conf.dev

user  nginx;
worker_processes  1;

error_log  /var/log/nginx/error.log warn;
pid        /var/run/nginx.pid;


events {
    worker_connections  1024;
}


http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    keepalive_timeout  65;

    #gzip  on;
    proxy_cache_path /tmp/funkwhale-transcode levels=1:2 keys_zone=transcode:10m max_size=1g inactive=24h use_temp_path=off;

    map $http_upgrade $connection_upgrade {
        default upgrade;
        ''      close;
    }

    server {
        listen 6001;
        charset     utf-8;
        client_max_body_size 20M;

        # global proxy pass config
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Forwarded-Host   localhost:8080;
        proxy_set_header X-Forwarded-Port   8080;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $connection_upgrade;
        proxy_redirect off;

        location /_protected/media {
            internal;
            alias   /protected/media;
        }
        location = /transcode-auth {
            # needed so we can authenticate transcode requests, but still
            # cache the result
            internal;
            set $query '';
            # ensure we actually pass the jwt to the underlytin auth url
            if ($request_uri ~* "[^\?]+\?(.*)$") {
                set $query $1;
            }
            proxy_set_header X-Forwarded-Host   localhost:8080;
            proxy_set_header X-Forwarded-Port   8080;
            proxy_pass http://api:12081/api/v1/trackfiles/viewable/?$query;
            proxy_pass_request_body off;
            proxy_set_header        Content-Length "";
        }

        location /api/v1/trackfiles/transcode/ {
            # this block deals with authenticating and caching transcoding
            # requests. Caching is heavily recommended as transcoding
            # is a CPU intensive process.
            auth_request /transcode-auth;
            if ($args ~ (.*)jwt=[^&]*(.*)) {
                set $cleaned_args $1$2;
            }
            proxy_cache_key "$scheme$request_method$host$uri$is_args$cleaned_args";
            proxy_cache transcode;
            proxy_cache_valid 200 7d;
            proxy_ignore_headers "Set-Cookie";
            proxy_hide_header "Set-Cookie";
            add_header X-Cache-Status $upstream_cache_status;
            proxy_pass http://api:12081;
        }
        location / {
            proxy_pass   http://api:12081/;
        }
    }
}