Mate it is described already in the tutorial, you just need to read !
Brother, Believe me. I have read the tutorial again and again for 3 days but the part where its stated
use this config file as templete,
nginx.conf.ssl_for_xtreamui.txt.zip(2 KiB) Downloaded 157 times
Its confusing as the links are not opening and no such template regarding XTREAM UI can be found.
I have founded some template and edited it with my domain name and path.
Its working fine. Just SSL is showing not secure. I have given exceptional permission for admin panel and for streams it ask everytime to accept or abort.
How I can FIX it?
user xtreamcodes;
worker_processes auto;
worker_rlimit_nofile 300000;
events {
worker_connections 16000;
use epoll;
accept_mutex on;
multi_accept on;
}
thread_pool pool_xtream threads=32 max_queue=0;
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
reset_timedout_connection on;
gzip off;
fastcgi_read_timeout 200;
access_log /home/xtreamcodes/iptv_xtream_codes/logs/access.log;
keepalive_timeout 10;
include balance.conf;
send_timeout 20m;
sendfile_max_chunk 512k;
lingering_close off;
aio threads=pool_xtream;
client_body_timeout 13s;
client_header_timeout 13s;
client_max_body_size 3m;
limit_req_zone $binary_remote_addr zone=one:30m rate=20r/s;
#this part is broadcast port without ssl as default.
server {
listen 25461;
index index.php index.html index.htm;
root /home/xtreamcodes/iptv_xtream_codes/wwwdir/;
server_name mydomain.com;
server_tokens off;
chunked_transfer_encoding off;
if ( $request_method !~ ^(GET|POST)$ ) {
return 200;
}
rewrite_log on;
rewrite ^/live/(.*)/(.*)/(.*)\.(.*)$ /streaming/clients_live.php?username=$1&password=$2&stream=$3&extension=$4 break;
rewrite ^/movie/(.*)/(.*)/(.*)$ /streaming/clients_movie.php?username=$1&password=$2&stream=$3&type=movie break;
rewrite ^/series/(.*)/(.*)/(.*)$ /streaming/clients_movie.php?username=$1&password=$2&stream=$3&type=series break;
rewrite ^/(.*)/(.*)/(.*).ch$ /streaming/clients_live.php?username=$1&password=$2&stream=$3&extension=ts break;
rewrite ^/(.*)\.ch$ /streaming/clients_live.php?extension=ts&stream=$1&qs=$query_string break;
rewrite ^/ch(.*)\.m3u8$ /streaming/clients_live.php?extension=m3u8&stream=$1&qs=$query_string break;
rewrite ^/hls/(.*)/(.*)/(.*)/(.*)/(.*)$ /streaming/clients_live.php?extension=m3u8&username=$1&password=$2&stream=$3&type=hls&segment=$5&token=$4 break;
rewrite ^/hlsr/(.*)/(.*)/(.*)/(.*)/(.*)/(.*)$ /streaming/clients_live.php?token=$1&username=$2&password=$3&segment=$6&stream=$4&key_seg=$5 break;
rewrite ^/timeshift/(.*)/(.*)/(.*)/(.*)/(.*)\.(.*)$ /streaming/timeshift.php?username=$1&password=$2&stream=$5&extension=$6&duration=$3&start=$4 break;
rewrite ^/timeshifts/(.*)/(.*)/(.*)/(.*)/(.*)\.(.*)$ /streaming/timeshift.php?username=$1&password=$2&stream=$4&extension=$6&duration=$3&start=$5 break;
rewrite ^/(.*)/(.*)/(\d+)$ /streaming/clients_live.php?username=$1&password=$2&stream=$3&extension=ts break;
#add pvr support
rewrite ^/server/load.php$ /portal.php break;
location /stalker_portal/c {
alias /home/xtreamcodes/iptv_xtream_codes/wwwdir/c;
}
#FFmpeg Report Progress
location = /progress.php {
allow 127.0.0.1;
deny all;
fastcgi_pass php;
include fastcgi_params;
fastcgi_ignore_client_abort on;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
}
location ~ \.php$ {
limit_req zone=one burst=8;
try_files $uri =404;
fastcgi_index index.php;
fastcgi_pass php;
include fastcgi_params;
fastcgi_buffering on;
fastcgi_buffers 96 32k;
fastcgi_buffer_size 32k;
fastcgi_max_temp_file_size 0;
fastcgi_keep_conn on;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
}
}
#this part for broadcast port with ssl
server {
listen 25463 ssl;
ssl_certificate /etc/letsencrypt/live/mydomain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/mydomain.com/privkey.pem;
ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
# wget --no-check-certificate "
https://ssl-config.mozilla.org/ffdhe2048.txt" -O /home/xtreamcodes/iptv_xtream_codes/nginx/conf/dhparam.pem
ssl_dhparam dhparam.pem;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305
HE-RSA-AES128-GCM-SHA256
HE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers on;
ssl_ecdh_curve auto;
ssl_session_timeout 10m;
ssl_session_cache shared:MozSSL:10m;
ssl_session_tickets off;
ssl_stapling on;
ssl_stapling_verify on;
resolver 1.1.1.1 1.0.0.1 valid=300s;
resolver_timeout 5s;
error_page 497 https://$host:25463$request_uri;
index index.php index.html index.htm;
root /home/xtreamcodes/iptv_xtream_codes/wwwdir/;
server_name mydomain.com;
server_tokens off;
chunked_transfer_encoding off;
if ( $request_method !~ ^(GET|POST)$ ) {
return 200;
}
rewrite_log on;
rewrite ^/live/(.*)/(.*)/(.*)\.(.*)$ /streaming/clients_live.php?username=$1&password=$2&stream=$3&extension=$4 break;
rewrite ^/movie/(.*)/(.*)/(.*)$ /streaming/clients_movie.php?username=$1&password=$2&stream=$3&type=movie break;
rewrite ^/series/(.*)/(.*)/(.*)$ /streaming/clients_movie.php?username=$1&password=$2&stream=$3&type=series break;
rewrite ^/(.*)/(.*)/(.*).ch$ /streaming/clients_live.php?username=$1&password=$2&stream=$3&extension=ts break;
rewrite ^/(.*)\.ch$ /streaming/clients_live.php?extension=ts&stream=$1&qs=$query_string break;
rewrite ^/ch(.*)\.m3u8$ /streaming/clients_live.php?extension=m3u8&stream=$1&qs=$query_string break;
rewrite ^/hls/(.*)/(.*)/(.*)/(.*)/(.*)$ /streaming/clients_live.php?extension=m3u8&username=$1&password=$2&stream=$3&type=hls&segment=$5&token=$4 break;
rewrite ^/hlsr/(.*)/(.*)/(.*)/(.*)/(.*)/(.*)$ /streaming/clients_live.php?token=$1&username=$2&password=$3&segment=$6&stream=$4&key_seg=$5 break;
rewrite ^/timeshift/(.*)/(.*)/(.*)/(.*)/(.*)\.(.*)$ /streaming/timeshift.php?username=$1&password=$2&stream=$5&extension=$6&duration=$3&start=$4 break;
rewrite ^/timeshifts/(.*)/(.*)/(.*)/(.*)/(.*)\.(.*)$ /streaming/timeshift.php?username=$1&password=$2&stream=$4&extension=$6&duration=$3&start=$5 break;
rewrite ^/(.*)/(.*)/(\d+)$ /streaming/clients_live.php?username=$1&password=$2&stream=$3&extension=ts break;
#add pvr support
rewrite ^/server/load.php$ /portal.php break;
location /stalker_portal/c {
alias /home/xtreamcodes/iptv_xtream_codes/wwwdir/c;
}
#FFmpeg Report Progress
location = /progress.php {
allow 127.0.0.1;
deny all;
fastcgi_pass php;
include fastcgi_params;
fastcgi_ignore_client_abort on;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
}
location ~ \.php$ {
limit_req zone=one burst=8;
try_files $uri =404;
fastcgi_index index.php;
fastcgi_pass php;
include fastcgi_params;
fastcgi_buffering on;
fastcgi_buffers 96 32k;
fastcgi_buffer_size 32k;
fastcgi_max_temp_file_size 0;
fastcgi_keep_conn on;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
}
}
#this part is admin panel port without ssl as default
server {
listen 25500;
index index.php index.html index.htm;
root /home/xtreamcodes/iptv_xtream_codes/admin/;
server_name mydomain.com;
location ~ \.php$ {
limit_req zone=one burst=8;
try_files $uri =404;
fastcgi_index index.php;
fastcgi_pass php;
include fastcgi_params;
fastcgi_buffering on;
fastcgi_buffers 96 32k;
fastcgi_buffer_size 32k;
fastcgi_max_temp_file_size 0;
fastcgi_keep_conn on;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
}
}
#you can use port 80 or you can delete port 80 redirect, it is up to you.
server {
listen 80;
server_name mydomain.com;
return 301 https://$host$request_uri;
#return 301 https://$host:$server_port$request_uri; #you can redirect an http port to https with same port
#return 301 https://$host:your_https_port$request_uri; #you can redirect any http port to an https port
}
#this part is admin panel port with ssl
#NOT- default nginx build of xc is old and doesn't support http2 and openssl 1.1.1d
server {
listen 443 ssl http;
listen 25443 ssl http;
ssl_certificate /etc/letsencrypt/live/mydomain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/mydomain.com/privkey.pem;
ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
# wget --no-check-certificate "
https://ssl-config.mozilla.org/ffdhe2048.txt" -O /home/xtreamcodes/iptv_xtream_codes/nginx/conf/dhparam.pem
ssl_dhparam dhparam.pem;
ssl_prefer_server_ciphers on;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305
HE-RSA-AES128-GCM-SHA256
HE-RSA-AES256-GCM-SHA384;
# ssl_ecdh_curve auto;
ssl_session_timeout 10m;
ssl_session_cache shared:MozSSL:10m;
ssl_session_tickets off;
ssl_stapling on;
ssl_stapling_verify on;
resolver 1.1.1.1 1.0.0.1 valid=300s;
resolver_timeout 5s;
index index.php index.html index.htm;
root /home/xtreamcodes/iptv_xtream_codes/admin/;
server_name mydomain.com;
error_page 497 https://$host:$server_port$request_uri;
location ~ \.php$ {
limit_req zone=one burst=8;
try_files $uri =404;
fastcgi_index index.php;
fastcgi_pass php;
include fastcgi_params;
fastcgi_buffering on;
fastcgi_buffers 96 32k;
fastcgi_buffer_size 32k;
fastcgi_max_temp_file_size 0;
fastcgi_keep_conn on;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
}
}
}