Merge pull request #2824 from holta/nginx_byte-range_fix

Force NGINX to allow HTTP/1.1 byte-range, so proxied Kolibri videos play on Apple devices
2025-03-09 15:40:17 +00:00 · 2021-06-22 12:42:44 -04:00 · 2021-06-22 12:42:44 -04:00 · f078b2738d
commit f078b2738d
parent f6c3ec322b 39a3d67256
2 changed files with 40 additions and 33 deletions
--- a/roles/nginx/templates/nginx.conf.j2
+++ b/roles/nginx/templates/nginx.conf.j2
@ -1,6 +1,6 @@
 # IIAB notes:
-# /etc/nginx/sites-enabled is for server declarations
-# /etc/nginx/conf.d is for location declarations within the main server block
+# /etc/nginx/conf.d/* are included by /etc/nginx/server.conf
+# /etc/nginx/sites-enabled/*.conf includes other sites

 user www-data;
 worker_processes auto;
@ -79,6 +79,13 @@ http {
        ''      close;
    }

+    # 2021-06-22: Enables HTTP/1.1 byte-range, so Kolibri videos play on Apple
+    # and LG devices: https://github.com/learningequality/kolibri/issues/8164
+    # http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_force_ranges
+    # This should help all roles!  RECAP: when unproxied, Kolibri videos worked
+    # (http://box:8009/kolibri/) but not when proxied (http://box/kolibri/).
+    proxy_force_ranges on;
+
    ##
    # Virtual Host Configs
    ##
--- a/roles/nginx/templates/server.conf.j2
+++ b/roles/nginx/templates/server.conf.j2
@ -1,35 +1,35 @@
 server {
-      root {{ doc_root }};
-      server_name {{ iiab_hostname }};
-      listen 80;
- 
-      index  index.php index.html index.htm;
+    root {{ doc_root }};
+    server_name {{ iiab_hostname }};
+    listen 80;

-      # let individual services drop location blocks in conf.d
-      include {{ nginx_conf_dir }}/*;
- 
-      location ~ .*\.php$ {
-          proxy_set_header X-Real-IP  $remote_addr;
-          proxy_set_header X-Forwarded-For $remote_addr;
-          proxy_set_header Host $host;
-          fastcgi_pass php;
-          fastcgi_index index.php;
-          fastcgi_split_path_info ^(.+\.php)(/.+)$;
-          fastcgi_param   SCRIPT_FILENAME    $document_root$fastcgi_script_name;
-          fastcgi_param   SCRIPT_NAME        $fastcgi_script_name;
-          include fastcgi_params;
-       }
- 
-      location /cgi-bin {
-         root /usr/lib;
-      }
+    index index.php index.html index.htm;

-       # if you don't like seeing all the errors for missing favicon.ico in root
-       location = /favicon.ico { access_log off; log_not_found off; }
- 
-       # if you don't like seeing errors for a missing robots.txt in root
-       location = /robots.txt { access_log off; log_not_found off; }
- 
-       # this will prevent files like .htaccess .htpassword .secret etc from being served
-       location ~ /\. { deny all; }
+    # let individual services drop location blocks in conf.d
+    include {{ nginx_conf_dir }}/*;
+
+    location ~ .*\.php$ {
+        proxy_set_header X-Real-IP  $remote_addr;
+        proxy_set_header X-Forwarded-For $remote_addr;
+        proxy_set_header Host $host;
+        fastcgi_pass php;
+        fastcgi_index index.php;
+        fastcgi_split_path_info ^(.+\.php)(/.+)$;
+        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+        fastcgi_param SCRIPT_NAME $fastcgi_script_name;
+        include fastcgi_params;
+    }
+
+    location /cgi-bin {
+        root /usr/lib;
+    }
+
+    # if you don't like seeing all the errors for missing favicon.ico in root
+    location = /favicon.ico { access_log off; log_not_found off; }
+
+    # if you don't like seeing errors for a missing robots.txt in root
+    location = /robots.txt { access_log off; log_not_found off; }
+
+    # this will prevent files like .htaccess .htpassword .secret etc from being served
+    location ~ /\. { deny all; }
 }