Add nginx server on feed interface.

apache24/httpd.conf

@@ -1,7 +1,9 @@
+ServerName othostash.com
+ServerRoot /usr/local
 
-ServerRoot "/usr/local"
-
-Listen 443
+Listen [2603:3015:1003:566d::dad:db]:80
+Listen [2603:3015:1003:566d::dad:db]:443
+Listen 10.1.9.10:443
 
 LoadModule mpm_prefork_module libexec/apache24/mod_mpm_prefork.so
 LoadModule authn_file_module libexec/apache24/mod_authn_file.so
@@ -49,74 +51,87 @@ Group www
     Require all denied
 </Directory>
 
-MDomain othostash.com
+MDCertificateAgreement accepted
+MDContactEmail admin@othostash.com
+MDomain othostash.com www.othostash.com
 
-#<VirtualHost 10.1.9.10:443>
+# <VirtualHost [2603:3015:1003:566d::dad:feed]:443>
+#     ServerName "plex.othostash.com"
+#     SSLEngine on
+#     ProxyPass "/" "http://localhost:32400"
+#     ProxyPassReverse "/" "http://localhost:32400"
+# </VirtualHost>
 
-<Location "/md-status">
-    SetHandler md-status
-</Location>
+<VirtualHost 10.1.9.10:443 [2603:3015:1003:566d::dad:db]:443>
+    ServerName "www.othostash.com"
+    ServerName "othostash.com"
 
-DocumentRoot "/data"
-<Directory "/data">
-    Options Indexes
-    AllowOverride Options Indexes FileInfo AuthConfig
-    AuthType Basic
-    AuthName "Who be you?"
-    AuthUserFile /usr/local/etc/apache24/.badpass
-    Require valid-user
-</Directory>
+    <Location "/md-status">
+        SetHandler md-status
+    </Location>
 
-<DirectoryMatch "^.*/\..*">
-    Require all denied
-</DirectoryMatch>
+    DocumentRoot "/data"
+    <Directory "/data">
+        Options Indexes
+        AllowOverride Options Indexes FileInfo AuthConfig
+        AuthType Basic
+        AuthName "Who be you?"
+        AuthUserFile /usr/local/etc/apache24/.badpass
+        Require valid-user
+    </Directory>
 
-<Files ".*">
-    Require all denied
-</Files>
+    <DirectoryMatch "^.*/\..*">
+        Require all denied
+    </DirectoryMatch>
 
-<IfModule dir_module>
-    DirectoryIndex index.html
-</IfModule>
+    <Files ".*">
+        Require all denied
+    </Files>
 
-SSLEngine		on
-SSLCertificateFile	    /usr/local/etc/apache24/fullchain.pem
-SSLCertificateKeyFile	/usr/local/etc/apache24/privkey.pem
-
-ErrorLog "/var/log/httpd-error.log"
-LogLevel warn
-
-<IfModule log_config_module>
-    LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
-    LogFormat "%h %l %u %t \"%r\" %>s %b" common
-
-    <IfModule logio_module>
-      # You need to enable mod_logio.c to use %I and %O
-      LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
+    <IfModule dir_module>
+        DirectoryIndex index.html
     </IfModule>
 
-    CustomLog "/var/log/httpd-access.log" common
-</IfModule>
+    SSLEngine		on
+    # SSLCertificateFile	    /usr/local/etc/apache24/fullchain.pem
+    # SSLCertificateKeyFile	/usr/local/etc/apache24/privkey.pem
 
-<IfModule alias_module>
-    ScriptAlias /cgi-bin/ "/data/metadata/www/cgi-bin/"
-</IfModule>
+    ErrorLog "/var/log/httpd-error.log"
+    LogLevel warn
 
-<Directory "/data/metadata/www/cgi-bin">
-    AllowOverride None
-    Options None
-    Require all granted
-</Directory>
+    <IfModule log_config_module>
+        LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
+        LogFormat "%h %l %u %t \"%r\" %>s %b" common
 
-<IfModule headers_module>
-    RequestHeader unset Proxy early
-</IfModule>
+        <IfModule logio_module>
+        # You need to enable mod_logio.c to use %I and %O
+        LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
+        </IfModule>
 
-<IfModule mime_module>
-    TypesConfig etc/apache24/mime.types
-    AddType application/x-compress .Z
-    AddType application/x-gzip .gz .tgz
-</IfModule>
+        CustomLog "/var/log/httpd-access.log" common
+    </IfModule>
+
+    <IfModule alias_module>
+        ScriptAlias /cgi-bin/ "/data/metadata/www/cgi-bin/"
+    </IfModule>
+
+    <Directory "/data/metadata/www/cgi-bin">
+        AllowOverride None
+        Options None
+        Require all granted
+    </Directory>
+
+    <IfModule headers_module>
+        RequestHeader unset Proxy early
+    </IfModule>
+
+    <IfModule mime_module>
+        TypesConfig etc/apache24/mime.types
+        AddType application/x-compress .Z
+        AddType application/x-gzip .gz .tgz
+    </IfModule>
+
+</VirtualHost>
 
 <IfModule ssl_module>
     SSLRandomSeed startup builtin

dns.tf

@@ -18,22 +18,47 @@ terraform {
 
 provider "namecheap" {}
 
-variable "stashbox-vip" {
+variable "network" {
   type    = string
-  default = "stashbox.delhi.o4data.net."
+  default = "2603:3015:1003:566d"
+}
+
+variable "ipv4" {
+  type    = string
+  default = "96.78.236.124"
 }
 
 resource "namecheap_domain_records" "othostash" {
   domain = "othostash.com"
   record {
     hostname = "@"
-    address  = var.stashbox-vip
-    type     = "ALIAS"
-    ttl      = 300
+    address  = "${var.network}::dad:db"
+    type     = "AAAA"
+  }
+  record {
+    hostname = "feed"
+    address  = "${var.network}::dad:feed"
+    type     = "AAAA"
   }
   record {
     hostname = "www"
-    address  = "othostash.com."
+    address  = "othostash.com"
     type     = "CNAME"
   }
+  record {
+    hostname = "plex"
+    address  = "feed.othostash.com"
+    type     = "CNAME"
+  }
+
+  record {
+    hostname = "@"
+    address  = var.ipv4
+    type     = "A"
+  }
+  record {
+    hostname = "feed"
+    address  = var.ipv4
+    type     = "A"
+  }
 }

nginx/nginx.conf

@@ -0,0 +1,67 @@
+
+#user  nobody;
+worker_processes  auto;
+
+# This default error log path is compiled-in to make sure configuration parsing
+# errors are logged somewhere, especially during unattended boot when stderr
+# isn't normally logged anywhere. This path will be touched on every nginx
+# start regardless of error log location configured here. See
+# https://trac.nginx.org/nginx/ticket/147 for more info. 
+#
+#error_log  /var/log/nginx/error.log;
+#
+
+#pid        logs/nginx.pid;
+
+
+events {
+    worker_connections  1024;
+}
+
+
+http {
+
+    upstream plex_backend {
+         server [::1]:32400; # replace 'plex' with the name you gave to your plex container if necessary!
+         keepalive 32;
+     }
+
+    server {
+        listen [2603:3015:1003:566d::dad:feed]:80;
+        listen 10.1.9.10:80;
+        resolver [2603:3015:1003:5661::cede];
+        server_name plex.othostash.com;
+        gzip on;
+        gzip_vary on;
+        gzip_min_length 1000;
+        gzip_proxied any;
+        gzip_types text/plain text/css text/xml application/xml text/javascript application/x-javascript image/svg+xml;
+        gzip_disable "MSIE [1-6]\.";
+
+        # Forward real ip and host to Plex
+        proxy_set_header Host $host;
+        proxy_set_header Referer localhost;
+        proxy_set_header Origin $scheme://localhost:$server_port;
+        proxy_set_header X-Real-IP $remote_addr;
+        #When using ngx_http_realip_module change $proxy_add_x_forwarded_for to '$http_x_forwarded_for,$realip_remote_addr'
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_set_header Sec-WebSocket-Extensions $http_sec_websocket_extensions;
+        proxy_set_header Sec-WebSocket-Key $http_sec_websocket_key;
+        proxy_set_header Sec-WebSocket-Version $http_sec_websocket_version;
+        proxy_set_header Accept-Encoding "";
+
+        # Websockets
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "Upgrade";
+
+        # Buffering off send to the client as soon as the data is received from Plex.
+        proxy_redirect off;
+        proxy_buffering off;
+
+        location / {
+            proxy_pass http://plex_backend;
+        }                
+    }
+}