server {
    listen 80 default_server;
    listen [::]:80 default_server;

    server_name _;

    root /var/www/html;
    index index.html index.htm;

    include /etc/nginx/mime.types;
    default_type application/octet-stream;

    # Performance
    sendfile on;
    tcp_nopush on;
    tcp_nodelay on;

    # Logs
    access_log /var/log/nginx/access.log;
    error_log /var/log/nginx/error.log;

    # =========================
    # Certbot
    # =========================
    location ^~ /.well-known/acme-challenge/ {
        root /var/www/html;
        default_type "text/plain";

        allow all;

        try_files $uri =404;
    }

    # =========================
    # Default Static
    # =========================
    location / {

        # CORS
        add_header Access-Control-Allow-Origin "*" always;
        add_header Access-Control-Allow-Methods "GET, HEAD, OPTIONS" always;
        add_header Access-Control-Allow-Headers "*" always;
        add_header Access-Control-Expose-Headers "Content-Length,Content-Range" always;

        # OPTIONS
        if ($request_method = OPTIONS) {
            return 204;
        }

        autoindex on;

        try_files $uri $uri/ =404;
    }

    # =========================
    # HLS Streaming
    # =========================
    location /hls/ {

        types {
            application/vnd.apple.mpegurl m3u8;
            video/mp2t ts;
        }

        # Required CORS for ALL HLS files
        add_header Access-Control-Allow-Origin "*" always;
        add_header Access-Control-Allow-Methods "GET, HEAD, OPTIONS" always;
        add_header Access-Control-Allow-Headers "*" always;
        add_header Access-Control-Expose-Headers "Content-Length,Content-Range" always;

        # HLS headers
        add_header Cache-Control "no-cache" always;
        add_header Accept-Ranges bytes always;
        add_header Content-Disposition inline always;

        # OPTIONS
        if ($request_method = OPTIONS) {
            return 204;
        }

        gzip off;

        try_files $uri =404;
    }

    # =========================
    # DASH Streaming
    # =========================
    location /dash/ {

        types {
            application/dash+xml mpd;
            video/mp4 mp4 m4s;
        }

        # Required CORS for DASH
        add_header Access-Control-Allow-Origin "*" always;
        add_header Access-Control-Allow-Methods "GET, HEAD, OPTIONS" always;
        add_header Access-Control-Allow-Headers "*" always;
        add_header Access-Control-Expose-Headers "Content-Length,Content-Range" always;

        # DASH headers
        add_header Cache-Control "no-cache" always;
        add_header Accept-Ranges bytes always;
        add_header Content-Disposition inline always;

        # OPTIONS
        if ($request_method = OPTIONS) {
            return 204;
        }

        gzip off;

        try_files $uri =404;
    }

    # =========================
    # gzip only manifests
    # =========================
    location ~* \.(m3u8|mpd)$ {

        gzip on;

        gzip_types
            application/vnd.apple.mpegurl
            application/dash+xml;
    }

    # =========================
    # Security
    # =========================
    location ~ /\. {
        deny all;

        access_log off;
        log_not_found off;
    }
}