Add streaming playlists endpoint in nginx

[oweals/peertube.git] / support / nginx / peertube

diff --git a/support/nginx/peertube b/support/nginx/peertube
index 54ffdcc3298af304dffe6c1f4b9d37665759382f..a1cdc22217069e6ea35efd922f2c11d406bbd7fa 100644 (file)
--- a/support/nginx/peertube
+++ b/support/nginx/peertube
@@ -41,9 +41,13 @@ server {
   # It might be nice to compress JSON, but leaving that out to protect against potential
   # compression+encryption information leak attacks like BREACH.
   gzip on;
-  gzip_types text/css text/html application/javascript;
+  gzip_types text/css application/javascript;
   gzip_vary on;
 
+  # If you have a small /var/lib partition, it could be interesting to store temp nginx uploads in a different place
+  # See https://nginx.org/en/docs/http/ngx_http_core_module.html#client_body_temp_path
+  # client_body_temp_path /var/www/peertube/storage/nginx/;
+
   # Enable HSTS
   # Tells browsers to stick with HTTPS and never visit the insecure HTTP
   # version. Once a browser sees this header, it will only visit the site over
@@ -59,7 +63,7 @@ server {
   }
 
   # Bypass PeerTube for performance reasons. Could be removed
-  location ~ ^/client/(.*\.(js|css|woff2|otf|ttf|woff|eot))$ {
+  location ~ ^/client/(.*\.(js|css|png|svg|woff2|otf|ttf|woff|eot))$ {
     add_header Cache-Control "public, max-age=31536000, immutable";
 
     alias /var/www/peertube/peertube-latest/client/dist/$1;
@@ -91,7 +95,7 @@ server {
   }
 
   location / {
-    proxy_pass http://localhost:9000;
+    proxy_pass http://127.0.0.1:9000;
     proxy_set_header X-Real-IP $remote_addr;
     proxy_set_header Host $host;
     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
@@ -115,9 +119,7 @@ server {
   }
 
   # Bypass PeerTube for performance reasons. Could be removed
-  location ~ ^/static/(webseed|redundancy)/ {
-    # Clients usually have 4 simultaneous webseed connections, so the real limit is 3MB/s per client
-    limit_rate 800k;
+  location ~ ^/static/(webseed|redundancy|streaming-playlists)/ {
 
     if ($request_method = 'OPTIONS') {
       add_header 'Access-Control-Allow-Origin' '*';
@@ -138,10 +140,25 @@ server {
       access_log off;
     }
 
+    # Clients usually have 4 simultaneous webseed connections, so the real limit is 3MB/s per client
+    set $peertube_limit_rate 800k;
+
+    # Increase rate limit in HLS mode, because we don't have multiple simultaneous connections
+    if ($request_uri ~ -fragmented.mp4$) {
+      set $peertube_limit_rate 5000k;
+    }
+
+    # Use this with nginx >= 1.17.0
+    # limit_rate $peertube_limit_rate;
+    # Or this if your nginx < 1.17.0
+    set $limit_rate $peertube_limit_rate;
+    limit_rate_after 5000k;
+
     root /var/www/peertube/storage;
 
     rewrite ^/static/webseed/(.*)$ /videos/$1 break;
     rewrite ^/static/redundancy/(.*)$ /redundancy/$1 break;
+    rewrite ^/static/streaming-playlists/(.*)$ /streaming-playlists/$1 break;
 
     try_files $uri /;
   }
@@ -156,14 +173,14 @@ server {
     proxy_http_version 1.1;
     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
     proxy_set_header Host $host;
-    proxy_pass http://localhost:9000;
+    proxy_pass http://127.0.0.1:9000;
   }
 
   location /socket.io {
     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
     proxy_set_header Host $host;
 
-    proxy_pass http://localhost:9000;
+    proxy_pass http://127.0.0.1:9000;
 
     # enable WebSockets
     proxy_http_version 1.1;