stream as logger , deployment update

2025-08-26 13:50:04 +05:30 · 2025-08-26 13:50:04 +05:30 · 42c4fd0474
parent 82d1885cd9
commit 42c4fd0474
5 changed files with 55 additions and 32 deletions
--- a/ott_update/update_all.sh
+++ b/ott_update/update_all.sh
@ -27,6 +27,23 @@ cp -r * /var/www/cdn.urmic.org/
 rm -rf ott_x64_json
 EOF
 )
+for ip in "${cdn_ips[@]}"; do
+    ssh -i id_rsa -o StrictHostKeyChecking=no root@$ip "$CDN_PHP"
+    echo "Current ip: $ip"
+done
+
+#update stream.urmic.org
+cdn_ips=("172.16.99.182" "172.16.99.183" "172.16.99.184" "172.16.99.185" "172.16.99.186" "172.16.99.187" "172.16.99.188")
+CDN_PHP=$(cat <<EOF
+rm -rf OttDemo4
+rm -rf /var/www/stream.urmic.org/*
+echo "Pulling latest changes from remote Git..."
+git clone https://devdatt:$1@git.dbhatt.org/devdatt/OttDemo4.git
+cd OttDemo4
+cp -r stream/* /var/www/stream.urmic.org/
+rm -rf OttDemo4
+EOF
+)
 for ip in "${cdn_ips[@]}"; do
    ssh -i id_rsa -o StrictHostKeyChecking=no root@$ip "$CDN_PHP"
    echo "Current ip: $ip"
--- a/setup_server/account.urmic.org.sh
+++ b/setup_server/account.urmic.org.sh
@ -13,8 +13,8 @@ enabled = true
 filter = nginx-http-auth
 action = iptables-multiport[name=NoAuthFailures, port="http,https"]
 logpath = /var/log/nginx/account_error.log
-maxretry = 5
-bantime = 3600
+maxretry = 1
+bantime = 86400
 findtime = 600
 EOL

@ -237,9 +237,7 @@ server {
    }

    # Apply rate limiting (defined in nginx.conf)
-    limit_req zone=cdnlimit burst=25 nodelay;
-
-    
+    limit_req zone=accountlimit burst=5 nodelay;

    location ~ \.php$ {
        include snippets/fastcgi-php.conf;
--- a/setup_server/cdn.urmic.org.sh
+++ b/setup_server/cdn.urmic.org.sh
@ -14,7 +14,7 @@ filter = nginx-http-auth
 action = iptables-multiport[name=NoAuthFailures, port="http,https"]
 logpath = /var/log/nginx/cdn_error.log
 maxretry = 5
-bantime = 3600
+bantime = 86400
 findtime = 600
 EOL

@ -235,7 +235,7 @@ server {
    }

    # Apply rate limiting (defined in nginx.conf)
-    limit_req zone=cdnlimit burst=25 nodelay;
+    limit_req zone=cdnlimit burst=100 nodelay;


    location ~ \.php$ {
--- a/setup_server/stream.urmic.org.sh
+++ b/setup_server/stream.urmic.org.sh
@ -7,16 +7,7 @@ apt install php-fpm php-cli php-mysql php-zip php-gd php-mbstring php-curl php-x
 mkdir /etc/ssl/private;
 mkdir /var/www/stream.urmic.org;

-cat > /etc/fail2ban/jail.d/stream.conf<<EOL
-[stream]
-enabled = true
-filter = nginx-http-auth
-action = iptables-multiport[name=NoAuthFailures, port="http,https"]
-logpath = /var/log/nginx/stream_error.log
-maxretry = 5
-bantime = 3600
-findtime = 600
-EOL
+rm /etc/fail2ban/jail.d/stream.conf;


 cat > /etc/ssl/private/bundle.crt<<EOL
@ -204,37 +195,54 @@ server {
    listen 80;
    server_name stream.urmic.org;

-    # Redirect HTTP to HTTPS
-    return 301 https://\$host\$request_uri;
+    root /var/www/stream.urmic.org;
+    index index.php index.html index.htm;
+
+    location ~ \.php$ {
+        include snippets/fastcgi-php.conf;
+        fastcgi_pass unix:/run/php/php8.2-fpm.sock; # Adjust PHP version if different
+    }
+
+    access_log /var/log/nginx/stream_access.log;
+    error_log  /var/log/nginx/stream_error.log;
+
 }

 server {
-    listen 443 ssl http2;
+    listen [::]:443 ssl http2;
    server_name stream.urmic.org;

+    root /var/www/stream.urmic.org;
+    index index.php index.html index.htm;
+
    ssl_certificate /etc/ssl/private/bundle.crt;
    ssl_certificate_key /etc/ssl/private/server.key;

+    # SSL settings
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_prefer_server_ciphers off;
    ssl_session_cache shared:SSL:10m;
    ssl_session_tickets off;

-    # Security headers
+    # Security Headers
    add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
    add_header X-Content-Type-Options nosniff;
    add_header X-Frame-Options DENY;
    add_header X-XSS-Protection "1; mode=block";

-    # Proxy all requests to Icecast
-    location / {
-        proxy_pass         http://127.0.0.1:8000;
-        proxy_set_header   Host \$host;
-        proxy_set_header   X-Real-IP \$remote_addr;
-        proxy_set_header   X-Forwarded-For \$proxy_add_x_forwarded_for;
-        proxy_set_header   X-Forwarded-Proto \$scheme;
+    location ~ \.php$ {
+        include snippets/fastcgi-php.conf;
+        fastcgi_pass unix:/run/php/php8.2-fpm.sock; # Adjust PHP version if different
+    }

-        proxy_buffering off;
+    # Deny access to hidden files
+    location ~ /\.(?!well-known).* {
+        deny all;
+    }
+
+    # Block common bots and scanners
+    if (\$http_user_agent ~* (wget|curl|bot|scanner|spider|python|libwww-perl)) {
+        return 403;
    }

    access_log /var/log/nginx/stream_access.log;
--- a/update_deployed/update_all.sh
+++ b/update_deployed/update_all.sh
@ -7,7 +7,7 @@ git clone https://devdatt:$1@git.dbhatt.org/serverwa/uplink.urmic.org.git
 cd uplink.urmic.org
 cp nginx.conf /etc/nginx/
 rm -rf uplink.urmic.org
-systemctl reload nginx
+systemctl restart nginx

 # uplink1.urmic.org
 uplink1_rtmp_ips=("37.27.21.27" "185.193.19.223" "137.59.95.164")
@ -17,7 +17,7 @@ echo "Pulling uplink1 changes from remote Git..."
 git clone https://devdatt:$1@git.dbhatt.org/serverwa/uplink1.urmic.org.git
 cd uplink1.urmic.org
 cp nginx.conf /etc/nginx/
-systemctl reload nginx
+systemctl restart nginx
 rm -rf uplink1.urmic.org
 EOF
 )
@ -49,7 +49,7 @@ echo "Pulling latest changes from remote Git..."
 git clone https://devdatt:$1@git.dbhatt.org/serverwa/channel.urmic.org.git
 cd channel.urmic.org
 cp nginx.conf /etc/nginx/
-systemctl reload nginx
+systemctl restart nginx
 rm -rf channel.urmic.org
 EOF
 )