nginx.conf

load_module modules/ngx_http_geoip2_module.so;
load_module modules/ngx_rtmp_module.so;

worker_processes auto;

events {
  worker_connections 1024;
  multi_accept on;
}

http {
  include       mime.types;
  default_type  application/octet-stream;

  charset UTF-8;
  charset_types text/xml text/plain text/vnd.wap.wml application/javascript application/rss+xml application/json application/vnd.apple.mpegurl;
  keepalive_timeout  65;

  map_hash_max_size 8192;
  map_hash_bucket_size 64;

  ssl_session_cache shared:SSL:20m;
  ssl_session_timeout 10m;
  ssl_prefer_server_ciphers on;
  ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

  include timezone-offset.conf;
  include country-code3.conf;
  geoip2 /var/db/GeoIP/GeoLite2-City.mmdb {
    $geoip2_continent_code continent code;
    $geoip2_country country names en;
    $geoip2_country_code country iso_code;
    $geoip2_region subdivisions 0 names en;
    $geoip2_region_code subdivisions 0 iso_code;
    $geoip2_city city names en;
    $geoip2_postal_code postal code;
    $geoip2_latitude location latitude;
    $geoip2_longitude location longitude;
    $geoip2_timezone location time_zone;
  }

  geoip2 /var/db/GeoIP/GeoLite2-ASN.mmdb {
    $geoip2_asn autonomous_system_number;
    $geoip2_organization autonomous_system_organization;
  }

  # The "auto_ssl" shared dict must be defined with enough storage space to
  # hold your certificate data.
  lua_shared_dict auto_ssl 1m;
  lua_shared_dict auto_ssl_settings 64k;

  # A DNS resolver must be defined for OSCP stapling to function.
  resolver 8.8.8.8;

  # Initial setup tasks.
  init_by_lua_block {
    redis = require "resty.redis"
    cjson = require "cjson"
    auto_ssl = (require "resty.auto-ssl").new()

    -- Define a function to determine which SNI domains to automatically handle
    -- and register new certificates for. Defaults to not allowing any domains,
    -- so this must be configured.
    auto_ssl:set("allow_domain", function(domain)
      return true
    end)
    auto_ssl:set("dir", "/tmp")

    auto_ssl:init()
  }

  init_worker_by_lua_block {
    auto_ssl:init_worker()
  }

  # Internal server running on port 8999 for handling certificate tasks.
  server {
    listen 127.0.0.1:8999;
    client_body_buffer_size 128k;
    client_max_body_size 128k;
    location / {
      content_by_lua_block {
        auto_ssl:hook_server()
      }
    }
  }

  # HTTP(S) server
  server {
    listen 80 default_server;
    listen 443 ssl;

    # Endpoint used for performing domain verification with Let's Encrypt.
    location /.well-known/acme-challenge/ {
      content_by_lua_block {
        auto_ssl:challenge_server()
      }
    }

    # Dynamic handler for issuing or returning certs for SNI domains.
    ssl_certificate_by_lua_block {
      auto_ssl:ssl_certificate()
    }

    # You must still define a static ssl_certificate file for nginx to start.
    #
    # You may generate a self-signed fallback with:
    #
    # openssl req -new -newkey rsa:2048 -days 3650 -nodes -x509 \
    #   -subj '/CN=sni-support-required-for-valid-ssl' \
    #   -keyout /etc/ssl/resty-auto-ssl-fallback.key \
    #   -out /etc/ssl/resty-auto-ssl-fallback.crt
    ssl_certificate /etc/ssl/resty-auto-ssl-fallback.crt;
    ssl_certificate_key /etc/ssl/resty-auto-ssl-fallback.key;

    location /api/geoip {
      proxy_pass http://127.0.0.1;
    }

    location /hls {
      # Serve HLS fragments      
      types {
        application/vnd.apple.mpegurl m3u8;
        video/mp2t ts;
      }
      root /tmp;
      add_header Cache-Control no-cache;
    }

    location /dash {
      # Serve DASH fragments
      root /tmp;
      add_header Cache-Control no-cache;
    }
  }

  include telize.conf;
  include conf.d/*.conf;
}

rtmp {
  server {
    listen 1935;
    chunk_size 4000;

    application my_live_stream {
      # RTMP Streaming
      live on;

      # HLS Streaming
      hls on;
      hls_path /tmp/hls;

      # MPEG-DASH Streaming, similar to HLS
      dash on;
      dash_path /tmp/dash;
    }
  }
}