worker_processes auto;

error_log /dev/stdout info;

events {
    worker_connections 1024;
}

# RTMPS configuration
stream {
    upstream backend {
        server 127.0.0.1:1935;
    }

    server {
        listen 1936 ssl;
        proxy_pass backend;
        ssl_certificate /ssl/self_signed/rtmp.crt;
        ssl_certificate_key /ssl/self_signed/rtmp.key;
    }
}

# RTMP configuration
rtmp {
    server {
        listen 1935;
        chunk_size 4000;

        # This application is to accept incoming stream
        application live {
            # Allows live input
            live on;
            # Drop Publishing connections that havnt sent any stream data for over 10 seconds
            drop_idle_publisher 10s;
            # Local push for built in players
            push rtmp://localhost:1935/show;
        }

        # This is the HLS application
        application show {
            # Allows live input from above application
            live on;
            # Disable consuming the stream from nginx as rtmp
            deny play all;

            # Enable HTTP Live Streaming
            hls on;
            hls_fragment 3;
            hls_playlist_length 20;
            hls_path /mnt/hls/; # hls fragments path
        }
    }
}

# HTTP configuration
http {
    sendfile off;
    tcp_nopush on;
    access_log /dev/stdout combined;
    directio 512;

    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
    ssl_prefer_server_ciphers off;
    ssl_session_cache shared:SSL:10m;
    ssl_session_timeout 1d;

    # HTTP server required to serve the player and HLS fragments
    server {
        listen 8080;

        listen 8443 ssl;
        ssl_certificate /ssl/self_signed/rtmp.crt;
        ssl_certificate_key /ssl/self_signed/rtmp.key;

        # Redirect requests for http://<server_ip>:8080/ to http://<server_ip>:8080/player
        location = / {
            # This is required to handle reverse proxy's like NginxProxyManager, otherwise the redirect will
            # include this servers port in the redirect.
            absolute_redirect off;
            return 302 /player.html;
        }

        # Serve HLS fragments
        location /hls {
            types {
                application/vnd.apple.mpegurl m3u8;
                video/mp2t ts;
            }

            root /mnt;

            # Disable cache
            add_header Cache-Control no-cache;

            # CORS setup
            add_header 'Access-Control-Allow-Origin' '*' always;
            add_header 'Access-Control-Expose-Headers' 'Content-Length';

            # allow CORS preflight requests
            if ($request_method = 'OPTIONS') {
                add_header 'Access-Control-Allow-Origin' '*';
                add_header 'Access-Control-Max-Age' 1728000;
                add_header 'Content-Type' 'text/plain charset=UTF-8';
                add_header 'Content-Length' 0;
                return 204;
            }
        }

        # This URL provides RTMP statistics in XML
        location /stat {
            rtmp_stat all;
            # Use stat.xsl stylesheet
            rtmp_stat_stylesheet stat.xsl;
        }

        location /stat.xsl {
            # XML stylesheet to view RTMP stats.
            root /usr/local/nginx/html;
        }
    }
}