freenginx with owncast?

Maxim Dounin mdounin at mdounin.ru
Wed Mar 13 00:03:44 UTC 2024 

Hello!

On Tue, Mar 12, 2024 at 09:25:41PM +0300, Mark wrote:

> Hello there.
> 
> I'm using freenginx under FreeBSD, as a reverse proxy with SSL/TLS
> termination,
> for my owncast streaming (HLS / m3u8) server (also on the same server
> running on 127.0.0.1:8080).
> 
> The stream will be 7/24 live, and there will (might?) be thousands of
> different TV models watching it.
> 
> So my SSL/443 configuration is like;
> 
> server {
> server_name mystream.mysite.com;
> ....
>     location / {
>         proxy_set_header Host $host;
>         proxy_set_header X-Forwarded-Host $host;
>         proxy_set_header X-Forwarded-Server $host;
>         proxy_set_header X-Forwarded-Proto $scheme;
>         proxy_set_header X-Real-IP $remote_addr;
>         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
>         proxy_http_version 1.1;
>         proxy_set_header Upgrade $http_upgrade;
>         proxy_set_header Connection $connection_upgrade;
>         proxy_pass http://127.0.0.1:8080;
>     }
> }
> 
> I'd like to ask;

I'm not familiar with Owncast, but here are some basic hints from 
freenginx point of view:

> 1- As "proxy_buffering" is on by default in freenginx, should I turn it off?

In general, there is no need to turn of proxy_buffering unless you 
are using streaming within individual HTTP responses.  This is not 
the case for HLS-based streaming, which instead uses m3u8 playlist 
and individual files for each video segment.

Further, switching off proxy_buffering means you won't be able to 
use cache, which is sometimes a good idea.

If disk-based buffering is a concern, using 
"proxy_max_temp_file_size 0;" might be a better approach to 
consider, see http://freenginx.org/r/proxy_max_temp_file_size for 
details.

> 2- Does "proxy_ignore_client_abort" matter in my case? If so, should it be
> on or off?

This depends on the Owncast behaviour.  In most cases the default 
(off) is fine.  However, you may want to turn it on if your backend server 
does not recognize connections being closed, so various limits in 
freenginx, such as limit_conn, will better match resources used by 
the upstream server.

> 3- How about "tcp_nopush", "tcp_nodelay" and "sendfile" directives?

The "tcp_nodelay" directive is on by default, and it is a good 
idea to keep it enabled as long as you are using SSL.

The "tcp_nopush" directive makes sense if you are using sendfile 
on FreeBSD (or Linux).

The "sendfile" directive enables using sendfile, which is one of 
the most effective ways to serve files on FreeBSD.  In your 
setup sendfile is not likely to be used, except may be for 
disk-buffered upstream server responses.  OTOH, keeping it enabled 
won't hurt, and will be beneficial if sendfile will be actually 
used.

> 4- I see some sample configurations having; add_header Cache-Control
> no-cache; AND add_header Access-Control-Allow-Origin *;
> Do I really need both?

Adding Cache-Control shouldn't be needed unless Owncast does 
something wrong with cache control.  Unless there are reasons, I 
would rather avoid it.

Adding Access-Control-Allow-Origin might be needed if you are 
using Owncast from other domains.  Whether you need it depends on 
the intended usage.

Hope this helps.

-- 
Maxim Dounin
http://mdounin.ru/

More information about the nginx mailing list