Update INSTALL.md - nginx.conf

INSTALL.md

@@ -72,129 +72,11 @@ After all that, restart Opencast.
 
 ## Opencast - CORS
 
-If your Stud.IP system resides on a different domain than your Opencast, you need to configure Opencasts Nginx to allow CORS requests. For an explanation why this is necessary and examples how to achieve this, take a look at:
-* https://gist.github.com/iki/1247cd182acd1aa3ee4876acb7263def#file-nginx-cors-proxy-conf
+If your Stud.IP system resides on a different (sub-)domain than your Opencast, you need to configure Opencasts Nginx to allow CORS requests. For an explanation why this is necessary and examples how to achieve this, take a look at:
 * https://developer.mozilla.org/de/docs/Web/HTTP/CORS
 
-Example (nginx):
-
-`/etc/nginx/nginx.conf`
-
-```
-user www-data;
-worker_processes auto;
-pid /run/nginx.pid;
-include /etc/nginx/modules-enabled/*.conf;
-
-events {
-        worker_connections 768;
-        # multi_accept on;
-}
-
-http {
-
-    # HTTP set-up
-    server {
-        listen 80;
-        listen [::]:80;
-        server_name _;
-
-        # Enforce HTTPS by redirecting requests
-        location / {
-            return 301 https://opencast.me$request_uri;
-        }
-    }
-
-    # HTTPS set-up
-    server {
-        listen      443 ssl http2;
-        listen [::]:443 ssl http2;
-        server_name opencast.me;
-
-        # Path to the TLS certificate and private key. In almost all cases, you
-        # need to provide intermediate certificates as well to ensure browsers
-        # get the whole certificate chain.
-        ssl_certificate_key  /etc/ssl/private/nginx-selfsigned.key;
-        ssl_certificate      /etc/ssl/certs/nginx-selfsigned.crt;
-
-        # Accept large ingests. There should be no limit since Opencast may get
-        # really large ingests.
-        client_max_body_size 0;
-
-        # Proxy configuration for Opencast
-        location / {
-
-            # Make sure to pass the real addresses as well as the fact that
-            # outwards we are using HTTPS to Opencast.
-            proxy_set_header        Host $host;
-            proxy_set_header        X-Real-IP $remote_addr;
-            proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
-            proxy_set_header        X-Forwarded-Proto $scheme;
-
-            # Pass requests to this location. This expects Opencast to be
-            # running locally on port 8080 which should be the default set-up.
-            proxy_pass              http://127.0.0.1:8080;
-
-            # Make sure to redirect location headers to HTTPS. This is just a
-            # precaution and shouldn't strictly be necessary but it did prevent
-            # some issues in the past and it does not cost much performance.
-            proxy_redirect          http://$host https://$host;
-
-            # Make sure to serve cookies only via secure connections.
-            # proxy_cookie_flags ~ secure httponly;
-            # When using Nginx <1.19.3 replace the above 'proxy_cookie_flags' line
-            # with the (uncommented) 'proxy_cookie_path' line below.
-            #proxy_cookie_path / "/; HTTPOnly; Secure";
-
-            # Depending on your integration, you may also want to allow cookies
-            # to be used on other sites. In that case, use this instead:
-            #proxy_cookie_path / "/; HTTPOnly; Secure; SameSite=None";
-
-            # Do not buffer responses
-            proxy_buffering         off;
-
-            # Do not buffer requests
-            proxy_request_buffering off;
-
-            #
-            # Wide-open CORS config for nginx
-            #
-            if ($request_method = 'OPTIONS') {
-                add_header 'Access-Control-Allow-Credentials' true;
-                add_header 'Access-Control-Allow-Origin' 'https://studip.me';
-                add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
-                #
-                # Custom headers and headers various browsers *should* be OK with but aren't
-                #
-                add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';
-                #
-                # Tell client that this pre-flight info is valid for 20 days
-                #
-                add_header 'Access-Control-Max-Age' 1728000;
-                add_header 'Content-Type' 'text/plain; charset=utf-8';
-                add_header 'Content-Length' 0;
-                return 204;
-            }
-
-            if ($request_method = 'POST') {
-                add_header 'Access-Control-Allow-Credentials' true;
-                add_header 'Access-Control-Allow-Origin' 'https://studip.me' always;
-                add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS' always;
-                add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range' always;
-                add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range' always;
-            }
-
-            if ($request_method = 'GET') {
-                add_header 'Access-Control-Allow-Credentials' true;
-                add_header 'Access-Control-Allow-Origin' 'https://studip.me' always;
-                add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS' always;
-                add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range' always;
-                add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range' always;
-            }
-        }
-    }
-}
-```
+For a good example for an nginx.conf, look at:
+https://github.com/elan-ev/opencast_nginx/blob/main/templates/nginx.conf
 
 ## Opencast Workflows