From 422df832c44fd9d55a55309924578b34a33439cb Mon Sep 17 00:00:00 2001
From: devdatt bhatt <devdatt.bhatt@dbhatt.org>
Date: Tue, 31 Mar 2026 03:47:12 +0000
Subject: [PATCH] update

---
 default_nginx_site       | 59 +++++++++++++++++++++++++++++-----------
 encoder/request_cert.php | 10 ++++---
 install.sh               |  2 +-
 3 files changed, 50 insertions(+), 21 deletions(-)

diff --git a/default_nginx_site b/default_nginx_site
index adaa24e..29c5ce6 100644
--- a/default_nginx_site
+++ b/default_nginx_site
@@ -1,27 +1,54 @@
 server {
     listen 80 default_server;
     listen [::]:80 default_server;
-    server_name _;
 
     root /var/www/html;
-    index index.html;
+    index index.html index.htm index.nginx-debian.html;
+    server_name _;
 
-    # These are fine at the server level, but safer inside location
+    # CORS (required for video players)
     add_header Access-Control-Allow-Origin "*" always;
-    add_header Access-Control-Allow-Methods "GET, POST, PUT, PATCH, DELETE, OPTIONS" always;
-    add_header Access-Control-Allow-Headers "Authorization, Content-Type, Accept, Origin, X-Requested-With" always;
+    add_header Access-Control-Allow-Methods "GET, OPTIONS" always;
+    add_header Access-Control-Allow-Headers "*" always;
 
+    # Handle OPTIONS requests
+    if ($request_method = OPTIONS) {
+        return 204;
+    }
+
+    # Default static
     location / {
-        # Handle the OPTIONS (Preflight) request correctly
-        if ($request_method = OPTIONS) {
-            add_header Access-Control-Allow-Origin "*" always;
-            add_header Access-Control-Allow-Methods "GET, POST, PUT, PATCH, DELETE, OPTIONS" always;
-            add_header Access-Control-Allow-Headers "Authorization, Content-Type, Accept, Origin, X-Requested-With" always;
-            add_header Content-Length 0;
-            add_header Content-Type text/plain;
-            return 204;
-        }
-
         try_files $uri $uri/ =404;
     }
-}
+
+    # HLS streaming
+    location /hls/ {
+        types {
+            application/vnd.apple.mpegurl m3u8;
+            video/mp2t ts;
+        }
+
+        try_files $uri =404;
+
+        add_header Cache-Control no-cache;
+        add_header Content-Disposition inline;
+    }
+
+    # DASH streaming
+    location /dash/ {
+        types {
+            application/dash+xml mpd;
+            video/mp4 mp4 m4s;
+        }
+
+        try_files $uri =404;
+
+        add_header Cache-Control no-cache;
+        add_header Content-Disposition inline;
+    }
+
+    # Block .htaccess
+    location ~ /\.ht {
+        deny all;
+    }
+}
\ No newline at end of file
diff --git a/encoder/request_cert.php b/encoder/request_cert.php
index 7901134..4b47dab 100755
--- a/encoder/request_cert.php
+++ b/encoder/request_cert.php
@@ -112,11 +112,11 @@ if ($subdomains_raw !== '') {
 }
 
 exec("sudo systemctl stop nginx");
-sleep(3); 
+sleep(3);
 exec("sudo certbot delete --all");
-sleep(3); 
+sleep(3);
 exec("sudo systemctl restart nginx");
-sleep(3); 
+sleep(3);
 
 
 // Merge primary domain + subdomains
@@ -130,7 +130,9 @@ foreach ($domains as $d) {
 
 // Build certbot command
 $certbot = "/usr/bin/certbot";
-$cmd = "sudo $certbot --nginx --agree-tos --non-interactive --email "
+exec("sudo cp /var/wwww/default_nginx_site /etc/nginx/sites-available/default");
+exec("sudo sed -i 's/ _;/ " . escapeshellarg($domain) . ";/g' /etc/nginx/sites-available/default");
+$cmd = "sudo $certbot certonly --nginx --agree-tos --non-interactive --email "
     . escapeshellarg($email)
     . " $dargs";
 
diff --git a/install.sh b/install.sh
index a8a3ff5..dc56052 100755
--- a/install.sh
+++ b/install.sh
@@ -557,4 +557,4 @@ done
 # Validate
 mount -a
 
-sudo reboot;
\ No newline at end of file
+#sudo reboot;
\ No newline at end of file