add CORS settings and API Key
This commit is contained in:
@@ -7,7 +7,8 @@ services:
|
|||||||
volumes:
|
volumes:
|
||||||
- ./nginx/html:/usr/share/nginx/html:ro
|
- ./nginx/html:/usr/share/nginx/html:ro
|
||||||
- ./nginx/conf.d:/etc/nginx/conf.d:ro
|
- ./nginx/conf.d:/etc/nginx/conf.d:ro
|
||||||
|
environment:
|
||||||
|
- MEDIA_API_KEY=key-mindboost-media-server # ⇦ beliebig ändern
|
||||||
labels:
|
labels:
|
||||||
- "traefik.enable=true"
|
- "traefik.enable=true"
|
||||||
|
|
||||||
|
|||||||
@@ -1,31 +0,0 @@
|
|||||||
server {
|
|
||||||
listen 80;
|
|
||||||
server_name localhost;
|
|
||||||
|
|
||||||
# Where your assets live
|
|
||||||
root /usr/share/nginx/html;
|
|
||||||
index index.html;
|
|
||||||
|
|
||||||
# ---------- Default site (HTML/CSS/JS) ----------
|
|
||||||
location / {
|
|
||||||
try_files $uri $uri/ =404;
|
|
||||||
}
|
|
||||||
|
|
||||||
# ---------- Audio (and optional video) ----------
|
|
||||||
# 30-day cache; adjust max-age as needed.
|
|
||||||
location ~* \.(opus|flac|ogg|mp3|wav|m4a|aac)$ {
|
|
||||||
add_header Cache-Control "public, max-age=2592000" always;
|
|
||||||
|
|
||||||
# Teach Nginx any MIME types it doesn’t already know:
|
|
||||||
types {
|
|
||||||
audio/opus opus;
|
|
||||||
audio/mpeg mp3;
|
|
||||||
audio/mp4 m4a;
|
|
||||||
audio/aac aac;
|
|
||||||
video/mp4 mp4;
|
|
||||||
video/webm webm;
|
|
||||||
}
|
|
||||||
|
|
||||||
try_files $uri =404;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
50
nginx/conf.d/default.conf.template
Normal file
50
nginx/conf.d/default.conf.template
Normal file
@@ -0,0 +1,50 @@
|
|||||||
|
# --------------------------- ENV-Key übernehmen ---------------------------
|
||||||
|
# envsubst ersetzt ${MEDIA_API_KEY} durch den Wert aus docker-compose.yml
|
||||||
|
set $secret_key "${MEDIA_API_KEY}";
|
||||||
|
|
||||||
|
map $request_method $cors_preflight {
|
||||||
|
"OPTIONS" 1;
|
||||||
|
default 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
server {
|
||||||
|
listen 80;
|
||||||
|
server_name localhost;
|
||||||
|
|
||||||
|
root /usr/share/nginx/html;
|
||||||
|
index index.html;
|
||||||
|
|
||||||
|
# ---------- Preflight (OPTIONS) ----------
|
||||||
|
if ($cors_preflight = 1) {
|
||||||
|
add_header Access-Control-Allow-Origin "*";
|
||||||
|
add_header Access-Control-Allow-Methods "GET, HEAD, OPTIONS";
|
||||||
|
add_header Access-Control-Allow-Headers "Content-Type, X-API-Key";
|
||||||
|
add_header Content-Length 0;
|
||||||
|
return 204;
|
||||||
|
}
|
||||||
|
|
||||||
|
# ---------- Geschützte Audio-Ressourcen ----------
|
||||||
|
location ~* \.(opus|flac|ogg|mp3|wav|m4a|aac)$ {
|
||||||
|
|
||||||
|
# --- Key-Check (nur GET/HEAD) ---
|
||||||
|
if ($request_method != "OPTIONS") {
|
||||||
|
if ($http_x_api_key != $secret_key) { return 401; }
|
||||||
|
}
|
||||||
|
|
||||||
|
# --- CORS & Cache ---
|
||||||
|
add_header Access-Control-Allow-Origin "*";
|
||||||
|
add_header Access-Control-Allow-Methods "GET, HEAD, OPTIONS";
|
||||||
|
add_header Access-Control-Allow-Headers "Content-Type, X-API-Key";
|
||||||
|
add_header Cache-Control "public, max-age=2592000" always;
|
||||||
|
|
||||||
|
# fehlende MIME-Types
|
||||||
|
types { audio/opus opus; audio/flac flac; }
|
||||||
|
|
||||||
|
try_files $uri =404;
|
||||||
|
}
|
||||||
|
|
||||||
|
# ---------- Website / Index ----------
|
||||||
|
location / {
|
||||||
|
try_files $uri $uri/ =404;
|
||||||
|
}
|
||||||
|
}
|
||||||
Reference in New Issue
Block a user