doomtube/beeta
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fixes lol
Some checks failed
Build and Push / build-all (push) Has been cancelled
Details

Browse source
This commit is contained in:
doomtube 2026-01-11 20:08:40 -05:00
parent 58392b7d6a
commit 381e8b79b0
17 changed files with 282 additions and 82 deletions
Download patch file Download diff file Expand all files Collapse all files

50
openresty/nginx.conf
View file

@ -84,6 +84,10 @@ http {
server ovenmediaengine:8080;
}
upstream ome_api {
server ovenmediaengine:8081;
}
# Rate limiting zones
limit_req_zone $binary_remote_addr zone=api_limit:10m rate=10r/s;
limit_req_zone $binary_remote_addr zone=auth_limit:10m rate=3r/m;
@ -735,6 +739,34 @@ http {
return 403;
}
# OME Push API proxy (internal network only - fixes URL encoding of colon in path)
# Backend calls this instead of OME directly to avoid %3A encoding issue
location = /ome-internal/push/start {
# Only allow requests from Docker internal network
allow 172.16.0.0/12;
allow 10.0.0.0/8;
allow 192.168.0.0/16;
deny all;
proxy_pass http://ome_api/v1/vhosts/default/apps/app:startPush;
proxy_set_header Host ovenmediaengine:8081;
proxy_set_header Content-Type application/json;
proxy_pass_request_headers on;
}
location = /ome-internal/push/stop {
# Only allow requests from Docker internal network
allow 172.16.0.0/12;
allow 10.0.0.0/8;
allow 192.168.0.0/16;
deny all;
proxy_pass http://ome_api/v1/vhosts/default/apps/app:stopPush;
proxy_set_header Host ovenmediaengine:8081;
proxy_set_header Content-Type application/json;
proxy_pass_request_headers on;
}
# Public stickers endpoint - no authentication required (guests need stickers for chat)
location = /api/admin/stickers {
# CORS headers
@ -925,6 +957,23 @@ http {
# WebRTC Signaling proxy for OvenMediaEngine
# Handles wss:// ws:// translation so OME doesn't need TLS certificates
location /webrtc/ {
# CORS headers for WebSocket upgrade
add_header Access-Control-Allow-Origin $cors_origin always;
add_header Access-Control-Allow-Methods "GET, POST, OPTIONS" always;
add_header Access-Control-Allow-Headers "Content-Type, Upgrade, Connection" always;
add_header Access-Control-Allow-Credentials "true" always;
# Handle preflight OPTIONS requests
if ($request_method = 'OPTIONS') {
add_header Access-Control-Allow-Origin $cors_origin always;
add_header Access-Control-Allow-Methods "GET, POST, OPTIONS" always;
add_header Access-Control-Allow-Headers "Content-Type, Upgrade, Connection" always;
add_header Access-Control-Allow-Credentials "true" always;
add_header Content-Length 0;
add_header Content-Type text/plain;
return 204;
}
# Proxy to OvenMediaEngine WebRTC signaling port
proxy_pass http://ovenmediaengine:3333/;
proxy_http_version 1.1;
@ -937,6 +986,7 @@ http {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Origin $http_origin;
# WebRTC signaling needs long timeouts
proxy_read_timeout 3600s;