From eb4144c08b96d73117bf814a0c14d45ea11d8c44 Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 22 Jun 2021 12:07:25 -0400 Subject: [PATCH 1/4] nginx/templates/nginx.conf.j2: proxy_force_ranges on; --- roles/nginx/templates/nginx.conf.j2 | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/roles/nginx/templates/nginx.conf.j2 b/roles/nginx/templates/nginx.conf.j2 index bd23bd626..758491059 100644 --- a/roles/nginx/templates/nginx.conf.j2 +++ b/roles/nginx/templates/nginx.conf.j2 @@ -1,6 +1,6 @@ # IIAB notes: -# /etc/nginx/sites-enabled is for server declarations -# /etc/nginx/conf.d is for location declarations within the main server block +# /etc/nginx/conf.d/* are included by /etc/nginx/server.conf +# /etc/nginx/sites-enabled/*.conf includes other sites user www-data; worker_processes auto; @@ -79,6 +79,11 @@ http { '' close; } + # 2021-06-22: Enables HTTP/1.1 byte-range, so Kolibri videos play on Apple + # and LG devices: https://github.com/learningequality/kolibri/issues/8164 + # http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_force_ranges + proxy_force_ranges on; + ## # Virtual Host Configs ## From d4b388bf4d6a45d31e226b865f87d027afb5fd5a Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 22 Jun 2021 12:11:45 -0400 Subject: [PATCH 2/4] Lint roles/nginx/templates/server.conf.j2 --- roles/nginx/templates/server.conf.j2 | 60 ++++++++++++++-------------- 1 file changed, 30 insertions(+), 30 deletions(-) diff --git a/roles/nginx/templates/server.conf.j2 b/roles/nginx/templates/server.conf.j2 index 6b42b1c14..e6413c10c 100644 --- a/roles/nginx/templates/server.conf.j2 +++ b/roles/nginx/templates/server.conf.j2 @@ -1,35 +1,35 @@ server { - root {{ doc_root }}; - server_name {{ iiab_hostname }}; - listen 80; - - index index.php index.html index.htm; + root {{ doc_root }}; + server_name {{ iiab_hostname }}; + listen 80; - # let individual services drop location blocks in conf.d - include {{ nginx_conf_dir }}/*; - - location ~ .*\.php$ { - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $remote_addr; - proxy_set_header Host $host; - fastcgi_pass php; - fastcgi_index index.php; - fastcgi_split_path_info ^(.+\.php)(/.+)$; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_param SCRIPT_NAME $fastcgi_script_name; - include fastcgi_params; - } - - location /cgi-bin { - root /usr/lib; - } + index index.php index.html index.htm; - # if you don't like seeing all the errors for missing favicon.ico in root - location = /favicon.ico { access_log off; log_not_found off; } + # let individual services drop location blocks in conf.d + include {{ nginx_conf_dir }}/*; + + location ~ .*\.php$ { + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header Host $host; + fastcgi_pass php; + fastcgi_index index.php; + fastcgi_split_path_info ^(.+\.php)(/.+)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param SCRIPT_NAME $fastcgi_script_name; + include fastcgi_params; + } - # if you don't like seeing errors for a missing robots.txt in root - location = /robots.txt { access_log off; log_not_found off; } - - # this will prevent files like .htaccess .htpassword .secret etc from being served - location ~ /\. { deny all; } + location /cgi-bin { + root /usr/lib; + } + + # if you don't like seeing all the errors for missing favicon.ico in root + location = /favicon.ico { access_log off; log_not_found off; } + + # if you don't like seeing errors for a missing robots.txt in root + location = /robots.txt { access_log off; log_not_found off; } + + # this will prevent files like .htaccess .htpassword .secret etc from being served + location ~ /\. { deny all; } } From 33d5316c35d9c1e5d4c07ad76020da8d634e11e4 Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 22 Jun 2021 12:20:08 -0400 Subject: [PATCH 3/4] Lint roles/nginx/templates/server.conf.j2 --- roles/nginx/templates/server.conf.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/nginx/templates/server.conf.j2 b/roles/nginx/templates/server.conf.j2 index e6413c10c..0272a27f8 100644 --- a/roles/nginx/templates/server.conf.j2 +++ b/roles/nginx/templates/server.conf.j2 @@ -19,7 +19,7 @@ server { fastcgi_param SCRIPT_NAME $fastcgi_script_name; include fastcgi_params; } - + location /cgi-bin { root /usr/lib; } From 39a3d67256f5150b30474abd1fe3a1b145af9ba8 Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 22 Jun 2021 12:34:21 -0400 Subject: [PATCH 4/4] Clarify byte-range fix in roles/nginx/templates/nginx.conf.j2 --- roles/nginx/templates/nginx.conf.j2 | 2 ++ 1 file changed, 2 insertions(+) diff --git a/roles/nginx/templates/nginx.conf.j2 b/roles/nginx/templates/nginx.conf.j2 index 758491059..a3835e32f 100644 --- a/roles/nginx/templates/nginx.conf.j2 +++ b/roles/nginx/templates/nginx.conf.j2 @@ -82,6 +82,8 @@ http { # 2021-06-22: Enables HTTP/1.1 byte-range, so Kolibri videos play on Apple # and LG devices: https://github.com/learningequality/kolibri/issues/8164 # http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_force_ranges + # This should help all roles! RECAP: when unproxied, Kolibri videos worked + # (http://box:8009/kolibri/) but not when proxied (http://box/kolibri/). proxy_force_ranges on; ##