From 98613f6d79e3087f2ace9f5538984a75f42855db Mon Sep 17 00:00:00 2001
From: devdatt <shreebhattji@urmic.org>
Date: Tue, 17 Jun 2025 11:26:28 +0530
Subject: [PATCH] update

---
 cdn_setup/setup.sh | 67 ++++++++++++++++++++++++++++++++++++++++++++++
 update.sh          | 25 ++++++++++++++---
 2 files changed, 89 insertions(+), 3 deletions(-)
 create mode 100644 cdn_setup/setup.sh

diff --git a/cdn_setup/setup.sh b/cdn_setup/setup.sh
new file mode 100644
index 0000000..e3815f9
--- /dev/null
+++ b/cdn_setup/setup.sh
@@ -0,0 +1,67 @@
+server {
+    listen 80;
+    server_name cdn.urmic.org;
+
+    # Redirect HTTP to HTTPS
+    return 301 https://$host$request_uri;
+}
+
+server {
+    listen 443 ssl http2;
+    server_name cdn.urmic.org;
+
+    # SSL settings (use certbot or your provider)
+    ssl_certificate /etc/letsencrypt/live/cdn.urmic.org/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/cdn.urmic.org/privkey.pem;
+    ssl_protocols TLSv1.2 TLSv1.3;
+    ssl_ciphers HIGH:!aNULL:!MD5;
+    ssl_prefer_server_ciphers on;
+    ssl_session_cache shared:SSL:10m;
+    ssl_session_timeout 10m;
+
+    if ($request_method !~ ^(GET|HEAD|POST|OPTIONS)$) {
+        return 444;
+    }
+
+    # Root CDN content
+    root /var/www/cdn.urmic.org;
+    index index.html;
+
+    # Rate Limiting (Anti-DDoS)
+    limit_req zone=req_limit_per_ip burst=10 nodelay;
+
+    # Connection limiting
+    limit_conn_zone $binary_remote_addr zone=conn_limit_per_ip:10m;
+    limit_conn conn_limit_per_ip 10;
+
+    # Basic Security Headers
+    add_header X-Frame-Options "SAMEORIGIN" always;
+    add_header X-Content-Type-Options "nosniff" always;
+    add_header X-XSS-Protection "1; mode=block" always;
+    add_header Referrer-Policy "no-referrer-when-downgrade";
+    add_header Content-Security-Policy "default-src 'self' cdn.urmic.org;";
+
+    # Protect against large request bodies
+    client_max_body_size 5M;
+
+    # Logging
+    access_log /var/log/nginx/cdn.urmic.org.access.log;
+    error_log /var/log/nginx/cdn.urmic.org.error.log warn;
+
+    # Cache Control (for static CDN files)
+    location ~* \.(jpg|jpeg|png|gif|ico|css|js|woff|woff2|ttf|svg|eot|mp4|webm|ogg|avi)$ {
+        expires 30d;
+        access_log off;
+        add_header Cache-Control "public, no-transform";
+    }
+
+    # General static file serving
+    location / {
+        try_files $uri $uri/ =404;
+    }
+
+    # Deny access to hidden files
+    location ~ /\. {
+        deny all;
+    }
+}
diff --git a/update.sh b/update.sh
index 2253304..4c45076 100755
--- a/update.sh
+++ b/update.sh
@@ -1,13 +1,31 @@
 #!/bin/bash
 # this scripts upadte all servers located in hetenzer
 
-# update main uplink
+# uplink main uplink
 rm -rf uplink.urmic.org
 git clone https://devdatt:$1@git.dbhatt.org/serverwa/uplink.urmic.org.git
 cd uplink.urmic.org
 cp nginx.conf /etc/nginx/
+rm -rf uplink.urmic.org
 systemctl reload nginx
 
+# uplink1.urmic.org
+uplink1_rtmp_ips=("37.27.21.27" "185.193.19.223" "137.59.95.164")
+UPLINK1_RTMP=$(cat <<EOF
+rm -rf uplink1.urmic.org
+echo "Pulling latest changes from remote Git..."
+git clone https://devdatt:$1@git.dbhatt.org/serverwa/uplink1.urmic.org.git
+cd uplink1.urmic.org
+cp nginx.conf /etc/nginx/
+systemctl reload nginx
+rm -rf uplink1.urmic.org
+EOF
+)
+for ip in "${uplink1_rtmp_ips[@]}"; do
+    ssh -i id_rsa -o StrictHostKeyChecking=no root@$ip "$UPLINK1_RTMP"
+    echo "Current ip: $ip"
+done
+
 
 # update streamer.urmic.org
 STREAMER_URMIC_ORG=$(cat <<EOF
@@ -17,6 +35,7 @@ git clone https://devdatt:$1@git.dbhatt.org/serverwa/streamer.urmic.org.git
 cd streamer.urmic.org
 cp icecast.xml /etc/icecast2/
 systemctl reload icecast2
+rm -rf streamer.urmic.org
 EOF
 )
 ssh -i id_rsa -o StrictHostKeyChecking=no root@$ip "$STREAMER_URMIC_ORG"
@@ -24,7 +43,6 @@ ssh -i id_rsa -o StrictHostKeyChecking=no root@$ip "$STREAMER_URMIC_ORG"
 
 # update channels.urmic.org
 channel_rtmp_ips=("172.16.99.181" "172.16.99.182" "172.16.99.183" "172.16.99.184" "172.16.99.185" "172.16.99.186" "172.16.99.187")
-
 CHANNEL_URMIC_ORG=$(cat <<EOF
 rm -rf channel.urmic.org
 echo "Pulling latest changes from remote Git..."
@@ -32,9 +50,9 @@ git clone https://devdatt:$1@git.dbhatt.org/serverwa/channel.urmic.org.git
 cd channel.urmic.org
 cp nginx.conf /etc/nginx/
 systemctl reload nginx
+rm -rf channel.urmic.org
 EOF
 )
-
 for ip in "${channel_rtmp_ips[@]}"; do
     ssh -i id_rsa -o StrictHostKeyChecking=no root@$ip "$CHANNEL_URMIC_ORG"
     echo "Current ip: $ip"
@@ -43,6 +61,7 @@ done
 # x86 cdn ips
 x86_cdn_ips=("172.16.99.181" "172.16.99.182" "172.16.99.183")
 DD_URMIC_ORG=$(cat <<EOF
+cd dd.urmic.org
 
 EOF
 )