Home Verkennen Help
Inloggen
rootless
/
frigate
1
0
Vork 0
Bestanden Issues 0 Pull-aanvragen 0 Wiki
Bladeren bron

add secure token module to NGINX in order to pass authSig down to segment files

Jason Hunter 3 jaren geleden
bovenliggende
fc40567794
commit
8fd12f001b
3 gewijzigde bestanden met toevoegingen van 12 en 5 verwijderingen
Zij-aan-zij weergave Toon Diff Stats
  1. 5 5
      Makefile
  2. 4 0
      docker/Dockerfile.nginx
  3. 3 0
      docker/rootfs/usr/local/nginx/conf/nginx.conf

+ 5 - 5
Makefile
Bestand weergeven 

@@ -15,10 +15,10 @@ amd64_ffmpeg:
 
 	docker build --no-cache --pull --tag blakeblackshear/frigate-ffmpeg:1.2.0-amd64 --file docker/Dockerfile.ffmpeg.amd64 .
 
 
 nginx_frigate:
 
-	docker buildx build --push --platform linux/arm/v7,linux/arm64/v8,linux/amd64 --tag blakeblackshear/frigate-nginx:1.0.1 --file docker/Dockerfile.nginx .
 
+	docker buildx build --push --platform linux/arm/v7,linux/arm64/v8,linux/amd64 --tag blakeblackshear/frigate-nginx:1.0.2 --file docker/Dockerfile.nginx .
 
 
 amd64_frigate: version web
 
-	docker build --no-cache --tag frigate-base --build-arg ARCH=amd64 --build-arg FFMPEG_VERSION=1.1.0 --build-arg WHEELS_VERSION=1.0.3 --build-arg NGINX_VERSION=1.0.1 --file docker/Dockerfile.base .
 
+	docker build --no-cache --tag frigate-base --build-arg ARCH=amd64 --build-arg FFMPEG_VERSION=1.1.0 --build-arg WHEELS_VERSION=1.0.3 --build-arg NGINX_VERSION=1.0.2 --file docker/Dockerfile.base .
 
 	docker build --no-cache --tag frigate --file docker/Dockerfile.amd64 .
 
 
 amd64_all: amd64_wheels amd64_ffmpeg amd64_frigate
 
@@ -30,7 +30,7 @@ amd64nvidia_ffmpeg:
 
 	docker build --no-cache --pull --tag blakeblackshear/frigate-ffmpeg:1.2.0-amd64nvidia --file docker/Dockerfile.ffmpeg.amd64nvidia .
 
 
 amd64nvidia_frigate: version web
 
-	docker build --no-cache --tag frigate-base --build-arg ARCH=amd64nvidia --build-arg FFMPEG_VERSION=1.0.0 --build-arg WHEELS_VERSION=1.0.3 --build-arg NGINX_VERSION=1.0.1 --file docker/Dockerfile.base .
 
+	docker build --no-cache --tag frigate-base --build-arg ARCH=amd64nvidia --build-arg FFMPEG_VERSION=1.0.0 --build-arg WHEELS_VERSION=1.0.3 --build-arg NGINX_VERSION=1.0.2 --file docker/Dockerfile.base .
 
 	docker build --no-cache --tag frigate --file docker/Dockerfile.amd64nvidia .
 
 
 amd64nvidia_all: amd64nvidia_wheels amd64nvidia_ffmpeg amd64nvidia_frigate
 
@@ -42,7 +42,7 @@ aarch64_ffmpeg:
 
 	docker build --no-cache --pull --tag blakeblackshear/frigate-ffmpeg:1.2.0-aarch64 --file docker/Dockerfile.ffmpeg.aarch64 .
 
 
 aarch64_frigate: version web
 
-	docker build --no-cache --tag frigate-base --build-arg ARCH=aarch64 --build-arg FFMPEG_VERSION=1.0.0 --build-arg WHEELS_VERSION=1.0.3 --build-arg NGINX_VERSION=1.0.1 --file docker/Dockerfile.base .
 
+	docker build --no-cache --tag frigate-base --build-arg ARCH=aarch64 --build-arg FFMPEG_VERSION=1.0.0 --build-arg WHEELS_VERSION=1.0.3 --build-arg NGINX_VERSION=1.0.2 --file docker/Dockerfile.base .
 
 	docker build --no-cache --tag frigate --file docker/Dockerfile.aarch64 .
 
 
 armv7_all: armv7_wheels armv7_ffmpeg armv7_frigate
 
@@ -54,7 +54,7 @@ armv7_ffmpeg:
 
 	docker build --no-cache --pull --tag blakeblackshear/frigate-ffmpeg:1.2.0-armv7 --file docker/Dockerfile.ffmpeg.armv7 .
 
 
 armv7_frigate: version web
 
-	docker build --no-cache --tag frigate-base --build-arg ARCH=armv7 --build-arg FFMPEG_VERSION=1.0.0 --build-arg WHEELS_VERSION=1.0.3 --build-arg NGINX_VERSION=1.0.1 --file docker/Dockerfile.base .
 
+	docker build --no-cache --tag frigate-base --build-arg ARCH=armv7 --build-arg FFMPEG_VERSION=1.0.0 --build-arg WHEELS_VERSION=1.0.3 --build-arg NGINX_VERSION=1.0.2 --file docker/Dockerfile.base .
 
 	docker build --no-cache --tag frigate --file docker/Dockerfile.armv7 .
 
 
 armv7_all: armv7_wheels armv7_ffmpeg armv7_frigate

+ 4 - 0
docker/Dockerfile.nginx
Bestand weergeven 

@@ -10,6 +10,7 @@ FROM base as build
 
 
 ARG NGINX_VERSION=1.18.0
 
 ARG VOD_MODULE_VERSION=1.28
 
+ARG SECURE_TOKEN_MODULE_VERSION=1.4
 
 ARG RTMP_MODULE_VERSION=1.2.1
 
 
 RUN cp /etc/apt/sources.list /etc/apt/sources.list~ \
 
@@ -25,6 +26,8 @@ RUN apt-get -yqq install --no-install-recommends curl \
 
     && curl -sL https://github.com/kaltura/nginx-vod-module/archive/refs/tags/${VOD_MODULE_VERSION}.tar.gz | tar -C /tmp/nginx-vod-module -zx --strip-components=1 \
 
     # Patch MAX_CLIPS to allow more clips to be added than the default 128
 
     && sed -i 's/MAX_CLIPS (128)/MAX_CLIPS (1080)/g' /tmp/nginx-vod-module/vod/media_set.h \
 
+    && mkdir /tmp/nginx-secure-token-module \
 
+    && curl -sL https://github.com/kaltura/nginx-secure-token-module/archive/refs/tags/${SECURE_TOKEN_MODULE_VERSION}.tar.gz | tar -C /tmp/nginx-secure-token-module -zx --strip-components=1 \
 
     && mkdir /tmp/nginx-rtmp-module \
 
     && curl -sL https://github.com/arut/nginx-rtmp-module/archive/refs/tags/v${RTMP_MODULE_VERSION}.tar.gz | tar -C /tmp/nginx-rtmp-module -zx --strip-components=1
 
 
@@ -36,6 +39,7 @@ RUN ./configure --prefix=/usr/local/nginx \
 
     --with-http_ssl_module \
 
     --with-threads \
 
     --add-module=../nginx-vod-module \
 
+    --add-module=../nginx-secure-token-module \
 
     --add-module=../nginx-rtmp-module \
 
     --with-cc-opt="-O3 -Wno-error=implicit-fallthrough"

+ 3 - 0
docker/rootfs/usr/local/nginx/conf/nginx.conf
Bestand weergeven 

@@ -71,6 +71,9 @@ http {
 
         location /vod/ {
 
             vod hls;
 
 
+            secure_token $args;
 
+			secure_token_types application/vnd.apple.mpegurl;
 
+
 
             add_header Access-Control-Allow-Headers '*';
 
             add_header Access-Control-Expose-Headers 'Server,range,Content-Length,Content-Range';
 
             add_header Access-Control-Allow-Methods 'GET, HEAD, OPTIONS';