worker_processes auto; worker_rlimit_nofile 20480; error_log /usr/local/Somnode/log/nginx/error.log error; #pid logs/nginx.pid; events { worker_connections 10240; } http { include mime.types; default_type application/octet-stream; sendfile on; tcp_nopush on; tcp_nodelay on; keepalive_timeout 65; types_hash_max_size 2048; # SSL ssl_protocols TLSv1.2 TLSv1.3; ssl_prefer_server_ciphers on; gzip on; # Basic Rate limiting geo $whitelist { default 0; # CIDR in the list below are not limited 127.0.0.1/32 1; 127.0.1.1/32 1; } map $whitelist $limit { 0 $binary_remote_addr; 1 ""; } limit_req_zone $limit zone=global_req_limit_per_ip:10m rate=10r/s; limit_req_zone $limit zone=php_req_limit_per_ip:10m rate=3r/s; limit_req_zone $limit zone=api_rate_limit:10m rate=20r/m; limit_req_zone "$request_uri" zone=limit_per_uri:10m rate=2r/s; limit_conn_zone $limit zone=conn_limit_per_ip:10m; # Caching proxy_cache_path /usr/local/Somnode/nginx/cache levels=1:2 keys_zone=my_cache:10m max_size=10g inactive=60m use_temp_path=off; fastcgi_cache_path /usr/local/Somnode/nginx/cache_fgi levels=1:2 keys_zone=fastcgi_cache:256m inactive=10m; fastcgi_cache_key "$scheme$request_method$host$request_uri"; # Increase timeouts for ondemand report generation fastcgi_read_timeout 600; #─── GeoIP2 setup ─────────────────────────────────────────────────────────── # requires ngx_http_geoip2_module and a GeoLite2-Country.mmdb geoip2 /usr/local/Somnode/software/geoip/GeoLite2-Country.mmdb { $geoip_country_code country iso_code; auto_reload 60m; } #─── Lua shared dict for caching geolock results ──────────────────────────── lua_shared_dict geolock_cache 10m; lua_shared_dict server_settings_cache 10m; lua_package_path "/usr/local/Somnode/nginx/lib/lua/?.lua;;"; vod_metadata_cache metadata_cache 2048m; vod_response_cache response_cache 128m; server { listen 2000; listen 2020; listen 127.0.0.1:2021; # Internal cache proxy server_name localhost; root /usr/local/Somnode/htdocs; access_log /usr/local/Somnode/log/nginx/access.log; client_max_body_size 250M; # Basic Rate limiting limit_req zone=global_req_limit_per_ip burst=100; limit_conn conn_limit_per_ip 20; client_body_timeout 30s; client_header_timeout 30s; # Include standard security locations include security.conf; include locations.conf; include mcp_video_*.conf; # Dynamic as only deployed for mcp-video services # # SSL # include /usr/local/Somnode/nginx/conf.d/*.conf; # redirect server error pages to the static page /50x.html # error_page 500 502 503 504 /50x.html; location = /50x.html { root html; } index index.php index.html; # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 location ~ \.php$ { fastcgi_pass unix:/usr/local/Somnode/php/php-fpm.sock; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; include fastcgi_params; } # SSL Proxy for Shoutcast & Icecast resolver 8.8.8.8; location ~ ^/sslstream//?([^/]+)/?([^/]+)? { set $stream_url https://127.0.0.1:2000/system/proxy.php?slug=$1&unique_id=$1&mounturl=$2; proxy_buffering off; proxy_ignore_client_abort off; proxy_intercept_errors off; proxy_redirect off; proxy_next_upstream error timeout invalid_header; proxy_pass_request_headers on; proxy_set_header Cache-Control no-cache; proxy_set_header User-Agent "$http_user_agent [ip:$remote_addr]"; proxy_set_header X-Forwarded-For $remote_addr; proxy_connect_timeout 5; proxy_send_timeout 15; proxy_read_timeout 15; proxy_max_temp_file_size 0; proxy_pass $stream_url; expires off; client_max_body_size 1M; tcp_nodelay on; } location ~ ^/stream//?([^/]+)/?([^/]+)? { set $stream_url https://127.0.0.1:2000/system/proxy.php?slug=$1&unique_id=$1&mounturl=$2; proxy_buffering off; proxy_ignore_client_abort off; proxy_intercept_errors off; proxy_redirect off; proxy_next_upstream error timeout invalid_header; proxy_pass_request_headers on; proxy_set_header Cache-Control no-cache; proxy_set_header User-Agent "$http_user_agent [ip:$remote_addr]"; proxy_set_header X-Forwarded-For $remote_addr; proxy_connect_timeout 5; proxy_send_timeout 15; proxy_read_timeout 15; proxy_max_temp_file_size 0; proxy_pass $stream_url; expires off; client_max_body_size 1M; tcp_nodelay on; } location ~ ^/internalstreamproxy/([^/]+)/([0-9]+)/?([^/]+)? { internal; gzip off; set $stream_url http://$1:$2/$3; proxy_buffering off; proxy_ignore_client_abort off; proxy_intercept_errors off; proxy_redirect off; proxy_next_upstream error timeout invalid_header; proxy_pass_request_headers on; proxy_set_header Cache-Control no-cache; proxy_set_header User-Agent "$http_user_agent"; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_connect_timeout 5; proxy_send_timeout 60; proxy_read_timeout 60; proxy_max_temp_file_size 0; proxy_pass $stream_url; expires off; #access_log off; client_max_body_size 1M; tcp_nodelay on; } # Following is support for Somnode 2.10.x format location ~ ^/internalstreamproxy/([0-9]+)/?([^/]+)? { internal; gzip off; set $stream_url http://127.0.0.1:$1/$2; proxy_buffering off; proxy_ignore_client_abort off; proxy_intercept_errors off; proxy_redirect off; proxy_next_upstream error timeout invalid_header; proxy_pass_request_headers on; proxy_set_header Cache-Control no-cache; proxy_set_header User-Agent "$http_user_agent"; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_connect_timeout 5; proxy_send_timeout 60; proxy_read_timeout 60; proxy_max_temp_file_size 0; proxy_pass $stream_url; expires off; #access_log off; client_max_body_size 1M; tcp_nodelay on; } } # # Native HTTP/HTTPS Proxy # include /usr/local/Somnode/nginx/conf.d/*.http; # # Flussonic scripts # server { server_name localhost; access_log /usr/local/Somnode/log/nginx/flussonic.log; listen 127.0.0.1:2022; location ~ /getNextVideo\.php$ { limit_req zone=limit_per_uri burst=5; root /usr/local/Somnode/htdocs/system/plugins/server/Flussonic/scripts; fastcgi_pass unix:/usr/local/Somnode/php/php-fpm.sock; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; include fastcgi_params; } location ~ \.php$ { root /usr/local/Somnode/htdocs/system/plugins/server/Flussonic/scripts; fastcgi_pass unix:/usr/local/Somnode/php/php-fpm.sock; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; include fastcgi_params; } } # # Internal Proxy # server { server_name localhost; access_log /usr/local/Somnode/log/nginx/internal.log; root /usr/local/Somnode/htdocs; listen 127.0.0.1:2023; # Include standard security locations include security.conf; include locations.conf; include mcp_video_*.conf; # redirect server error pages to the static page /50x.html # error_page 500 502 503 504 /50x.html; location = /50x.html { root html; } index index.php index.html; location ~ \.php$ { fastcgi_pass unix:/usr/local/Somnode/php/php-fpm.sock; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; include fastcgi_params; } } } stream { lua_package_path "/usr/local/Somnode/nginx/lib/lua/?.lua;;"; include /usr/local/Somnode/nginx/conf.d/*.stream; }