upstream redis_server { nchan_redis_server "redis://redis:6379"; } resolver 127.0.0.11; map $http_x_forwarded_for $proxy_x_forwarded_for { default $http_x_forwarded_for; '' $remote_addr; } map $http_x_forwarded_proto $proxy_x_forwarded_proto { default $http_x_forwarded_proto; '' $scheme; } map $http_x_forwarded_port $proxy_x_forwarded_port { default $http_x_forwarded_port; '' $server_port; } map $http_upgrade $proxy_connection { default upgrade; '' close; } map $scheme $proxy_x_forwarded_ssl { default off; https on; } # HTTP 1.1 support proxy_http_version 1.1; proxy_buffering off; proxy_set_header Origin $http_origin; proxy_set_header Host $http_host; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $proxy_connection; proxy_set_header X-Real-IP $proxy_x_forwarded_for; proxy_set_header X-Forwarded-For $proxy_x_forwarded_for; proxy_set_header X-Forwarded-Proto $proxy_x_forwarded_proto; proxy_set_header X-Forwarded-Ssl $proxy_x_forwarded_ssl; proxy_set_header X-Forwarded-Port $proxy_x_forwarded_port; # Mitigate httpoxy attack (see README for details) proxy_set_header Proxy ""; server { listen 9010; location ~ /pub/(\w+)$ { nchan_publisher; nchan_redis_pass redis_server; nchan_channel_group "azuracast_nowplaying"; nchan_channel_id $1; nchan_message_buffer_length 1; nchan_message_timeout 16s; } } server { listen 80; root /var/azuracast/www/web; index index.php; server_name localhost; add_header X-XSS-Protection 1; add_header X-Content-Type-Options nosniff; add_header Referrer-Policy no-referrer-when-downgrade; # Serve a static version of the nowplaying data for non-PHP-blocking delivery. location /api/nowplaying_static { expires 10s; add_header Access-Control-Allow-Origin *; alias /var/azuracast/www_tmp/nowplaying; try_files $uri =404; } # Default clean URL routing location / { try_files $uri @clean_url; } location @clean_url { rewrite ^(.*)$ /index.php last; } # Set up caching for static assets. location /static { add_header Access-Control-Allow-Origin *; } location /static/dist { expires 365d; } location ~ ^/index\.php(/|$) { fastcgi_split_path_info ^(.+\.php)(/.+)$; # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini fastcgi_pass localhost:9000; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name; fastcgi_param DOCUMENT_ROOT $realpath_root; include fastcgi_params; fastcgi_read_timeout {{ default .Env.NGINX_TIMEOUT "1800" }}; fastcgi_buffering off; internal; } # Return 404 for all other php files not matching the front controller location ~ \.php$ { return 404; } # Reverse proxy all possible radio listening ports (8000, 8010...8480, 8490) location ~ ^/radio/(8[0-9][0-9]0)(/?)(.*)$ { proxy_buffering off; proxy_ignore_client_abort off; proxy_intercept_errors on; proxy_next_upstream error timeout invalid_header; proxy_redirect off; proxy_connect_timeout 60; proxy_send_timeout 21600; proxy_read_timeout 21600; proxy_set_header Host localhost:$1; proxy_pass http://stations:$1/$3?$args; } # Reverse proxy the Liquidsoap harbor inputs to allow for streaming. location ~ ^/radio/(8[0-9][0-9]5)(/?)(.*)$ { resolver 127.0.0.11; proxy_buffering off; proxy_ignore_client_abort off; proxy_send_timeout 21600; proxy_read_timeout 21600; proxy_pass http://stations:$1/$3; } # pub/sub endpoints location ~ /api/live/nowplaying/(\w+)$ { nchan_access_control_allow_origin "*"; nchan_subscriber; nchan_redis_pass redis_server; nchan_channel_group "azuracast_nowplaying"; nchan_channel_id "$1"; nchan_channel_id_split_delimiter ","; nchan_subscriber_first_message -1; } # deny access to .htaccess files, if Apache's document root # concurs with nginx's one location ~ /\.ht { deny all; } # Internal handlers used by the application to perform X-Accel-Redirect's for higher performance. location /internal/backups/ { internal; alias /var/azuracast/backups/; } location /internal/stations/ { internal; alias /var/azuracast/stations/; } include /etc/nginx/azuracast.conf.d/*.conf; }