 #access_log logs/host.access.log main;
327
328 root /filedata/html;
329
330 location /t/ {
331 root /filedata;
332 default_type image/jpeg;
333 try_files $uri @thumbnail;
334 expires 365d;
335 access_log off;
336 }
337
338 location @thumbnail {
339 fastcgi_pass main;
340 fastcgi_param SCRIPT_FILENAME /filedata/bin/thumbnail_fpm.php;
341 fastcgi_param QUERY_STRING $query_string;
342 fastcgi_param REQUEST_METHOD $request_method;
343 fastcgi_param CONTENT_TYPE $content_type;
344 fastcgi_param CONTENT_LENGTH $content_length;
345 fastcgi_param SCRIPT_NAME $fastcgi_script_name;
346 fastcgi_param REQUEST_URI $request_uri;
347 fastcgi_param DOCUMENT_URI $document_uri;
348 fastcgi_param DOCUMENT_ROOT /filedata;
349 fastcgi_param SERVER_PROTOCOL $server_protocol;
350 fastcgi_param HTTPS $https if_not_empty;
351 fastcgi_param GATEWAY_INTERFACE CGI/1.1;
352 fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
353 fastcgi_param REMOTE_ADDR $remote_addr;
354 fastcgi_param REMOTE_PORT $remote_port;
355 fastcgi_param SERVER_ADDR $server_addr;
356 fastcgi_param SERVER_PORT $server_port;
357 fastcgi_param SERVER_NAME $server_name;
358 fastcgi_param REDIRECT_STATUS 200;
359 access_log off;
360 }
361
362 location /thumbnail-internal {
363 alias /filedata/t;
364 internal;
365 expires 365d;
366 access_log off;
367 }
368
369 }
370
371
372
373 server {
374 listen 85;
375 location / {
376 root /filedata/;
377 dav_methods PUT DELETE MKCOL COPY MOVE;
378 create_full_put_path on;
379 dav_access group:rw all:r;
380 access_log off;
381 }
382 location = /filelist.cache {
383 alias /tmp/filelist.cache;
384 access_log off;
385 }
386 }
387
388
389
390}
391
392
393# configuration file /etc/nginx/mime.types:
394types {
395 text/html html htm shtml;
396 text/css css;
397 text/xml xml;
398 image/gif gif;
399 image/jpeg jpeg jpg;
400 application/x-javascript js;
401 application/atom+xml atom;
402 application/rss+xml rss;
403
404 text/mathml mml;
405 text/plain txt;
406 text/vnd.sun.j2me.app-descriptor jad;
407 text/vnd.wap.wml wml;
408 text/x-component htc;
409
410 image/png png;
411 image/tiff tif tiff;
412 image/vnd.wap.wbmp wbmp;
413 image/x-icon ico;
414 image/x-jng jng;
415 image/x-ms-bmp bmp;
416 image/svg+xml svg;
417
418 application/java-archive jar war ear;
419 application/mac-binhex40 hqx;
420 application/msword doc;
421 application/pdf pdf;
422 application/postscript ps eps ai;
423 application/rtf rtf;
424 application/vnd.ms-excel xls;
425 application/vnd.ms-powerpoint ppt;
426 application/vnd.wap.wmlc wmlc;
427 application/vnd.google-earth.kml+xml kml;
428 application/vnd.google-earth.kmz kmz;
429 application/x-7z-compressed 7z;
430 application/x-cocoa cco;
431 application/x-java-archive-diff jardiff;
432 application/x-java-jnlp-file jnlp;
433 application/x-makeself run;
434 application/x-perl pl pm;
435 application/x-pilot prc pdb;
436 application/x-rar-compressed rar;
437 application/x-redhat-package-manager rpm;
438 application/x-sea sea;
439 application/x-shockwave-flash swf;
440 application/x-stuffit sit;
441 application/x-tcl tcl tk;
442 application/x-x509-ca-cert der pem crt;
443 application/x-xpinstall xpi;
444 application/xhtml+xml xhtml;
445 application/zip zip;
446
447 application/octet-stream bin exe dll;
448 application/octet-stream deb;
449 application/octet-stream dmg;
450 application/octet-stream eot;
451 application/octet-stream iso img;
452 application/octet-stream msi msp msm;
453
454 audio/midi mid midi kar;
455 audio/mpeg mp3;
456 audio/ogg ogg;
457 audio/x-realaudio ra;
458
459 video/3gpp 3gpp 3gp;
460 video/mpeg mpeg mpg;
461 video/mp4 mp4;
462 video/quicktime mov;
463 video/x-flv flv;
464 video/x-mng mng;
465 video/x-ms-asf asx asf;
466 video/x-ms-wmv wmv;
467 video/x-msvideo avi;
468}
469
470