From d77eaebfdb2fad78312b061e1915da7e04a0c0ac Mon Sep 17 00:00:00 2001 From: Pablo <42.pablo.ms@gmail.com> Date: Tue, 14 Apr 2020 00:09:00 +0200 Subject: [PATCH] Addlord --- .github/workflows/main.yml | 19 + Dockerfile | 61 ++ LICENSE | 21 + README.md | 103 ++ docker-compose.yml | 8 + nginx.conf | 55 + stat.xsl | 355 +++++++ webpage/.editorconfig | 10 + webpage/.gitattributes | 194 ++++ webpage/.gitignore | 3 + webpage/.htaccess | 1218 ++++++++++++++++++++++ webpage/404.html | 62 ++ webpage/LICENSE.txt | 19 + webpage/browserconfig.xml | 12 + webpage/css/main.css | 265 +++++ webpage/css/normalize.css | 349 +++++++ webpage/doc/TOC.md | 34 + webpage/doc/css.md | 49 + webpage/doc/extend.md | 639 ++++++++++++ webpage/doc/faq.md | 40 + webpage/doc/html.md | 205 ++++ webpage/doc/js.md | 36 + webpage/doc/misc.md | 173 +++ webpage/doc/usage.md | 130 +++ webpage/favicon.ico | Bin 0 -> 766 bytes webpage/humans.txt | 15 + webpage/icon.png | Bin 0 -> 4029 bytes webpage/img/.gitignore | 0 webpage/index.html | 78 ++ webpage/js/main.js | 0 webpage/js/plugins.js | 24 + webpage/js/vendor/jquery-3.4.1.min.js | 2 + webpage/js/vendor/modernizr-3.8.0.min.js | 3 + webpage/robots.txt | 5 + webpage/site.webmanifest | 12 + webpage/tile-wide.png | Bin 0 -> 1854 bytes webpage/tile.png | Bin 0 -> 3482 bytes 37 files changed, 4199 insertions(+) create mode 100644 .github/workflows/main.yml create mode 100644 Dockerfile create mode 100644 LICENSE create mode 100644 README.md create mode 100644 docker-compose.yml create mode 100644 nginx.conf create mode 100644 stat.xsl create mode 100644 webpage/.editorconfig create mode 100644 webpage/.gitattributes create mode 100644 webpage/.gitignore create mode 100644 webpage/.htaccess create mode 100644 webpage/404.html create mode 100644 webpage/LICENSE.txt create mode 100644 webpage/browserconfig.xml create mode 100644 webpage/css/main.css create mode 100644 webpage/css/normalize.css create mode 100644 webpage/doc/TOC.md create mode 100644 webpage/doc/css.md create mode 100644 webpage/doc/extend.md create mode 100644 webpage/doc/faq.md create mode 100644 webpage/doc/html.md create mode 100644 webpage/doc/js.md create mode 100644 webpage/doc/misc.md create mode 100644 webpage/doc/usage.md create mode 100644 webpage/favicon.ico create mode 100644 webpage/humans.txt create mode 100644 webpage/icon.png create mode 100644 webpage/img/.gitignore create mode 100644 webpage/index.html create mode 100644 webpage/js/main.js create mode 100644 webpage/js/plugins.js create mode 100644 webpage/js/vendor/jquery-3.4.1.min.js create mode 100644 webpage/js/vendor/modernizr-3.8.0.min.js create mode 100644 webpage/robots.txt create mode 100644 webpage/site.webmanifest create mode 100644 webpage/tile-wide.png create mode 100644 webpage/tile.png diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml new file mode 100644 index 0000000..0e9450c --- /dev/null +++ b/.github/workflows/main.yml @@ -0,0 +1,19 @@ +on: + schedule: + - cron: "0 0 * * *" + +jobs: + issue-manager: + runs-on: ubuntu-latest + steps: + - uses: tiangolo/issue-manager@master + with: + token: ${{ secrets.GITHUB_TOKEN }} + config: > + { + "answered": { + "users": ["tiangolo"], + "delay": 864000, + "message": "Assuming the original issue was solved, it will be automatically closed now. But feel free to add more comments or create new issues." + } + } diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..8a1fc94 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,61 @@ +FROM buildpack-deps:stretch + +LABEL maintainer="Sebastian Ramirez " + +# Versions of Nginx and nginx-rtmp-module to use +ENV NGINX_VERSION nginx-1.15.0 +ENV NGINX_RTMP_MODULE_VERSION 1.2.1 + +# Install dependencies +RUN apt-get update && \ + apt-get install -y ca-certificates openssl libssl-dev && \ + rm -rf /var/lib/apt/lists/* + +# Download and decompress Nginx +RUN mkdir -p /tmp/build/nginx && \ + cd /tmp/build/nginx && \ + wget -O ${NGINX_VERSION}.tar.gz https://nginx.org/download/${NGINX_VERSION}.tar.gz && \ + tar -zxf ${NGINX_VERSION}.tar.gz + +# Download and decompress RTMP module +RUN mkdir -p /tmp/build/nginx-rtmp-module && \ + cd /tmp/build/nginx-rtmp-module && \ + wget -O nginx-rtmp-module-${NGINX_RTMP_MODULE_VERSION}.tar.gz https://github.com/arut/nginx-rtmp-module/archive/v${NGINX_RTMP_MODULE_VERSION}.tar.gz && \ + tar -zxf nginx-rtmp-module-${NGINX_RTMP_MODULE_VERSION}.tar.gz && \ + cd nginx-rtmp-module-${NGINX_RTMP_MODULE_VERSION} + +# Build and install Nginx +# The default puts everything under /usr/local/nginx, so it's needed to change +# it explicitly. Not just for order but to have it in the PATH +RUN cd /tmp/build/nginx/${NGINX_VERSION} && \ + ./configure \ + --sbin-path=/usr/local/sbin/nginx \ + --conf-path=/etc/nginx/nginx.conf \ + --error-log-path=/var/log/nginx/error.log \ + --pid-path=/var/run/nginx/nginx.pid \ + --lock-path=/var/lock/nginx/nginx.lock \ + --http-log-path=/var/log/nginx/access.log \ + --http-client-body-temp-path=/tmp/nginx-client-body \ + --with-http_ssl_module \ + --with-threads \ + --with-ipv6 \ + --add-module=/tmp/build/nginx-rtmp-module/nginx-rtmp-module-${NGINX_RTMP_MODULE_VERSION} && \ + make -j $(getconf _NPROCESSORS_ONLN) && \ + make install && \ + mkdir /var/lock/nginx && \ + rm -rf /tmp/build + +# Forward logs to Docker +RUN ln -sf /dev/stdout /var/log/nginx/access.log && \ + ln -sf /dev/stderr /var/log/nginx/error.log + +# Set up config file +COPY nginx.conf /etc/nginx/nginx.conf + +COPY stat.xsl /tmp/stat.xsl + +COPY webpage/* /usr/share/nginx/html/ + +EXPOSE 1935 +EXPOSE 80 +CMD ["nginx", "-g", "daemon off;"] diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..a09ee31 --- /dev/null +++ b/LICENSE @@ -0,0 +1,21 @@ +MIT License + +Copyright (c) 2016-2018 Sebastián Ramírez + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. diff --git a/README.md b/README.md new file mode 100644 index 0000000..5fbfd24 --- /dev/null +++ b/README.md @@ -0,0 +1,103 @@ +## Supported tags and respective `Dockerfile` links + +* [`latest` _(Dockerfile)_](https://github.com/tiangolo/nginx-rtmp-docker/blob/master/Dockerfile) + +# nginx-rtmp + +[**Docker**](https://www.docker.com/) image with [**Nginx**](http://nginx.org/en/) using the [**nginx-rtmp-module**](https://github.com/arut/nginx-rtmp-module) module for live multimedia (video) streaming. + +## Description + +This [**Docker**](https://www.docker.com/) image can be used to create an RTMP server for multimedia / video streaming using [**Nginx**](http://nginx.org/en/) and [**nginx-rtmp-module**](https://github.com/arut/nginx-rtmp-module), built from the current latest sources (Nginx 1.15.0 and nginx-rtmp-module 1.2.1). + +This was inspired by other similar previous images from [dvdgiessen](https://hub.docker.com/r/dvdgiessen/nginx-rtmp-docker/), [jasonrivers](https://hub.docker.com/r/jasonrivers/nginx-rtmp/), [aevumdecessus](https://hub.docker.com/r/aevumdecessus/docker-nginx-rtmp/) and by an [OBS Studio post](https://obsproject.com/forum/resources/how-to-set-up-your-own-private-rtmp-server-using-nginx.50/). + +The main purpose (and test case) to build it was to allow streaming from [**OBS Studio**](https://obsproject.com/) to different clients at the same time. + +**GitHub repo**: + +**Docker Hub image**: + +## Details + +## How to use + +* For the simplest case, just run a container with this image: + +```bash +docker run -d -p 1935:1935 --name nginx-rtmp tiangolo/nginx-rtmp +``` + +## How to test with OBS Studio and VLC + +* Run a container with the command above + + +* Open [OBS Studio](https://obsproject.com/) +* Click the "Settings" button +* Go to the "Stream" section +* In "Stream Type" select "Custom Streaming Server" +* In the "URL" enter the `rtmp:///live` replacing `` with the IP of the host in which the container is running. For example: `rtmp://192.168.0.30/live` +* In the "Stream key" use a "key" that will be used later in the client URL to display that specific stream. For example: `test` +* Click the "OK" button +* In the section "Sources" click de "Add" button (`+`) and select a source (for example "Screen Capture") and configure it as you need +* Click the "Start Streaming" button + + +* Open a [VLC](http://www.videolan.org/vlc/index.html) player (it also works in Raspberry Pi using `omxplayer`) +* Click in the "Media" menu +* Click in "Open Network Stream" +* Enter the URL from above as `rtmp:///live/` replacing `` with the IP of the host in which the container is running and `` with the key you created in OBS Studio. For example: `rtmp://192.168.0.30/live/test` +* Click "Play" +* Now VLC should start playing whatever you are transmitting from OBS Studio + +## Debugging + +If something is not working you can check the logs of the container with: + +```bash +docker logs nginx-rtmp +``` + +## Extending + +If you need to modify the configurations you can create a file `nginx.conf` and replace the one in this image using a `Dockerfile` that is based on the image, for example: + +```Dockerfile +FROM tiangolo/nginx-rtmp + +COPY nginx.conf /etc/nginx/nginx.conf +``` + +The current `nginx.conf` contains: + +```Nginx +worker_processes auto; +rtmp_auto_push on; +events {} +rtmp { + server { + listen 1935; + listen [::]:1935 ipv6only=on; + + application live { + live on; + record off; + } + } +} +``` + +You can start from it and modify it as you need. Here's the [documentation related to `nginx-rtmp-module`](https://github.com/arut/nginx-rtmp-module/wiki/Directives). + +## Technical details + +* This image is built from the same base official images that most of the other official images, as Python, Node, Postgres, Nginx itself, etc. Specifically, [buildpack-deps](https://hub.docker.com/_/buildpack-deps/) which is in turn based on [debian](https://hub.docker.com/_/debian/). So, if you have any other image locally you probably have the base image layers already downloaded. + +* It is built from the official sources of **Nginx** and **nginx-rtmp-module** without adding anything else. (Surprisingly, most of the available images that include **nginx-rtmp-module** are made from different sources, old versions or add several other components). + +* It has a simple default configuration that should allow you to send one or more streams to it and have several clients receiving multiple copies of those streams simultaneously. (It includes `rtmp_auto_push` and an automatic number of worker processes). + +## License + +This project is licensed under the terms of the MIT License. diff --git a/docker-compose.yml b/docker-compose.yml new file mode 100644 index 0000000..8b36823 --- /dev/null +++ b/docker-compose.yml @@ -0,0 +1,8 @@ +version: '3' + +services: + nginx-rtmp: + build: . + ports: + - 1935:1935 + - 80:80 diff --git a/nginx.conf b/nginx.conf new file mode 100644 index 0000000..e920d82 --- /dev/null +++ b/nginx.conf @@ -0,0 +1,55 @@ +worker_processes auto; +rtmp_auto_push on; +events {} +rtmp { + server { + listen 1935; + listen [::]:1935 ipv6only=on; + + application live { + live on; + hls on; + hls_path /tmp/hls; + } + } +} + +http { + + server { + + autoindex on; + listen 80; + + # Frontpage + location / { + root /usr/share/nginx/html/; + } + + # This URL provides RTMP statistics in XML + location /stat { + rtmp_stat all; + + # Use this stylesheet to view XML as web page + # in browser + rtmp_stat_stylesheet stat.xsl; + } + + location /stat.xsl { + # XML stylesheet to view RTMP stats. + # Copy stat.xsl wherever you want + # and put the full directory path here + root /tmp; + } + + location /hls { + # Serve HLS fragments + types { + application/vnd.apple.mpegurl m3u8; + video/mp2t ts; + } + root /tmp; + add_header Cache-Control no-cache; + } + } +} diff --git a/stat.xsl b/stat.xsl new file mode 100644 index 0000000..355453b --- /dev/null +++ b/stat.xsl @@ -0,0 +1,355 @@ + + + + + + + + + + + + + RTMP statistics + + + +
+ Generated by + nginx-rtmp-module , + nginx , + pid , + built   + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
RTMP#clientsVideoAudioIn bytesOut bytesIn bits/sOut bits/sStateTime
Accepted: codecbits/ssizefpscodecbits/sfreqchan + + + + + + + + + + + + + + + + + + + + + + + + +
+ + + + + + + + + + + + + + + + + + + + live streams + + + + + + + + + + + + vod streams + + + + + + + + + + + + + #cccccc + #dddddd + + + + + + var d=document.getElementById('-'); + d.style.display=d.style.display=='none'?'':'none'; + return false + + + + [EMPTY] + + + + + +    + + + + + + + + + + + + + + + +   + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + - + + + + + + + + + + + + + + + + +
IdStateAddressFlash versionPage URLSWF URLDroppedTimestampA-VTime
+ + + + + + + + + + + + + + d + + + + h + + + + m + + + s + + + + + + + + + + + + + T + + + G + + + M + + K + + + + b + B + + /s + + + + + + active + idle + + + + + + + publishing + playing + + + + + + + + + #cccccc + #eeeeee + + + + + + + + http://apps.db.ripe.net/search/query.html?searchtext= + + whois + + + + + + + + + + + + + + + + + + + + + + + + + + publishing + + + + active + + + + x + + + diff --git a/webpage/.editorconfig b/webpage/.editorconfig new file mode 100644 index 0000000..6cee539 --- /dev/null +++ b/webpage/.editorconfig @@ -0,0 +1,10 @@ +# editorconfig.org + +root = true + +[*] +charset = utf-8 +indent_size = 2 +indent_style = space +insert_final_newline = true +trim_trailing_whitespace = true diff --git a/webpage/.gitattributes b/webpage/.gitattributes new file mode 100644 index 0000000..c664a90 --- /dev/null +++ b/webpage/.gitattributes @@ -0,0 +1,194 @@ +## GITATTRIBUTES FOR WEB PROJECTS +# +# These settings are for any web project. +# +# Details per file setting: +# text These files should be normalized (i.e. convert CRLF to LF). +# binary These files are binary and should be left untouched. +# +# Note that binary is a macro for -text -diff. +###################################################################### + +## AUTO-DETECT +## Handle line endings automatically for files detected as +## text and leave all files detected as binary untouched. +## This will handle all files NOT defined below. +* text=auto + +## SOURCE CODE +*.bat text eol=crlf +*.coffee text +*.css text +*.htm text +*.html text +*.inc text +*.ini text +*.js text +*.json text +*.jsx text +*.less text +*.od text +*.onlydata text +*.php text +*.pl text +*.py text +*.rb text +*.sass text +*.scm text +*.scss text +*.sh text eol=lf +*.sql text +*.styl text +*.tag text +*.ts text +*.tsx text +*.xml text +*.xhtml text + +## DOCKER +*.dockerignore text +Dockerfile text + +## DOCUMENTATION +*.markdown text +*.md text +*.mdwn text +*.mdown text +*.mkd text +*.mkdn text +*.mdtxt text +*.mdtext text +*.txt text +AUTHORS text +CHANGELOG text +CHANGES text +CONTRIBUTING text +COPYING text +copyright text +*COPYRIGHT* text +INSTALL text +license text +LICENSE text +NEWS text +readme text +*README* text +TODO text + +## TEMPLATES +*.dot text +*.ejs text +*.haml text +*.handlebars text +*.hbs text +*.hbt text +*.jade text +*.latte text +*.mustache text +*.njk text +*.phtml text +*.tmpl text +*.tpl text +*.twig text + +## LINTERS +.babelrc text +.csslintrc text +.eslintrc text +.htmlhintrc text +.jscsrc text +.jshintrc text +.jshintignore text +.prettierrc text +.stylelintrc text + +## CONFIGS +*.bowerrc text +*.cnf text +*.conf text +*.config text +.browserslistrc text +.editorconfig text +.gitattributes text +.gitconfig text +.gitignore text +.htaccess text +*.npmignore text +*.yaml text +*.yml text +browserslist text +Makefile text +makefile text + +## HEROKU +Procfile text +.slugignore text + +## GRAPHICS +*.ai binary +*.bmp binary +*.eps binary +*.gif binary +*.ico binary +*.jng binary +*.jp2 binary +*.jpg binary +*.jpeg binary +*.jpx binary +*.jxr binary +*.pdf binary +*.png binary +*.psb binary +*.psd binary +*.svg text +*.svgz binary +*.tif binary +*.tiff binary +*.wbmp binary +*.webp binary + +## AUDIO +*.kar binary +*.m4a binary +*.mid binary +*.midi binary +*.mp3 binary +*.ogg binary +*.ra binary + +## VIDEO +*.3gpp binary +*.3gp binary +*.as binary +*.asf binary +*.asx binary +*.fla binary +*.flv binary +*.m4v binary +*.mng binary +*.mov binary +*.mp4 binary +*.mpeg binary +*.mpg binary +*.ogv binary +*.swc binary +*.swf binary +*.webm binary + +## ARCHIVES +*.7z binary +*.gz binary +*.jar binary +*.rar binary +*.tar binary +*.zip binary + +## FONTS +*.ttf binary +*.eot binary +*.otf binary +*.woff binary +*.woff2 binary + +## EXECUTABLES +*.exe binary +*.pyc binary diff --git a/webpage/.gitignore b/webpage/.gitignore new file mode 100644 index 0000000..ef8f3b1 --- /dev/null +++ b/webpage/.gitignore @@ -0,0 +1,3 @@ +# Include your project-specific ignores in this file +# Read about how to use .gitignore: https://help.github.com/articles/ignoring-files +# Useful .gitignore templates: https://github.com/github/gitignore diff --git a/webpage/.htaccess b/webpage/.htaccess new file mode 100644 index 0000000..2a2bacf --- /dev/null +++ b/webpage/.htaccess @@ -0,0 +1,1218 @@ +# Apache Server Configs v3.2.1 | MIT License +# https://github.com/h5bp/server-configs-apache + +# (!) Using `.htaccess` files slows down Apache, therefore, if you have +# access to the main server configuration file (which is usually called +# `httpd.conf`), you should add this logic there. +# +# https://httpd.apache.org/docs/current/howto/htaccess.html + +# ###################################################################### +# # CROSS-ORIGIN # +# ###################################################################### + +# ---------------------------------------------------------------------- +# | Cross-origin requests | +# ---------------------------------------------------------------------- + +# Allow cross-origin requests. +# +# https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS +# https://enable-cors.org/ +# https://www.w3.org/TR/cors/ + +# +# Header set Access-Control-Allow-Origin "*" +# + +# ---------------------------------------------------------------------- +# | Cross-origin images | +# ---------------------------------------------------------------------- + +# Send the CORS header for images when browsers request it. +# +# https://developer.mozilla.org/en-US/docs/Web/HTML/CORS_enabled_image +# https://blog.chromium.org/2011/07/using-cross-domain-images-in-webgl-and.html + + + + + SetEnvIf Origin ":" IS_CORS + Header set Access-Control-Allow-Origin "*" env=IS_CORS + + + + +# ---------------------------------------------------------------------- +# | Cross-origin web fonts | +# ---------------------------------------------------------------------- + +# Allow cross-origin access to web fonts. +# +# https://developers.google.com/fonts/docs/troubleshooting + + + + Header set Access-Control-Allow-Origin "*" + + + +# ---------------------------------------------------------------------- +# | Cross-origin resource timing | +# ---------------------------------------------------------------------- + +# Allow cross-origin access to the timing information for all resources. +# +# If a resource isn't served with a `Timing-Allow-Origin` header that +# would allow its timing information to be shared with the document, +# some of the attributes of the `PerformanceResourceTiming` object will +# be set to zero. +# +# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Timing-Allow-Origin +# https://www.w3.org/TR/resource-timing/ +# https://www.stevesouders.com/blog/2014/08/21/resource-timing-practical-tips/ + +# +# Header set Timing-Allow-Origin: "*" +# + +# ###################################################################### +# # ERRORS # +# ###################################################################### + +# ---------------------------------------------------------------------- +# | Custom error messages/pages | +# ---------------------------------------------------------------------- + +# Customize what Apache returns to the client in case of an error. +# +# https://httpd.apache.org/docs/current/mod/core.html#errordocument + +ErrorDocument 404 /404.html + +# ---------------------------------------------------------------------- +# | Error prevention | +# ---------------------------------------------------------------------- + +# Disable the pattern matching based on filenames. +# +# This setting prevents Apache from returning a 404 error as the result +# of a rewrite when the directory with the same name does not exist. +# +# https://httpd.apache.org/docs/current/content-negotiation.html#multiviews + +Options -MultiViews + +# ###################################################################### +# # INTERNET EXPLORER # +# ###################################################################### + +# ---------------------------------------------------------------------- +# | Document modes | +# ---------------------------------------------------------------------- + +# Force Internet Explorer 8/9/10 to render pages in the highest mode +# available in the various cases when it may not. +# +# https://hsivonen.fi/doctype/#ie8 +# +# (!) Starting with Internet Explorer 11, document modes are deprecated. +# If your business still relies on older web apps and services that were +# designed for older versions of Internet Explorer, you might want to +# consider enabling `Enterprise Mode` throughout your company. +# +# https://msdn.microsoft.com/en-us/library/ie/bg182625.aspx#docmode +# https://blogs.msdn.microsoft.com/ie/2014/04/02/stay-up-to-date-with-enterprise-mode-for-internet-explorer-11/ +# https://msdn.microsoft.com/en-us/library/ff955275.aspx + + + Header set X-UA-Compatible "IE=edge" "expr=%{CONTENT_TYPE} =~ m#text/html#i" + + +# ###################################################################### +# # MEDIA TYPES AND CHARACTER ENCODINGS # +# ###################################################################### + +# ---------------------------------------------------------------------- +# | Media types | +# ---------------------------------------------------------------------- + +# Serve resources with the proper media types (f.k.a. MIME types). +# +# https://www.iana.org/assignments/media-types/media-types.xhtml +# https://httpd.apache.org/docs/current/mod/mod_mime.html#addtype + + + + # Data interchange + + AddType application/atom+xml atom + AddType application/json json map topojson + AddType application/ld+json jsonld + AddType application/rss+xml rss + AddType application/geo+json geojson + AddType application/rdf+xml rdf + AddType application/xml xml + + + # JavaScript + + # Servers should use text/javascript for JavaScript resources. + # https://html.spec.whatwg.org/multipage/scripting.html#scriptingLanguages + + AddType text/javascript js mjs + + + # Manifest files + + AddType application/manifest+json webmanifest + AddType application/x-web-app-manifest+json webapp + AddType text/cache-manifest appcache + + + # Media files + + AddType audio/mp4 f4a f4b m4a + AddType audio/ogg oga ogg opus + AddType image/bmp bmp + AddType image/svg+xml svg svgz + AddType image/webp webp + AddType video/mp4 f4v f4p m4v mp4 + AddType video/ogg ogv + AddType video/webm webm + AddType video/x-flv flv + + # Serving `.ico` image files with a different media type + # prevents Internet Explorer from displaying them as images: + # https://github.com/h5bp/html5-boilerplate/commit/37b5fec090d00f38de64b591bcddcb205aadf8ee + + AddType image/x-icon cur ico + + + # WebAssembly + + AddType application/wasm wasm + + + # Web fonts + + AddType font/woff woff + AddType font/woff2 woff2 + AddType application/vnd.ms-fontobject eot + AddType font/ttf ttf + AddType font/collection ttc + AddType font/otf otf + + + # Other + + AddType application/octet-stream safariextz + AddType application/x-bb-appworld bbaw + AddType application/x-chrome-extension crx + AddType application/x-opera-extension oex + AddType application/x-xpinstall xpi + AddType text/calendar ics + AddType text/markdown markdown md + AddType text/vcard vcard vcf + AddType text/vnd.rim.location.xloc xloc + AddType text/vtt vtt + AddType text/x-component htc + + + +# ---------------------------------------------------------------------- +# | Character encodings | +# ---------------------------------------------------------------------- + +# Serve all resources labeled as `text/html` or `text/plain` +# with the media type `charset` parameter set to `UTF-8`. +# +# https://httpd.apache.org/docs/current/mod/core.html#adddefaultcharset + +AddDefaultCharset utf-8 + +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + +# Serve the following file types with the media type `charset` +# parameter set to `UTF-8`. +# +# https://httpd.apache.org/docs/current/mod/mod_mime.html#addcharset + + + AddCharset utf-8 .appcache \ + .bbaw \ + .css \ + .htc \ + .ics \ + .js \ + .json \ + .manifest \ + .map \ + .markdown \ + .md \ + .mjs \ + .topojson \ + .vtt \ + .vcard \ + .vcf \ + .webmanifest \ + .xloc + + +# ###################################################################### +# # REWRITES # +# ###################################################################### + +# ---------------------------------------------------------------------- +# | Rewrite engine | +# ---------------------------------------------------------------------- + +# (1) Turn on the rewrite engine (this is necessary in order for +# the `RewriteRule` directives to work). +# +# https://httpd.apache.org/docs/current/mod/mod_rewrite.html#RewriteEngine +# +# (2) Enable the `FollowSymLinks` option if it isn't already. +# +# https://httpd.apache.org/docs/current/mod/core.html#options +# +# (3) If your web host doesn't allow the `FollowSymlinks` option, +# you need to comment it out or remove it, and then uncomment +# the `Options +SymLinksIfOwnerMatch` line (4), but be aware +# of the performance impact. +# +# https://httpd.apache.org/docs/current/misc/perf-tuning.html#symlinks +# +# (4) Some cloud hosting services will require you set `RewriteBase`. +# +# https://www.rackspace.com/knowledge_center/frequently-asked-question/why-is-modrewrite-not-working-on-my-site +# https://httpd.apache.org/docs/current/mod/mod_rewrite.html#rewritebase +# +# (5) Depending on how your server is set up, you may also need to +# use the `RewriteOptions` directive to enable some options for +# the rewrite engine. +# +# https://httpd.apache.org/docs/current/mod/mod_rewrite.html#rewriteoptions +# +# (6) Set %{ENV:PROTO} variable, to allow rewrites to redirect with the +# appropriate schema automatically (http or https). + + + + # (1) + RewriteEngine On + + # (2) + Options +FollowSymlinks + + # (3) + # Options +SymLinksIfOwnerMatch + + # (4) + # RewriteBase / + + # (5) + # RewriteOptions + + # (6) + RewriteCond %{HTTPS} =on + RewriteRule ^ - [env=proto:https] + RewriteCond %{HTTPS} !=on + RewriteRule ^ - [env=proto:http] + + + +# ---------------------------------------------------------------------- +# | Forcing `https://` | +# ---------------------------------------------------------------------- + +# Redirect from the `http://` to the `https://` version of the URL. +# +# https://wiki.apache.org/httpd/RewriteHTTPToHTTPS + +# (1) If you're using cPanel AutoSSL or the Let's Encrypt webroot +# method it will fail to validate the certificate if validation +# requests are redirected to HTTPS. Turn on the condition(s) +# you need. +# +# https://www.iana.org/assignments/well-known-uris/well-known-uris.xhtml +# https://tools.ietf.org/html/draft-ietf-acme-acme-12 + +# +# RewriteEngine On +# RewriteCond %{HTTPS} !=on +# # (1) +# # RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge/ +# # RewriteCond %{REQUEST_URI} !^/\.well-known/cpanel-dcv/[\w-]+$ +# # RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$ +# RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L] +# + +# ---------------------------------------------------------------------- +# | Suppressing the `www.` at the beginning of URLs | +# ---------------------------------------------------------------------- + +# Rewrite www.example.com → example.com + +# The same content should never be available under two different +# URLs, especially not with and without `www.` at the beginning. +# This can cause SEO problems (duplicate content), and therefore, +# you should choose one of the alternatives and redirect the other +# one. +# +# (!) NEVER USE BOTH WWW-RELATED RULES AT THE SAME TIME! + +# (1) The rule assumes by default that both HTTP and HTTPS +# environments are available for redirection. +# If your SSL certificate could not handle one of the domains +# used during redirection, you should turn the condition on. +# +# https://github.com/h5bp/server-configs-apache/issues/52 + + + RewriteEngine On + # (1) + # RewriteCond %{HTTPS} !=on + RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC] + RewriteRule ^ %{ENV:PROTO}://%1%{REQUEST_URI} [R=301,L] + + +# ---------------------------------------------------------------------- +# | Forcing the `www.` at the beginning of URLs | +# ---------------------------------------------------------------------- + +# Rewrite example.com → www.example.com + +# The same content should never be available under two different +# URLs, especially not with and without `www.` at the beginning. +# This can cause SEO problems (duplicate content), and therefore, +# you should choose one of the alternatives and redirect the other +# one. +# +# (!) NEVER USE BOTH WWW-RELATED RULES AT THE SAME TIME! + +# (1) The rule assumes by default that both HTTP and HTTPS +# environments are available for redirection. +# If your SSL certificate could not handle one of the domains +# used during redirection, you should turn the condition on. +# +# https://github.com/h5bp/server-configs-apache/issues/52 + +# Be aware that the following might not be a good idea if you use "real" +# subdomains for certain parts of your website. + +# +# RewriteEngine On +# # (1) +# # RewriteCond %{HTTPS} !=on +# RewriteCond %{HTTP_HOST} !^www\. [NC] +# RewriteCond %{SERVER_ADDR} !=127.0.0.1 +# RewriteCond %{SERVER_ADDR} !=::1 +# RewriteRule ^ %{ENV:PROTO}://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L] +# + +# ###################################################################### +# # SECURITY # +# ###################################################################### + +# ---------------------------------------------------------------------- +# | Clickjacking | +# ---------------------------------------------------------------------- + +# Protect website against clickjacking. +# +# The example below sends the `X-Frame-Options` response header with +# the value `DENY`, informing browsers not to display the content of +# the web page in any frame. +# +# This might not be the best setting for everyone. You should read +# about the other two possible values the `X-Frame-Options` header +# field can have: `SAMEORIGIN` and `ALLOW-FROM`. +# https://tools.ietf.org/html/rfc7034#section-2.1. +# +# Keep in mind that while you could send the `X-Frame-Options` header +# for all of your website’s pages, this has the potential downside that +# it forbids even non-malicious framing of your content (e.g.: when +# users visit your website using a Google Image Search results page). +# +# Nonetheless, you should ensure that you send the `X-Frame-Options` +# header for all pages that allow a user to make a state changing +# operation (e.g: pages that contain one-click purchase links, checkout +# or bank-transfer confirmation pages, pages that make permanent +# configuration changes, etc.). +# +# Sending the `X-Frame-Options` header can also protect your website +# against more than just clickjacking attacks: +# https://cure53.de/xfo-clickjacking.pdf. +# +# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options +# https://tools.ietf.org/html/rfc7034 +# https://blogs.msdn.microsoft.com/ieinternals/2010/03/30/combating-clickjacking-with-x-frame-options/ +# https://www.owasp.org/index.php/Clickjacking + +# +# Header set X-Frame-Options "DENY" "expr=%{CONTENT_TYPE} =~ m#text/html#i" +# + +# ---------------------------------------------------------------------- +# | Content Security Policy (CSP) | +# ---------------------------------------------------------------------- + +# Mitigate the risk of cross-site scripting and other content-injection +# attacks. +# +# This can be done by setting a `Content Security Policy` which +# whitelists trusted sources of content for your website. +# +# There is no policy that fits all websites, you will have to modify +# the `Content-Security-Policy` directives in the example below depending +# on your needs. +# +# The example policy below aims to: +# +# (1) Restrict all fetches by default to the origin of the current website +# by setting the `default-src` directive to `'self'` - which acts as a +# fallback to all "Fetch directives" (https://developer.mozilla.org/en-US/docs/Glossary/Fetch_directive). +# +# This is convenient as you do not have to specify all Fetch directives +# that apply to your site, for example: +# `connect-src 'self'; font-src 'self'; script-src 'self'; style-src 'self'`, etc. +# +# This restriction also means that you must explicitly define from +# which site(s) your website is allowed to load resources from. +# +# (2) The `` element is not allowed on the website. This is to +# prevent attackers from changing the locations of resources loaded +# from relative URLs. +# +# If you want to use the `` element, then `base-uri 'self'` +# can be used instead. +# +# (3) Form submissions are only allowed from the current website by +# setting: `form-action 'self'`. +# +# (4) Prevents all websites (including your own) from embedding your +# webpages within e.g. the `