administrator/frigate
1
0
Fork 0
mirror of https://github.com/blakeblackshear/frigate.git synced 2026-02-13 22:55:26 +03:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity
d99bfa1730
frigate/docker/main/rootfs/usr/local/nginx/conf/nginx.conf

309 lines
9.0 KiB
Nginx Configuration File
Raw Normal View History

adding s6-overlay and running jsmpeg
2021-03-03 16:33:50 +03:00
daemon off;
run nginx as root this addresses an issue many have had when using network shares
2021-09-21 03:02:59 +03:00
user root;
Optimize nginx & recordings (#4688) * Add segment duration metadata * Use faststart only for kept segments * Add more options for performance * Build nginx locally * Build nginx in dockerfile and enable threaded vod handling * Use DASH instead of hls * Allow player to continue on error * Undo DASH change * Fix typo * Correct log * Fix bad comments * Fix indentation * Preload stream * remove unused * Fix spacing * Fix tabs / sspaces * Retab * More cleanup
2022-12-18 02:53:34 +03:00
worker_processes auto;
add nginx and change default file locations
2020-11-02 14:44:16 +03:00
Optimize nginx & recordings (#4688) * Add segment duration metadata * Use faststart only for kept segments * Add more options for performance * Build nginx locally * Build nginx in dockerfile and enable threaded vod handling * Use DASH instead of hls * Allow player to continue on error * Undo DASH change * Fix typo * Correct log * Fix bad comments * Fix indentation * Preload stream * remove unused * Fix spacing * Fix tabs / sspaces * Retab * More cleanup
2022-12-18 02:53:34 +03:00
error_log /dev/stdout warn;
pid /var/run/nginx.pid;
add nginx and change default file locations
2020-11-02 14:44:16 +03:00
events {
Optimize nginx & recordings (#4688) * Add segment duration metadata * Use faststart only for kept segments * Add more options for performance * Build nginx locally * Build nginx in dockerfile and enable threaded vod handling * Use DASH instead of hls * Allow player to continue on error * Undo DASH change * Fix typo * Correct log * Fix bad comments * Fix indentation * Preload stream * remove unused * Fix spacing * Fix tabs / sspaces * Retab * More cleanup
2022-12-18 02:53:34 +03:00
worker_connections 1024;
add nginx and change default file locations
2020-11-02 14:44:16 +03:00
}
http {
Increase hash map size (#9515) * bump version * increase map hash size
2024-01-31 14:53:59 +03:00
map_hash_bucket_size 256;
Optimize nginx & recordings (#4688) * Add segment duration metadata * Use faststart only for kept segments * Add more options for performance * Build nginx locally * Build nginx in dockerfile and enable threaded vod handling * Use DASH instead of hls * Allow player to continue on error * Undo DASH change * Fix typo * Correct log * Fix bad comments * Fix indentation * Preload stream * remove unused * Fix spacing * Fix tabs / sspaces * Retab * More cleanup
2022-12-18 02:53:34 +03:00
include mime.types;
default_type application/octet-stream;
add nginx and change default file locations
2020-11-02 14:44:16 +03:00
Optimize nginx & recordings (#4688) * Add segment duration metadata * Use faststart only for kept segments * Add more options for performance * Build nginx locally * Build nginx in dockerfile and enable threaded vod handling * Use DASH instead of hls * Allow player to continue on error * Undo DASH change * Fix typo * Correct log * Fix bad comments * Fix indentation * Preload stream * remove unused * Fix spacing * Fix tabs / sspaces * Retab * More cleanup
2022-12-18 02:53:34 +03:00
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
add nginx and change default file locations
2020-11-02 14:44:16 +03:00
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
Optimize nginx & recordings (#4688) * Add segment duration metadata * Use faststart only for kept segments * Add more options for performance * Build nginx locally * Build nginx in dockerfile and enable threaded vod handling * Use DASH instead of hls * Allow player to continue on error * Undo DASH change * Fix typo * Correct log * Fix bad comments * Fix indentation * Preload stream * remove unused * Fix spacing * Fix tabs / sspaces * Retab * More cleanup
2022-12-18 02:53:34 +03:00
access_log /dev/stdout main;
add nginx and change default file locations
2020-11-02 14:44:16 +03:00
Optimize nginx & recordings (#4688) * Add segment duration metadata * Use faststart only for kept segments * Add more options for performance * Build nginx locally * Build nginx in dockerfile and enable threaded vod handling * Use DASH instead of hls * Allow player to continue on error * Undo DASH change * Fix typo * Correct log * Fix bad comments * Fix indentation * Preload stream * remove unused * Fix spacing * Fix tabs / sspaces * Retab * More cleanup
2022-12-18 02:53:34 +03:00
# send headers in one piece, it is better than sending them one by one
tcp_nopush on;
add nginx and change default file locations
2020-11-02 14:44:16 +03:00
Optimize nginx & recordings (#4688) * Add segment duration metadata * Use faststart only for kept segments * Add more options for performance * Build nginx locally * Build nginx in dockerfile and enable threaded vod handling * Use DASH instead of hls * Allow player to continue on error * Undo DASH change * Fix typo * Correct log * Fix bad comments * Fix indentation * Preload stream * remove unused * Fix spacing * Fix tabs / sspaces * Retab * More cleanup
2022-12-18 02:53:34 +03:00
sendfile on;
keepalive_timeout 65;
add nginx and change default file locations
2020-11-02 14:44:16 +03:00
feat(nginx): enable gzip compression and cache control for static files
2021-01-29 08:04:52 +03:00
gzip on;
gzip_comp_level 6;
gzip_types text/plain text/css application/json application/x-javascript application/javascript text/javascript image/svg+xml image/x-icon image/bmp image/png image/gif image/jpeg image/jpg;
gzip_proxied no-cache no-store private expired auth;
gzip_vary on;
implement nginx caching (#8333) * implement nginx caching * bypass cache from frigate frontend, reduce to 5s * set cache time to 2s * cache 200s for 5s * exclude vod endpoints from cache
2023-10-29 14:47:24 +03:00
proxy_cache_path /dev/shm/nginx_cache levels=1:2 keys_zone=api_cache:10m max_size=10m inactive=1m use_temp_path=off;
Fix nginx cache (#8558)
2023-11-10 01:09:25 +03:00
map $sent_http_content_type $should_not_cache {
Only cache json requests with nginx (#8529) * Only cache json requests * Use map instead
2023-11-08 02:18:58 +03:00
'application/json' 0;
default 1;
}
update nginx config
2020-11-09 01:35:21 +03:00
upstream frigate_api {
Optimize nginx & recordings (#4688) * Add segment duration metadata * Use faststart only for kept segments * Add more options for performance * Build nginx locally * Build nginx in dockerfile and enable threaded vod handling * Use DASH instead of hls * Allow player to continue on error * Undo DASH change * Fix typo * Correct log * Fix bad comments * Fix indentation * Preload stream * remove unused * Fix spacing * Fix tabs / sspaces * Retab * More cleanup
2022-12-18 02:53:34 +03:00
server 127.0.0.1:5001;
keepalive 1024;
update nginx config
2020-11-09 01:35:21 +03:00
}
add nginx and change default file locations
2020-11-02 14:44:16 +03:00
remove gevent fixes #920
2021-06-14 15:31:13 +03:00
upstream mqtt_ws {
Optimize nginx & recordings (#4688) * Add segment duration metadata * Use faststart only for kept segments * Add more options for performance * Build nginx locally * Build nginx in dockerfile and enable threaded vod handling * Use DASH instead of hls * Allow player to continue on error * Undo DASH change * Fix typo * Correct log * Fix bad comments * Fix indentation * Preload stream * remove unused * Fix spacing * Fix tabs / sspaces * Retab * More cleanup
2022-12-18 02:53:34 +03:00
server 127.0.0.1:5002;
keepalive 1024;
remove gevent fixes #920
2021-06-14 15:31:13 +03:00
}
add jsmpeg relay
2021-03-02 15:54:12 +03:00
upstream jsmpeg {
Optimize nginx & recordings (#4688) * Add segment duration metadata * Use faststart only for kept segments * Add more options for performance * Build nginx locally * Build nginx in dockerfile and enable threaded vod handling * Use DASH instead of hls * Allow player to continue on error * Undo DASH change * Fix typo * Correct log * Fix bad comments * Fix indentation * Preload stream * remove unused * Fix spacing * Fix tabs / sspaces * Retab * More cleanup
2022-12-18 02:53:34 +03:00
server 127.0.0.1:8082;
keepalive 1024;
add jsmpeg relay
2021-03-02 15:54:12 +03:00
}
TLS support (#11678) * implement self signed cert and monitor/reload * move go2rtc upstream to separate file * add directory for ACME challenges * make certsync more resilient * add TLS docs * add jwt secret info to docs
2024-06-01 18:29:46 +03:00
include go2rtc_upstream.conf;
server {
improve tls implementation (#11690) * improve tls implementation * update docs
2024-06-02 15:48:28 +03:00
include listen.conf;
TLS support (#11678) * implement self signed cert and monitor/reload * move go2rtc upstream to separate file * add directory for ACME challenges * make certsync more resilient * add TLS docs * add jwt secret info to docs
2024-06-01 18:29:46 +03:00
Add support for NGINX VOD Module
2021-05-18 08:52:08 +03:00
# vod settings
We need to use relative URLs for Ingress to work
2021-06-03 19:17:08 +03:00
vod_base_url '';
vod_segments_base_url '';
Add support for NGINX VOD Module
2021-05-18 08:52:08 +03:00
vod_mode mapped;
vod_max_mapping_response_size 1m;
vod_upstream_location /api;
tweak vod settings for varying iframe intervals
2021-08-29 05:26:23 +03:00
vod_align_segments_to_key_frames on;
vod_manifest_segment_durations_mode accurate;
Set vod_ignore_edit_list option (#3710)
2022-08-26 14:33:16 +03:00
vod_ignore_edit_list on;
Optimize nginx & recordings (#4688) * Add segment duration metadata * Use faststart only for kept segments * Add more options for performance * Build nginx locally * Build nginx in dockerfile and enable threaded vod handling * Use DASH instead of hls * Allow player to continue on error * Undo DASH change * Fix typo * Correct log * Fix bad comments * Fix indentation * Preload stream * remove unused * Fix spacing * Fix tabs / sspaces * Retab * More cleanup
2022-12-18 02:53:34 +03:00
vod_segment_duration 10000;
vod_hls_mpegts_align_frames off;
vod_hls_mpegts_interleave_frames on;
# file handle caching / aio
open_file_cache max=1000 inactive=5m;
open_file_cache_valid 2m;
open_file_cache_min_uses 1;
open_file_cache_errors on;
aio on;
# https://github.com/kaltura/nginx-vod-module#vod_open_file_thread_pool
vod_open_file_thread_pool default;
Add support for NGINX VOD Module
2021-05-18 08:52:08 +03:00
# vod caches
vod_metadata_cache metadata_cache 512m;
limit vod response cache
2021-12-12 17:03:38 +03:00
vod_mapping_cache mapping_cache 5m 10m;
Add support for NGINX VOD Module
2021-05-18 08:52:08 +03:00
# gzip manifests
gzip on;
gzip_types application/vnd.apple.mpegurl;
Auth! (#11347) * reload the window on 401 * backend apis for auth * add login page * re-enable web linter * fix login page routing * bypass csrf for internal auth endpoint * disable healthcheck in devcontainer target * include login page in vite build * redirect to login page on 401 * implement config for users and settings * implement JWT actual secret * add brute force protection on login * add support for redirecting from auth failures on api calls * return location for redirect * default cookie name should pass regex test * set hash iterations to current OWASP recommendation * move users to database instead of config * config option to reset admin password on startup * user management UI * check for deleted user on refresh * validate username and fixes * remove password constraint * cleanup * fix user check on refresh * web fixes * implement auth via new external port * use x-forwarded-for to rate limit login attempts by ip * implement logout and profile * fixes * lint fixes * add support for user passthru from upstream proxies * add support for specifying a logout url * add documentation * Update docs/docs/configuration/authentication.md Co-authored-by: Nicolas Mowen <nickmowen213@gmail.com> * Update docs/docs/configuration/authentication.md Co-authored-by: Nicolas Mowen <nickmowen213@gmail.com> --------- Co-authored-by: Nicolas Mowen <nickmowen213@gmail.com>
2024-05-18 19:36:13 +03:00
include auth_location.conf;
Add support for NGINX VOD Module
2021-05-18 08:52:08 +03:00
location /vod/ {
Auth! (#11347) * reload the window on 401 * backend apis for auth * add login page * re-enable web linter * fix login page routing * bypass csrf for internal auth endpoint * disable healthcheck in devcontainer target * include login page in vite build * redirect to login page on 401 * implement config for users and settings * implement JWT actual secret * add brute force protection on login * add support for redirecting from auth failures on api calls * return location for redirect * default cookie name should pass regex test * set hash iterations to current OWASP recommendation * move users to database instead of config * config option to reset admin password on startup * user management UI * check for deleted user on refresh * validate username and fixes * remove password constraint * cleanup * fix user check on refresh * web fixes * implement auth via new external port * use x-forwarded-for to rate limit login attempts by ip * implement logout and profile * fixes * lint fixes * add support for user passthru from upstream proxies * add support for specifying a logout url * add documentation * Update docs/docs/configuration/authentication.md Co-authored-by: Nicolas Mowen <nickmowen213@gmail.com> * Update docs/docs/configuration/authentication.md Co-authored-by: Nicolas Mowen <nickmowen213@gmail.com> --------- Co-authored-by: Nicolas Mowen <nickmowen213@gmail.com>
2024-05-18 19:36:13 +03:00
include auth_request.conf;
Optimize nginx & recordings (#4688) * Add segment duration metadata * Use faststart only for kept segments * Add more options for performance * Build nginx locally * Build nginx in dockerfile and enable threaded vod handling * Use DASH instead of hls * Allow player to continue on error * Undo DASH change * Fix typo * Correct log * Fix bad comments * Fix indentation * Preload stream * remove unused * Fix spacing * Fix tabs / sspaces * Retab * More cleanup
2022-12-18 02:53:34 +03:00
aio threads;
Add support for NGINX VOD Module
2021-05-18 08:52:08 +03:00
vod hls;
add secure token module to NGINX in order to pass authSig down to segment files
2021-07-13 04:54:12 +03:00
secure_token $args;
Optimize nginx & recordings (#4688) * Add segment duration metadata * Use faststart only for kept segments * Add more options for performance * Build nginx locally * Build nginx in dockerfile and enable threaded vod handling * Use DASH instead of hls * Allow player to continue on error * Undo DASH change * Fix typo * Correct log * Fix bad comments * Fix indentation * Preload stream * remove unused * Fix spacing * Fix tabs / sspaces * Retab * More cleanup
2022-12-18 02:53:34 +03:00
secure_token_types application/vnd.apple.mpegurl;
add secure token module to NGINX in order to pass authSig down to segment files
2021-07-13 04:54:12 +03:00
optimize caching of image data from api
2022-04-25 16:00:01 +03:00
add_header Cache-Control "no-store";
expires off;
Add support for NGINX VOD Module
2021-05-18 08:52:08 +03:00
}
add nginx and change default file locations
2020-11-02 14:44:16 +03:00
location /stream/ {
Auth! (#11347) * reload the window on 401 * backend apis for auth * add login page * re-enable web linter * fix login page routing * bypass csrf for internal auth endpoint * disable healthcheck in devcontainer target * include login page in vite build * redirect to login page on 401 * implement config for users and settings * implement JWT actual secret * add brute force protection on login * add support for redirecting from auth failures on api calls * return location for redirect * default cookie name should pass regex test * set hash iterations to current OWASP recommendation * move users to database instead of config * config option to reset admin password on startup * user management UI * check for deleted user on refresh * validate username and fixes * remove password constraint * cleanup * fix user check on refresh * web fixes * implement auth via new external port * use x-forwarded-for to rate limit login attempts by ip * implement logout and profile * fixes * lint fixes * add support for user passthru from upstream proxies * add support for specifying a logout url * add documentation * Update docs/docs/configuration/authentication.md Co-authored-by: Nicolas Mowen <nickmowen213@gmail.com> * Update docs/docs/configuration/authentication.md Co-authored-by: Nicolas Mowen <nickmowen213@gmail.com> --------- Co-authored-by: Nicolas Mowen <nickmowen213@gmail.com>
2024-05-18 19:36:13 +03:00
include auth_request.conf;
optimize caching of image data from api
2022-04-25 16:00:01 +03:00
add_header Cache-Control "no-store";
expires off;
add nginx and change default file locations
2020-11-02 14:44:16 +03:00
types {
application/dash+xml mpd;
application/vnd.apple.mpegurl m3u8;
video/mp2t ts;
image/jpeg jpg;
}
root /tmp;
}
update nginx config
2020-11-09 01:35:21 +03:00
location /clips/ {
Auth! (#11347) * reload the window on 401 * backend apis for auth * add login page * re-enable web linter * fix login page routing * bypass csrf for internal auth endpoint * disable healthcheck in devcontainer target * include login page in vite build * redirect to login page on 401 * implement config for users and settings * implement JWT actual secret * add brute force protection on login * add support for redirecting from auth failures on api calls * return location for redirect * default cookie name should pass regex test * set hash iterations to current OWASP recommendation * move users to database instead of config * config option to reset admin password on startup * user management UI * check for deleted user on refresh * validate username and fixes * remove password constraint * cleanup * fix user check on refresh * web fixes * implement auth via new external port * use x-forwarded-for to rate limit login attempts by ip * implement logout and profile * fixes * lint fixes * add support for user passthru from upstream proxies * add support for specifying a logout url * add documentation * Update docs/docs/configuration/authentication.md Co-authored-by: Nicolas Mowen <nickmowen213@gmail.com> * Update docs/docs/configuration/authentication.md Co-authored-by: Nicolas Mowen <nickmowen213@gmail.com> --------- Co-authored-by: Nicolas Mowen <nickmowen213@gmail.com>
2024-05-18 19:36:13 +03:00
include auth_request.conf;
add nginx and change default file locations
2020-11-02 14:44:16 +03:00
types {
video/mp4 mp4;
image/jpeg jpg;
}
move clip.mp4 backend to clips folder (#11834) * move clip.mp4 backend to clips folder * improve caching * fix check
2024-06-09 21:45:26 +03:00
expires 7d;
add_header Cache-Control "public";
add nginx and change default file locations
2020-11-02 14:44:16 +03:00
autoindex on;
update nginx config
2020-11-09 01:35:21 +03:00
root /media/frigate;
}
use a nginx internal redirect
2021-08-10 16:27:31 +03:00
location /cache/ {
Optimize nginx & recordings (#4688) * Add segment duration metadata * Use faststart only for kept segments * Add more options for performance * Build nginx locally * Build nginx in dockerfile and enable threaded vod handling * Use DASH instead of hls * Allow player to continue on error * Undo DASH change * Fix typo * Correct log * Fix bad comments * Fix indentation * Preload stream * remove unused * Fix spacing * Fix tabs / sspaces * Retab * More cleanup
2022-12-18 02:53:34 +03:00
internal; # This tells nginx it's not accessible from the outside
alias /tmp/cache/;
use a nginx internal redirect
2021-08-10 16:27:31 +03:00
}
serve up recordings with nginx
2020-11-30 16:56:19 +03:00
location /recordings/ {
Auth! (#11347) * reload the window on 401 * backend apis for auth * add login page * re-enable web linter * fix login page routing * bypass csrf for internal auth endpoint * disable healthcheck in devcontainer target * include login page in vite build * redirect to login page on 401 * implement config for users and settings * implement JWT actual secret * add brute force protection on login * add support for redirecting from auth failures on api calls * return location for redirect * default cookie name should pass regex test * set hash iterations to current OWASP recommendation * move users to database instead of config * config option to reset admin password on startup * user management UI * check for deleted user on refresh * validate username and fixes * remove password constraint * cleanup * fix user check on refresh * web fixes * implement auth via new external port * use x-forwarded-for to rate limit login attempts by ip * implement logout and profile * fixes * lint fixes * add support for user passthru from upstream proxies * add support for specifying a logout url * add documentation * Update docs/docs/configuration/authentication.md Co-authored-by: Nicolas Mowen <nickmowen213@gmail.com> * Update docs/docs/configuration/authentication.md Co-authored-by: Nicolas Mowen <nickmowen213@gmail.com> --------- Co-authored-by: Nicolas Mowen <nickmowen213@gmail.com>
2024-05-18 19:36:13 +03:00
include auth_request.conf;
Add API and WebUI to export recordings (#6550) * Add ability to export frigate clips * Add http endpoint * Add dir to nginx * Add webUI * Formatting * Cleanup unused * Optimize timelapse * Fix pts * Use JSON body for params * Use hwaccel to encode when available * Print ffmpeg command when fail * Print ffmpeg command when fail * Add separate ffmpeg preset for timelapse * Add docs outlining the export directory * Add export docs * Use '' * Fix playlist max time * Lower max playlist time * Add api docs for export * isort fixes
2023-06-08 14:32:35 +03:00
types {
video/mp4 mp4;
}
autoindex on;
autoindex_format json;
root /media/frigate;
}
location /exports/ {
Auth! (#11347) * reload the window on 401 * backend apis for auth * add login page * re-enable web linter * fix login page routing * bypass csrf for internal auth endpoint * disable healthcheck in devcontainer target * include login page in vite build * redirect to login page on 401 * implement config for users and settings * implement JWT actual secret * add brute force protection on login * add support for redirecting from auth failures on api calls * return location for redirect * default cookie name should pass regex test * set hash iterations to current OWASP recommendation * move users to database instead of config * config option to reset admin password on startup * user management UI * check for deleted user on refresh * validate username and fixes * remove password constraint * cleanup * fix user check on refresh * web fixes * implement auth via new external port * use x-forwarded-for to rate limit login attempts by ip * implement logout and profile * fixes * lint fixes * add support for user passthru from upstream proxies * add support for specifying a logout url * add documentation * Update docs/docs/configuration/authentication.md Co-authored-by: Nicolas Mowen <nickmowen213@gmail.com> * Update docs/docs/configuration/authentication.md Co-authored-by: Nicolas Mowen <nickmowen213@gmail.com> --------- Co-authored-by: Nicolas Mowen <nickmowen213@gmail.com>
2024-05-18 19:36:13 +03:00
include auth_request.conf;
serve up recordings with nginx
2020-11-30 16:56:19 +03:00
types {
video/mp4 mp4;
}
autoindex on;
autoindex_format json;
root /media/frigate;
}
simple echo websocket working
2021-02-13 17:09:44 +03:00
location /ws {
Auth! (#11347) * reload the window on 401 * backend apis for auth * add login page * re-enable web linter * fix login page routing * bypass csrf for internal auth endpoint * disable healthcheck in devcontainer target * include login page in vite build * redirect to login page on 401 * implement config for users and settings * implement JWT actual secret * add brute force protection on login * add support for redirecting from auth failures on api calls * return location for redirect * default cookie name should pass regex test * set hash iterations to current OWASP recommendation * move users to database instead of config * config option to reset admin password on startup * user management UI * check for deleted user on refresh * validate username and fixes * remove password constraint * cleanup * fix user check on refresh * web fixes * implement auth via new external port * use x-forwarded-for to rate limit login attempts by ip * implement logout and profile * fixes * lint fixes * add support for user passthru from upstream proxies * add support for specifying a logout url * add documentation * Update docs/docs/configuration/authentication.md Co-authored-by: Nicolas Mowen <nickmowen213@gmail.com> * Update docs/docs/configuration/authentication.md Co-authored-by: Nicolas Mowen <nickmowen213@gmail.com> --------- Co-authored-by: Nicolas Mowen <nickmowen213@gmail.com>
2024-05-18 19:36:13 +03:00
include auth_request.conf;
remove gevent fixes #920
2021-06-14 15:31:13 +03:00
proxy_pass http://mqtt_ws/;
refactor and disable access logs for stats and version (#8259)
2023-10-21 16:15:24 +03:00
include proxy.conf;
simple echo websocket working
2021-02-13 17:09:44 +03:00
}
Add go2rtc and add restream role / live source (#4082) * Pull go2rtc dependency * Add go2rtc to local services and add to s6 * Add relay controller for go2rtc * Add restream role * Add restream role * Add restream to nginx * Add camera live source config * Disable RTMP by default and use restream * Use go2rtc for camera config * Fix go2rtc move * Start restream on frigate start * Send restream to camera level * Fix restream * Make sure jsmpeg works as expected * Make view rspect live size config * Tweak player options to fit live view * Adjust VideoPlayer to accept live option which disables irrelevant controls * Add multiple options from restream live view * Add base for webrtc option * Setup specific restream modules * Make mp4 the default streaming for now * Expose 8554 for rtsp relay from go2rtc * Formatting * Update docs to suggest new restream method. * Update docs to reflect restream role * Update docs to reflect restream role * Add webrtc player * Improvements to webRTC * Support webrtc * Cleanup * Adjust rtmp test and add restream test * Fix tests * Add restream tests * Add live view docs and show different options * Small docs tweak * Support all stream types * Update to beta 9 of go2rtc * Formatting * Make jsmpeg the default * Support wss if made from https * Support wss if made from https * Use onEffect * Set url outside onEffect * Fix passed deps * Update docs about required host mode * Try memo instead * Close websocket on changing camera * Formatting * Close pc connection * Set video source to null on cleanup * Use full path since go2rtc can't see PATH var * Adjust audio codec to enable browser audio by default * Cleanup stream creation * Add restream tests * Format tests * Mock requests * Adjust paths * Move stream configs to restream * Remove live source * Remove live config * Use live persistence for which view to use on each camera * Fix live sizes * Only use jsmpeg sizes for jsmpeg live * Set max live size * Remove access of live config * Add selector for live view source in web view * Remove RTMP from default list of roles * Update docs * Fix tests * Fix docs for live view modes * make default undefined to avoid race condition * Wait until camera source is loaded to avoid race condition * Fix tests * Add config to go2rtc * Work with config * Set full path for config * Set to use stun * Check for mounted file * Look for frigate-go2rtc * Update docs to reflect webRTC configuration. * Add link to go2rtc config * Update docs to be more clear * Update docs to be more clear * Update format Co-authored-by: Felipe Santos <felipecassiors@gmail.com> * Update live docs * Improve bash startup script * Add option to force audio compatibility * Formatting * Fix mapping * Fix broken link * Update go2rtc version * Get go2rtc webui working * Add support for mse * Remove mp4 option * Undo changes to video player * Update docs for new live view options * Make separate path for mse * Remove unused * Remove mp4 path * Try to get go2rtc proxy working * Try to get go2rtc proxy working * Remove unused callback * Allow websocket on restrea dashboard * Make mse default stream option * Fix mse sizing * don't assume roles is defined * Remove nginx mapping to go2rtc ui Co-authored-by: Felipe Santos <felipecassiors@gmail.com> Co-authored-by: Blake Blackshear <blakeb@blakeshome.com>
2022-11-02 14:36:09 +03:00
location /live/jsmpeg/ {
Auth! (#11347) * reload the window on 401 * backend apis for auth * add login page * re-enable web linter * fix login page routing * bypass csrf for internal auth endpoint * disable healthcheck in devcontainer target * include login page in vite build * redirect to login page on 401 * implement config for users and settings * implement JWT actual secret * add brute force protection on login * add support for redirecting from auth failures on api calls * return location for redirect * default cookie name should pass regex test * set hash iterations to current OWASP recommendation * move users to database instead of config * config option to reset admin password on startup * user management UI * check for deleted user on refresh * validate username and fixes * remove password constraint * cleanup * fix user check on refresh * web fixes * implement auth via new external port * use x-forwarded-for to rate limit login attempts by ip * implement logout and profile * fixes * lint fixes * add support for user passthru from upstream proxies * add support for specifying a logout url * add documentation * Update docs/docs/configuration/authentication.md Co-authored-by: Nicolas Mowen <nickmowen213@gmail.com> * Update docs/docs/configuration/authentication.md Co-authored-by: Nicolas Mowen <nickmowen213@gmail.com> --------- Co-authored-by: Nicolas Mowen <nickmowen213@gmail.com>
2024-05-18 19:36:13 +03:00
include auth_request.conf;
add jsmpeg relay
2021-03-02 15:54:12 +03:00
proxy_pass http://jsmpeg/;
refactor and disable access logs for stats and version (#8259)
2023-10-21 16:15:24 +03:00
include proxy.conf;
add jsmpeg relay
2021-03-02 15:54:12 +03:00
}
Limit exposed go2rtc api to bare minimum (#8762) * only permit GET requests to go2rtc * bare minimum go2rtc passthrough * support frigate card * expose go2rtc streams data only
2023-11-28 03:25:47 +03:00
# frigate lovelace card uses this path
location /live/mse/api/ws {
Auth! (#11347) * reload the window on 401 * backend apis for auth * add login page * re-enable web linter * fix login page routing * bypass csrf for internal auth endpoint * disable healthcheck in devcontainer target * include login page in vite build * redirect to login page on 401 * implement config for users and settings * implement JWT actual secret * add brute force protection on login * add support for redirecting from auth failures on api calls * return location for redirect * default cookie name should pass regex test * set hash iterations to current OWASP recommendation * move users to database instead of config * config option to reset admin password on startup * user management UI * check for deleted user on refresh * validate username and fixes * remove password constraint * cleanup * fix user check on refresh * web fixes * implement auth via new external port * use x-forwarded-for to rate limit login attempts by ip * implement logout and profile * fixes * lint fixes * add support for user passthru from upstream proxies * add support for specifying a logout url * add documentation * Update docs/docs/configuration/authentication.md Co-authored-by: Nicolas Mowen <nickmowen213@gmail.com> * Update docs/docs/configuration/authentication.md Co-authored-by: Nicolas Mowen <nickmowen213@gmail.com> --------- Co-authored-by: Nicolas Mowen <nickmowen213@gmail.com>
2024-05-18 19:36:13 +03:00
include auth_request.conf;
Limit exposed go2rtc api to bare minimum (#8762) * only permit GET requests to go2rtc * bare minimum go2rtc passthrough * support frigate card * expose go2rtc streams data only
2023-11-28 03:25:47 +03:00
limit_except GET {
deny all;
}
proxy_pass http://go2rtc/api/ws;
refactor and disable access logs for stats and version (#8259)
2023-10-21 16:15:24 +03:00
include proxy.conf;
Add go2rtc and add restream role / live source (#4082) * Pull go2rtc dependency * Add go2rtc to local services and add to s6 * Add relay controller for go2rtc * Add restream role * Add restream role * Add restream to nginx * Add camera live source config * Disable RTMP by default and use restream * Use go2rtc for camera config * Fix go2rtc move * Start restream on frigate start * Send restream to camera level * Fix restream * Make sure jsmpeg works as expected * Make view rspect live size config * Tweak player options to fit live view * Adjust VideoPlayer to accept live option which disables irrelevant controls * Add multiple options from restream live view * Add base for webrtc option * Setup specific restream modules * Make mp4 the default streaming for now * Expose 8554 for rtsp relay from go2rtc * Formatting * Update docs to suggest new restream method. * Update docs to reflect restream role * Update docs to reflect restream role * Add webrtc player * Improvements to webRTC * Support webrtc * Cleanup * Adjust rtmp test and add restream test * Fix tests * Add restream tests * Add live view docs and show different options * Small docs tweak * Support all stream types * Update to beta 9 of go2rtc * Formatting * Make jsmpeg the default * Support wss if made from https * Support wss if made from https * Use onEffect * Set url outside onEffect * Fix passed deps * Update docs about required host mode * Try memo instead * Close websocket on changing camera * Formatting * Close pc connection * Set video source to null on cleanup * Use full path since go2rtc can't see PATH var * Adjust audio codec to enable browser audio by default * Cleanup stream creation * Add restream tests * Format tests * Mock requests * Adjust paths * Move stream configs to restream * Remove live source * Remove live config * Use live persistence for which view to use on each camera * Fix live sizes * Only use jsmpeg sizes for jsmpeg live * Set max live size * Remove access of live config * Add selector for live view source in web view * Remove RTMP from default list of roles * Update docs * Fix tests * Fix docs for live view modes * make default undefined to avoid race condition * Wait until camera source is loaded to avoid race condition * Fix tests * Add config to go2rtc * Work with config * Set full path for config * Set to use stun * Check for mounted file * Look for frigate-go2rtc * Update docs to reflect webRTC configuration. * Add link to go2rtc config * Update docs to be more clear * Update docs to be more clear * Update format Co-authored-by: Felipe Santos <felipecassiors@gmail.com> * Update live docs * Improve bash startup script * Add option to force audio compatibility * Formatting * Fix mapping * Fix broken link * Update go2rtc version * Get go2rtc webui working * Add support for mse * Remove mp4 option * Undo changes to video player * Update docs for new live view options * Make separate path for mse * Remove unused * Remove mp4 path * Try to get go2rtc proxy working * Try to get go2rtc proxy working * Remove unused callback * Allow websocket on restrea dashboard * Make mse default stream option * Fix mse sizing * don't assume roles is defined * Remove nginx mapping to go2rtc ui Co-authored-by: Felipe Santos <felipecassiors@gmail.com> Co-authored-by: Blake Blackshear <blakeb@blakeshome.com>
2022-11-02 14:36:09 +03:00
}
Limit exposed go2rtc api to bare minimum (#8762) * only permit GET requests to go2rtc * bare minimum go2rtc passthrough * support frigate card * expose go2rtc streams data only
2023-11-28 03:25:47 +03:00
location /live/webrtc/api/ws {
Auth! (#11347) * reload the window on 401 * backend apis for auth * add login page * re-enable web linter * fix login page routing * bypass csrf for internal auth endpoint * disable healthcheck in devcontainer target * include login page in vite build * redirect to login page on 401 * implement config for users and settings * implement JWT actual secret * add brute force protection on login * add support for redirecting from auth failures on api calls * return location for redirect * default cookie name should pass regex test * set hash iterations to current OWASP recommendation * move users to database instead of config * config option to reset admin password on startup * user management UI * check for deleted user on refresh * validate username and fixes * remove password constraint * cleanup * fix user check on refresh * web fixes * implement auth via new external port * use x-forwarded-for to rate limit login attempts by ip * implement logout and profile * fixes * lint fixes * add support for user passthru from upstream proxies * add support for specifying a logout url * add documentation * Update docs/docs/configuration/authentication.md Co-authored-by: Nicolas Mowen <nickmowen213@gmail.com> * Update docs/docs/configuration/authentication.md Co-authored-by: Nicolas Mowen <nickmowen213@gmail.com> --------- Co-authored-by: Nicolas Mowen <nickmowen213@gmail.com>
2024-05-18 19:36:13 +03:00
include auth_request.conf;
Limit exposed go2rtc api to bare minimum (#8762) * only permit GET requests to go2rtc * bare minimum go2rtc passthrough * support frigate card * expose go2rtc streams data only
2023-11-28 03:25:47 +03:00
limit_except GET {
deny all;
}
proxy_pass http://go2rtc/api/ws;
refactor and disable access logs for stats and version (#8259)
2023-10-21 16:15:24 +03:00
include proxy.conf;
Add go2rtc and add restream role / live source (#4082) * Pull go2rtc dependency * Add go2rtc to local services and add to s6 * Add relay controller for go2rtc * Add restream role * Add restream role * Add restream to nginx * Add camera live source config * Disable RTMP by default and use restream * Use go2rtc for camera config * Fix go2rtc move * Start restream on frigate start * Send restream to camera level * Fix restream * Make sure jsmpeg works as expected * Make view rspect live size config * Tweak player options to fit live view * Adjust VideoPlayer to accept live option which disables irrelevant controls * Add multiple options from restream live view * Add base for webrtc option * Setup specific restream modules * Make mp4 the default streaming for now * Expose 8554 for rtsp relay from go2rtc * Formatting * Update docs to suggest new restream method. * Update docs to reflect restream role * Update docs to reflect restream role * Add webrtc player * Improvements to webRTC * Support webrtc * Cleanup * Adjust rtmp test and add restream test * Fix tests * Add restream tests * Add live view docs and show different options * Small docs tweak * Support all stream types * Update to beta 9 of go2rtc * Formatting * Make jsmpeg the default * Support wss if made from https * Support wss if made from https * Use onEffect * Set url outside onEffect * Fix passed deps * Update docs about required host mode * Try memo instead * Close websocket on changing camera * Formatting * Close pc connection * Set video source to null on cleanup * Use full path since go2rtc can't see PATH var * Adjust audio codec to enable browser audio by default * Cleanup stream creation * Add restream tests * Format tests * Mock requests * Adjust paths * Move stream configs to restream * Remove live source * Remove live config * Use live persistence for which view to use on each camera * Fix live sizes * Only use jsmpeg sizes for jsmpeg live * Set max live size * Remove access of live config * Add selector for live view source in web view * Remove RTMP from default list of roles * Update docs * Fix tests * Fix docs for live view modes * make default undefined to avoid race condition * Wait until camera source is loaded to avoid race condition * Fix tests * Add config to go2rtc * Work with config * Set full path for config * Set to use stun * Check for mounted file * Look for frigate-go2rtc * Update docs to reflect webRTC configuration. * Add link to go2rtc config * Update docs to be more clear * Update docs to be more clear * Update format Co-authored-by: Felipe Santos <felipecassiors@gmail.com> * Update live docs * Improve bash startup script * Add option to force audio compatibility * Formatting * Fix mapping * Fix broken link * Update go2rtc version * Get go2rtc webui working * Add support for mse * Remove mp4 option * Undo changes to video player * Update docs for new live view options * Make separate path for mse * Remove unused * Remove mp4 path * Try to get go2rtc proxy working * Try to get go2rtc proxy working * Remove unused callback * Allow websocket on restrea dashboard * Make mse default stream option * Fix mse sizing * don't assume roles is defined * Remove nginx mapping to go2rtc ui Co-authored-by: Felipe Santos <felipecassiors@gmail.com> Co-authored-by: Blake Blackshear <blakeb@blakeshome.com>
2022-11-02 14:36:09 +03:00
}
Limit exposed go2rtc api to bare minimum (#8762) * only permit GET requests to go2rtc * bare minimum go2rtc passthrough * support frigate card * expose go2rtc streams data only
2023-11-28 03:25:47 +03:00
# pass through go2rtc player
location /live/webrtc/webrtc.html {
Auth! (#11347) * reload the window on 401 * backend apis for auth * add login page * re-enable web linter * fix login page routing * bypass csrf for internal auth endpoint * disable healthcheck in devcontainer target * include login page in vite build * redirect to login page on 401 * implement config for users and settings * implement JWT actual secret * add brute force protection on login * add support for redirecting from auth failures on api calls * return location for redirect * default cookie name should pass regex test * set hash iterations to current OWASP recommendation * move users to database instead of config * config option to reset admin password on startup * user management UI * check for deleted user on refresh * validate username and fixes * remove password constraint * cleanup * fix user check on refresh * web fixes * implement auth via new external port * use x-forwarded-for to rate limit login attempts by ip * implement logout and profile * fixes * lint fixes * add support for user passthru from upstream proxies * add support for specifying a logout url * add documentation * Update docs/docs/configuration/authentication.md Co-authored-by: Nicolas Mowen <nickmowen213@gmail.com> * Update docs/docs/configuration/authentication.md Co-authored-by: Nicolas Mowen <nickmowen213@gmail.com> --------- Co-authored-by: Nicolas Mowen <nickmowen213@gmail.com>
2024-05-18 19:36:13 +03:00
include auth_request.conf;
Limit exposed go2rtc api to bare minimum (#8762) * only permit GET requests to go2rtc * bare minimum go2rtc passthrough * support frigate card * expose go2rtc streams data only
2023-11-28 03:25:47 +03:00
limit_except GET {
deny all;
}
proxy_pass http://go2rtc/webrtc.html;
include proxy.conf;
}
# frontend uses this to fetch the version
location /api/go2rtc/api {
Auth! (#11347) * reload the window on 401 * backend apis for auth * add login page * re-enable web linter * fix login page routing * bypass csrf for internal auth endpoint * disable healthcheck in devcontainer target * include login page in vite build * redirect to login page on 401 * implement config for users and settings * implement JWT actual secret * add brute force protection on login * add support for redirecting from auth failures on api calls * return location for redirect * default cookie name should pass regex test * set hash iterations to current OWASP recommendation * move users to database instead of config * config option to reset admin password on startup * user management UI * check for deleted user on refresh * validate username and fixes * remove password constraint * cleanup * fix user check on refresh * web fixes * implement auth via new external port * use x-forwarded-for to rate limit login attempts by ip * implement logout and profile * fixes * lint fixes * add support for user passthru from upstream proxies * add support for specifying a logout url * add documentation * Update docs/docs/configuration/authentication.md Co-authored-by: Nicolas Mowen <nickmowen213@gmail.com> * Update docs/docs/configuration/authentication.md Co-authored-by: Nicolas Mowen <nickmowen213@gmail.com> --------- Co-authored-by: Nicolas Mowen <nickmowen213@gmail.com>
2024-05-18 19:36:13 +03:00
include auth_request.conf;
Limit exposed go2rtc api to bare minimum (#8762) * only permit GET requests to go2rtc * bare minimum go2rtc passthrough * support frigate card * expose go2rtc streams data only
2023-11-28 03:25:47 +03:00
limit_except GET {
deny all;
}
proxy_pass http://go2rtc/api;
refactor and disable access logs for stats and version (#8259)
2023-10-21 16:15:24 +03:00
include proxy.conf;
add go2rtc version (#6390) Update System.jsx
2023-05-05 05:04:06 +03:00
}
Re-add support for go2rtc webrtc api (#8828)
2023-12-01 16:47:09 +03:00
# integration uses this to add webrtc candidate
location /api/go2rtc/webrtc {
Auth! (#11347) * reload the window on 401 * backend apis for auth * add login page * re-enable web linter * fix login page routing * bypass csrf for internal auth endpoint * disable healthcheck in devcontainer target * include login page in vite build * redirect to login page on 401 * implement config for users and settings * implement JWT actual secret * add brute force protection on login * add support for redirecting from auth failures on api calls * return location for redirect * default cookie name should pass regex test * set hash iterations to current OWASP recommendation * move users to database instead of config * config option to reset admin password on startup * user management UI * check for deleted user on refresh * validate username and fixes * remove password constraint * cleanup * fix user check on refresh * web fixes * implement auth via new external port * use x-forwarded-for to rate limit login attempts by ip * implement logout and profile * fixes * lint fixes * add support for user passthru from upstream proxies * add support for specifying a logout url * add documentation * Update docs/docs/configuration/authentication.md Co-authored-by: Nicolas Mowen <nickmowen213@gmail.com> * Update docs/docs/configuration/authentication.md Co-authored-by: Nicolas Mowen <nickmowen213@gmail.com> --------- Co-authored-by: Nicolas Mowen <nickmowen213@gmail.com>
2024-05-18 19:36:13 +03:00
include auth_request.conf;
Re-add support for go2rtc webrtc api (#8828)
2023-12-01 16:47:09 +03:00
limit_except POST {
deny all;
}
proxy_pass http://go2rtc/api/webrtc;
include proxy.conf;
}
FastAPI example POC
2024-08-24 19:49:02 +03:00
# FIXME: Needed to disabled this rule, otherwise it fails for endpoints that end with one of those file extensions
# 1. with httptools it passes the auth.conf but then throws a 400 error "WARN "Invalid HTTP request received." -> https://github.com/encode/uvicorn/blob/47304d9ae76321f0f5f649ff4f73e09b17085933/uvicorn/protocols/http/httptools_impl.py#L165
# 2. With h11 it goes through the auth.conf but returns a 404 error
# We might need to add extra rules that will allow endpoint that end with an extension OR find a fix without creating other rules
# location ~* /api/.*\.(jpg|jpeg|png|webp|gif)$ {
# include auth_request.conf;
# rewrite ^/api/(.*)$ $1 break;
# proxy_pass http://frigate_api;
# include proxy.conf;
# }
optimize caching of image data from api
2022-04-25 16:00:01 +03:00
feat!: web user interface
2021-01-09 20:26:46 +03:00
location /api/ {
Auth! (#11347) * reload the window on 401 * backend apis for auth * add login page * re-enable web linter * fix login page routing * bypass csrf for internal auth endpoint * disable healthcheck in devcontainer target * include login page in vite build * redirect to login page on 401 * implement config for users and settings * implement JWT actual secret * add brute force protection on login * add support for redirecting from auth failures on api calls * return location for redirect * default cookie name should pass regex test * set hash iterations to current OWASP recommendation * move users to database instead of config * config option to reset admin password on startup * user management UI * check for deleted user on refresh * validate username and fixes * remove password constraint * cleanup * fix user check on refresh * web fixes * implement auth via new external port * use x-forwarded-for to rate limit login attempts by ip * implement logout and profile * fixes * lint fixes * add support for user passthru from upstream proxies * add support for specifying a logout url * add documentation * Update docs/docs/configuration/authentication.md Co-authored-by: Nicolas Mowen <nickmowen213@gmail.com> * Update docs/docs/configuration/authentication.md Co-authored-by: Nicolas Mowen <nickmowen213@gmail.com> --------- Co-authored-by: Nicolas Mowen <nickmowen213@gmail.com>
2024-05-18 19:36:13 +03:00
include auth_request.conf;
optimize caching of image data from api
2022-04-25 16:00:01 +03:00
add_header Cache-Control "no-store";
expires off;
update nginx config
2020-11-09 01:35:21 +03:00
proxy_pass http://frigate_api/;
refactor and disable access logs for stats and version (#8259)
2023-10-21 16:15:24 +03:00
include proxy.conf;
implement nginx caching (#8333) * implement nginx caching * bypass cache from frigate frontend, reduce to 5s * set cache time to 2s * cache 200s for 5s * exclude vod endpoints from cache
2023-10-29 14:47:24 +03:00
proxy_cache api_cache;
proxy_cache_lock on;
proxy_cache_use_stale updating;
proxy_cache_valid 200 5s;
proxy_cache_bypass $http_x_cache_bypass;
Only cache json requests with nginx (#8529) * Only cache json requests * Use map instead
2023-11-08 02:18:58 +03:00
proxy_no_cache $should_not_cache;
implement nginx caching (#8333) * implement nginx caching * bypass cache from frigate frontend, reduce to 5s * set cache time to 2s * cache 200s for 5s * exclude vod endpoints from cache
2023-10-29 14:47:24 +03:00
add_header X-Cache-Status $upstream_cache_status;
location /api/vod/ {
Auth! (#11347) * reload the window on 401 * backend apis for auth * add login page * re-enable web linter * fix login page routing * bypass csrf for internal auth endpoint * disable healthcheck in devcontainer target * include login page in vite build * redirect to login page on 401 * implement config for users and settings * implement JWT actual secret * add brute force protection on login * add support for redirecting from auth failures on api calls * return location for redirect * default cookie name should pass regex test * set hash iterations to current OWASP recommendation * move users to database instead of config * config option to reset admin password on startup * user management UI * check for deleted user on refresh * validate username and fixes * remove password constraint * cleanup * fix user check on refresh * web fixes * implement auth via new external port * use x-forwarded-for to rate limit login attempts by ip * implement logout and profile * fixes * lint fixes * add support for user passthru from upstream proxies * add support for specifying a logout url * add documentation * Update docs/docs/configuration/authentication.md Co-authored-by: Nicolas Mowen <nickmowen213@gmail.com> * Update docs/docs/configuration/authentication.md Co-authored-by: Nicolas Mowen <nickmowen213@gmail.com> --------- Co-authored-by: Nicolas Mowen <nickmowen213@gmail.com>
2024-05-18 19:36:13 +03:00
include auth_request.conf;
implement nginx caching (#8333) * implement nginx caching * bypass cache from frigate frontend, reduce to 5s * set cache time to 2s * cache 200s for 5s * exclude vod endpoints from cache
2023-10-29 14:47:24 +03:00
proxy_pass http://frigate_api/vod/;
include proxy.conf;
proxy_cache off;
}
Auth! (#11347) * reload the window on 401 * backend apis for auth * add login page * re-enable web linter * fix login page routing * bypass csrf for internal auth endpoint * disable healthcheck in devcontainer target * include login page in vite build * redirect to login page on 401 * implement config for users and settings * implement JWT actual secret * add brute force protection on login * add support for redirecting from auth failures on api calls * return location for redirect * default cookie name should pass regex test * set hash iterations to current OWASP recommendation * move users to database instead of config * config option to reset admin password on startup * user management UI * check for deleted user on refresh * validate username and fixes * remove password constraint * cleanup * fix user check on refresh * web fixes * implement auth via new external port * use x-forwarded-for to rate limit login attempts by ip * implement logout and profile * fixes * lint fixes * add support for user passthru from upstream proxies * add support for specifying a logout url * add documentation * Update docs/docs/configuration/authentication.md Co-authored-by: Nicolas Mowen <nickmowen213@gmail.com> * Update docs/docs/configuration/authentication.md Co-authored-by: Nicolas Mowen <nickmowen213@gmail.com> --------- Co-authored-by: Nicolas Mowen <nickmowen213@gmail.com>
2024-05-18 19:36:13 +03:00
location /api/login {
auth_request off;
rewrite ^/api(/.*)$ $1 break;
proxy_pass http://frigate_api;
include proxy.conf;
}
refactor and disable access logs for stats and version (#8259)
2023-10-21 16:15:24 +03:00
location /api/stats {
Auth! (#11347) * reload the window on 401 * backend apis for auth * add login page * re-enable web linter * fix login page routing * bypass csrf for internal auth endpoint * disable healthcheck in devcontainer target * include login page in vite build * redirect to login page on 401 * implement config for users and settings * implement JWT actual secret * add brute force protection on login * add support for redirecting from auth failures on api calls * return location for redirect * default cookie name should pass regex test * set hash iterations to current OWASP recommendation * move users to database instead of config * config option to reset admin password on startup * user management UI * check for deleted user on refresh * validate username and fixes * remove password constraint * cleanup * fix user check on refresh * web fixes * implement auth via new external port * use x-forwarded-for to rate limit login attempts by ip * implement logout and profile * fixes * lint fixes * add support for user passthru from upstream proxies * add support for specifying a logout url * add documentation * Update docs/docs/configuration/authentication.md Co-authored-by: Nicolas Mowen <nickmowen213@gmail.com> * Update docs/docs/configuration/authentication.md Co-authored-by: Nicolas Mowen <nickmowen213@gmail.com> --------- Co-authored-by: Nicolas Mowen <nickmowen213@gmail.com>
2024-05-18 19:36:13 +03:00
include auth_request.conf;
refactor and disable access logs for stats and version (#8259)
2023-10-21 16:15:24 +03:00
access_log off;
Include leading slash of path in rewrite rule for frigate_api in nginx.conf (#10888) Noticed the healthcheck curl requests were failing as they were routed to http://127.0.0.1:5001version instead of http://127.0.0.1:5001/version
2024-04-11 14:41:07 +03:00
rewrite ^/api(/.*)$ $1 break;
fix route for stats and version (#8263)
2023-10-21 18:40:46 +03:00
proxy_pass http://frigate_api;
refactor and disable access logs for stats and version (#8259)
2023-10-21 16:15:24 +03:00
include proxy.conf;
}
location /api/version {
Auth! (#11347) * reload the window on 401 * backend apis for auth * add login page * re-enable web linter * fix login page routing * bypass csrf for internal auth endpoint * disable healthcheck in devcontainer target * include login page in vite build * redirect to login page on 401 * implement config for users and settings * implement JWT actual secret * add brute force protection on login * add support for redirecting from auth failures on api calls * return location for redirect * default cookie name should pass regex test * set hash iterations to current OWASP recommendation * move users to database instead of config * config option to reset admin password on startup * user management UI * check for deleted user on refresh * validate username and fixes * remove password constraint * cleanup * fix user check on refresh * web fixes * implement auth via new external port * use x-forwarded-for to rate limit login attempts by ip * implement logout and profile * fixes * lint fixes * add support for user passthru from upstream proxies * add support for specifying a logout url * add documentation * Update docs/docs/configuration/authentication.md Co-authored-by: Nicolas Mowen <nickmowen213@gmail.com> * Update docs/docs/configuration/authentication.md Co-authored-by: Nicolas Mowen <nickmowen213@gmail.com> --------- Co-authored-by: Nicolas Mowen <nickmowen213@gmail.com>
2024-05-18 19:36:13 +03:00
include auth_request.conf;
refactor and disable access logs for stats and version (#8259)
2023-10-21 16:15:24 +03:00
access_log off;
Include leading slash of path in rewrite rule for frigate_api in nginx.conf (#10888) Noticed the healthcheck curl requests were failing as they were routed to http://127.0.0.1:5001version instead of http://127.0.0.1:5001/version
2024-04-11 14:41:07 +03:00
rewrite ^/api(/.*)$ $1 break;
fix route for stats and version (#8263)
2023-10-21 18:40:46 +03:00
proxy_pass http://frigate_api;
refactor and disable access logs for stats and version (#8259)
2023-10-21 16:15:24 +03:00
include proxy.conf;
}
add nginx and change default file locations
2020-11-02 14:44:16 +03:00
}
feat!: web user interface
2021-01-09 20:26:46 +03:00
location / {
Auth! (#11347) * reload the window on 401 * backend apis for auth * add login page * re-enable web linter * fix login page routing * bypass csrf for internal auth endpoint * disable healthcheck in devcontainer target * include login page in vite build * redirect to login page on 401 * implement config for users and settings * implement JWT actual secret * add brute force protection on login * add support for redirecting from auth failures on api calls * return location for redirect * default cookie name should pass regex test * set hash iterations to current OWASP recommendation * move users to database instead of config * config option to reset admin password on startup * user management UI * check for deleted user on refresh * validate username and fixes * remove password constraint * cleanup * fix user check on refresh * web fixes * implement auth via new external port * use x-forwarded-for to rate limit login attempts by ip * implement logout and profile * fixes * lint fixes * add support for user passthru from upstream proxies * add support for specifying a logout url * add documentation * Update docs/docs/configuration/authentication.md Co-authored-by: Nicolas Mowen <nickmowen213@gmail.com> * Update docs/docs/configuration/authentication.md Co-authored-by: Nicolas Mowen <nickmowen213@gmail.com> --------- Co-authored-by: Nicolas Mowen <nickmowen213@gmail.com>
2024-05-18 19:36:13 +03:00
# do not require auth for static assets
optimize caching of image data from api
2022-04-25 16:00:01 +03:00
add_header Cache-Control "no-store";
expires off;
feat(nginx): enable gzip compression and cache control for static files
2021-01-29 08:04:52 +03:00
optimize caching of image data from api
2022-04-25 16:00:01 +03:00
location /assets/ {
feat(nginx): enable gzip compression and cache control for static files
2021-01-29 08:04:52 +03:00
access_log off;
expires 1y;
add_header Cache-Control "public";
}
get ingress to play nice with vite
2022-05-19 15:31:02 +03:00
sub_filter 'href="/BASE_PATH/' 'href="$http_x_ingress_path/';
sub_filter 'url(/BASE_PATH/' 'url($http_x_ingress_path/';
sub_filter '"/BASE_PATH/dist/' '"$http_x_ingress_path/dist/';
sub_filter '"/BASE_PATH/js/' '"$http_x_ingress_path/js/';
sub_filter '"/BASE_PATH/assets/' '"$http_x_ingress_path/assets/';
Fix monaco editor issues (#4724) * Add sub filter for monaco editor * Don't include files for unused languages * Move necessary files and cleanup build * Update sub filter for new location * Still need to include default editor worker * Fix error when model already exists
2022-12-18 02:55:41 +03:00
sub_filter '"/BASE_PATH/monacoeditorwork/' '"$http_x_ingress_path/assets/';
Web updates and fixes (#4411) * update dependencies * Bump loader-utils from 2.0.3 to 2.0.4 in /docs Bumps [loader-utils](https://github.com/webpack/loader-utils) from 2.0.3 to 2.0.4. - [Release notes](https://github.com/webpack/loader-utils/releases) - [Changelog](https://github.com/webpack/loader-utils/blob/v2.0.4/CHANGELOG.md) - [Commits](https://github.com/webpack/loader-utils/compare/v2.0.3...v2.0.4) --- updated-dependencies: - dependency-name: loader-utils dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> * update BASE_PATH replacement Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-11-17 16:05:27 +03:00
sub_filter 'return"/BASE_PATH/"' 'return window.baseUrl';
get ingress to play nice with vite
2022-05-19 15:31:02 +03:00
sub_filter '<body>' '<body><script>window.baseUrl="$http_x_ingress_path/";</script>';
first pass at subfilter for ingress support
2021-01-20 04:58:17 +03:00
sub_filter_types text/css application/javascript;
sub_filter_once off;
feat(nginx): enable gzip compression and cache control for static files
2021-01-29 08:04:52 +03:00
first pass at subfilter for ingress support
2021-01-20 04:58:17 +03:00
root /opt/frigate/web;
Auth! (#11347) * reload the window on 401 * backend apis for auth * add login page * re-enable web linter * fix login page routing * bypass csrf for internal auth endpoint * disable healthcheck in devcontainer target * include login page in vite build * redirect to login page on 401 * implement config for users and settings * implement JWT actual secret * add brute force protection on login * add support for redirecting from auth failures on api calls * return location for redirect * default cookie name should pass regex test * set hash iterations to current OWASP recommendation * move users to database instead of config * config option to reset admin password on startup * user management UI * check for deleted user on refresh * validate username and fixes * remove password constraint * cleanup * fix user check on refresh * web fixes * implement auth via new external port * use x-forwarded-for to rate limit login attempts by ip * implement logout and profile * fixes * lint fixes * add support for user passthru from upstream proxies * add support for specifying a logout url * add documentation * Update docs/docs/configuration/authentication.md Co-authored-by: Nicolas Mowen <nickmowen213@gmail.com> * Update docs/docs/configuration/authentication.md Co-authored-by: Nicolas Mowen <nickmowen213@gmail.com> --------- Co-authored-by: Nicolas Mowen <nickmowen213@gmail.com>
2024-05-18 19:36:13 +03:00
try_files $uri $uri.html $uri/ /index.html;
feat!: web user interface
2021-01-09 20:26:46 +03:00
}
add nginx and change default file locations
2020-11-02 14:44:16 +03:00
}
add support for rebroadcasting as rtmp
2020-11-28 16:58:27 +03:00
}
Reference in New Issue Copy Permalink