# # Valve SteamPipe Reverse Proxy Configuration for nginx on Ubuntu. # by Brian Astrolox Wojtczak, May 2013. # # For caching steam content when lots of gamers are attempting to use # a single low speed high contention connection to the internet # (e.g. LAN parties). # # Based on configuration written by Steven Hartland at Multiplay # http://blog.multiplay.co.uk/2013/04/caching-steam-downloads-lans/ # # Changed in the following ways: # # 1/ Tweaked for Ubuntu Linux rather than FreeBSD # (can be tweaked to work on FreeBSD again of course). # NB. Will probably work on Debian without modification. # # 2/ Will steam cache content other than the main depots, such as the # big images and videos used on the store and community pages. # Will honour source set expiry dates, privcy flags, etc. # # 3/ Created a per user bandwidth limit # # 4/ Blocked crash reports from being sent to valve # # 5/ Ensured that the correct Host header is always returned # ####################################################################### # This configuration is intended to be used with the following DNS # configuration - tested using Acrylic DNS Proxy. # # # Ensure that these are the same as in the real world as steam needs # # to communicate directly to valve on these hostnames. Redirecting # # them to your nginx server will prevent logins and game purchases. # 208.64.200.189 gds1.steampowered.com # 208.64.200.190 gds2.steampowered.com # 208.64.200.191 gds3.steampowered.com # 208.78.164.7 gds4.steampowered.com # 208.64.202.69 store.steampowered.com # 63.235.4.133 support.steampowered.com # # # Use the IP of your nginx server in place of # *.cs.steampowered.com # *.steampowered.com # ####################################################################### # NB. You should change the ulimit for nginx to be as high as possible. # If you do not then you'll get a "Too many open files" error. # On Ubuntu edit /etc/default/nginx and uncomment the ulimit line. user www-data; worker_processes 16; pid /var/run/nginx.pid; events { worker_connections 8192; multi_accept on; # kqueue (FreeBSD 4.1+), epoll (Linux 2.6+), rt signals (Linux 2.2.19+) # /dev/poll (Solaris 7 11/99+), event ports (Solaris 10), select, and poll use epoll; #use kqueue; } http { include mime.types; access_log /var/log/nginx/access.log; error_log /var/log/nginx/error.log; sendfile on; tcp_nopush on; tcp_nodelay on; types_hash_max_size 2048; keepalive_timeout 65; resolver 8.8.8.8; resolver_timeout 30s; # You may wish to limit the "speed of transmission of the answer to client" # in order to support more clients simultaneously. However it's probably # sensible to only impose the limit after a set amount of data has been # sent (per request); this results in small files being fast (most requests) # and large files being non-intrusive (aka slower). limit_rate_after 10m; limit_rate 2048k; proxy_cache_path /var/www/cache/CS levels=1:2 keys_zone=CS:10m inactive=72h max_size=1g; proxy_cache_path /var/www/cache/OTHER levels=2:2 keys_zone=OTHER:100m inactive=72h max_size=1g; proxy_cache_key "$scheme$host$request_uri$cookie_user"; # Prevent steam crash logs from being submitted to valve - just # in case our man in the middle reverse proxy is the cause. server { listen *:80; server_name crash.steampowered.com; location / { satisfy all; deny all; access_log /var/log/nginx/crash.steampowered.com-access.log; error_log /var/log/nginx/crash.steampowered.com-error.log; } } # Cache the main steam content servers - this is the important bit server { listen *:80; server_name *.cs.steampowered.com; access_log /var/log/nginx/cs.steampowered.com-access.log; error_log /var/log/nginx/cs.steampowered.com-error.log; root /var/www/cs.steampowered.com/; location /depot/ { try_files $uri @mirror; access_log /var/log/nginx/cs.steampowered.com-access-depot-local.log; } location / { proxy_next_upstream error timeout http_404; proxy_pass http://$host$uri; proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_cache CS; proxy_cache_valid 200 301 302 10m; proxy_cache_valid any 1m; proxy_cache_use_stale error timeout invalid_header updating http_500 http_502 http_503 http_504; add_header Host $host; add_header X-Mirror-Upstream-Status $upstream_status; add_header X-Mirror-Upstream-Response-Time $upstream_response_time; add_header X-Mirror-Status $upstream_cache_status; access_log /var/log/nginx/cs.steampowered.com-access-other.log; } location @mirror { proxy_store on; proxy_store_access user:rw group:rw all:r; proxy_next_upstream error timeout http_404; proxy_pass http://$host$uri; proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; add_header Host $host; add_header X-Mirror-Upstream-Status $upstream_status; add_header X-Mirror-Upstream-Response-Time $upstream_response_time; add_header X-Mirror-Status $upstream_cache_status; access_log /var/log/nginx/cs.steampowered.com-access-depot-remote.log; } } # All non game content server content can be cached here, # as long as DNS is pointing at this nginx server. server { listen *:80; server_name *.steampowered.com; access_log /var/log/nginx/steampowered.com-access.log; error_log /var/log/nginx/steampowered.com-error.log; location / { proxy_next_upstream error timeout http_404; proxy_pass http://$host$uri; proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_cache OTHER; proxy_cache_valid 200 301 302 10m; proxy_cache_valid any 1m; proxy_cache_use_stale error timeout invalid_header updating http_500 http_502 http_503 http_504; add_header Host $host; add_header X-Mirror-Upstream-Status $upstream_status; add_header X-Mirror-Upstream-Response-Time $upstream_response_time; add_header X-Mirror-Status $upstream_cache_status; } } # Serve up default web root folder for unrecognised hosts, you # should put something informative here, such as an error message. server { listen *:80 default; location / { root /var/www/; add_header Host $host; } } }