user www-data;
worker_processes  4;

#error_log  logs/error.log;
#error_log  logs/error.log  notice;
#error_log  logs/error.log  info;

#pid        logs/nginx.pid;


events {
    worker_connections  8192;
}


http {
  include    mime.types;
  types {
	application/wasm wasm;
	}
  include    /etc/nginx/fastcgi.conf;
  client_max_body_size 310m;
  client_header_timeout 15s;
  client_body_timeout 15s;
  keepalive_timeout 60s;
  index    index.html index.htm index.php;

  #default_type application/octet-stream;
  #log_format   main '$remote_addr - $remote_user [$time_local]  $status '
  #  '"$request" $body_bytes_sent "$http_referer" '
  #  '"$http_user_agent" "$http_x_forwarded_for"';
  #access_log   logs/access.log  main;
  sendfile     on;
  tcp_nopush   on;
  tcp_nodelay  on;
  #server_names_hash_bucket_size 128; # this seems to be required for some vhosts

server {
        listen 80;
        server_name hoffmeister.li benmanshafen.de;
	return 301 https://hoffmeister.li$request_uri;
        root /var/www;
        index index.html index.htm index.php;
	location ~* \.php$ {
		try_files $uri =404;
		include fastcgi.conf;
		fastcgi_pass 127.0.0.1:9000;
		fastcgi_index index.php;
		#fastcgi_pass unix:/run/php/php8.4-fpm.sock;
		}
#        location ~* \.mpq$ {
#                add_header Cache-Control "public, no-transform, max-age=15811200";
#                }
	location /live {
		flv_live on;
		chunked_transfer_encoding  off;
		add_header 'Access-Control-Allow-Origin' '*' ;
		add_header 'Access-Control-Allow-Credentials' 'true';
		}
	location ~* /{
		fancyindex on;
		fancyindex_default_sort name; # name, size, date, name_desc, size_desc, date_desc
		fancyindex_directories_first on;
		fancyindex_exact_size off;
		fancyindex_name_length 80;
		fancyindex_localtime on;
                fancyindex_time_format "%d-%m-%Y %H:%M";

		add_header 'Access-Control-Allow-Origin' '*';
		add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
		add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';
		add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range';
                # redirect all HTTP traffic to localhost:8080
                # proxy_pass http://localhost:8080;
                # proxy_set_header X-Real-IP $remote_addr;
                # proxy_set_header Host $host;
                # proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                # WebSocket support
                # proxy_http_version 1.1;
                # proxy_set_header Upgrade $http_upgrade;
                # proxy_set_header Connection $http_connection;
		}
	location = /VirBox/ {
		auth_basic "Restricted"; # Ausgabemeldung bei Zugriff
		auth_basic_user_file /etc/nginx/.htpasswd; # Pfad zur PW Datei
		}
	#location ^~ /nova-config/ { deny all; }
	#location ^~ /nova-base/ { deny all; }
	#location ^~ /nova-languages/ { deny all; }
	#include /etc/nginx/global/redirect.conf;
	}
	autoindex_localtime on;
   include /etc/nginx/sites-available/*.conf;
}

stream {
	map $ssl_preread_server_name $backend {
        default         openvpn_backend;
        hoffmeister.li  https_backend;
	webmail.hoffmeister.li https_backend;
	pics.hoffmeister.li https_backend;
	scribble.hoffmeister.li https_backend;
	pfa.hoffmeister.li https_backend;
	porn.hoffmeister.li https_backend;
	virbox.hoffmeister.li https_backend;
	}

	upstream openvpn_backend {
	server 127.0.0.1:1194;  # OpenVPN läuft auf localhost:1194 (TCP)
	}

	upstream https_backend {
        server 127.0.0.1:8443;  # Nginx HTTPS auf 8443 verschoben
	}

	server {
        listen 443 so_keepalive=on;

        # ssl_preread ist nötig, damit Nginx TLS SNI lesen kann
        ssl_preread on;

	proxy_pass $backend;
	}
    }

rtmp_auto_push on;
rtmp_auto_push_reconnect 1s;
rtmp_socket_dir /tmp;

rtmp {
        server {
                listen 1935 reuseport;
		chunk_size 8192;

                application live {
                        live on;
			hls on;
			hls_path /var/www/streamdl/hls;
			hls_fragment 2s;
			hls_playlist_length 4s;
			hls_cleanup on;
			gop_cache on;
                        record all;
			record_max_size 4095M;
			record_path /var/www/streamdl;
			record_unique on;
                }
		application push {
			live on;
			gop_cache on;
			record all;
			record_max_size 4095M;
			record_path /var/www/streamdl;
			record_unique on;
                        push rtmp://ber.contribute.live-video.net/app/live_50159671_KCgos9WibJUTQZY5q2e74pIFXVtIx8;
			push rtmp://a.rtmp.youtube.com/live2/0qhd-spr6-yj7g-ycwg-1hm6;
		}
                application yt {
                        live on;
			gop_cache on;
                        record all;
                        record_max_size 4095M;
                        record_path /var/www/streamdl;
                        record_unique on;
                        push rtmp://a.rtmp.youtube.com/live2/0qhd-spr6-yj7g-ycwg-1hm6;
                }
                application twitch {
                        live on;
			gop_cache on;
                        record all;
                        record_max_size 4095M;
                        record_path /var/www/streamdl;
                        record_unique on;
                        push rtmp://ber.contribute.live-video.net/app/live_50159671_BDckMTaoT8VKxB0Dgm8lNRRXylmCSC;
                }
	}
}