stream {
    upstream backend {
        server 127.0.0.1:${rtmp_port};
    }
    server {
        listen ${rtmps_port} ssl;
        listen [::]:${rtmps_port} ssl;

        ssl_certificate /var/lib/dehydrated/certs/${server_name}/fullchain.pem;
        ssl_certificate_key /var/lib/dehydrated/certs/${server_name}/privkey.pem;

        proxy_pass backend;
    }
}

rtmp {
    server {
        listen 127.0.0.1:${rtmp_port};
        chunk_size 4096;

        application ${streaming_key} {
            live on;
            record off;
            allow publish 127.0.0.1;  # for streaming through nginx
            allow play 127.0.0.1;     # for the pull from /live
        }

        application live {
            live on;
            record off;
            deny publish all;         # no need to publish on /live
            allow play all;           # playing allowed

            pull rtmp://127.0.0.1:${rtmp_port}/${streaming_key};
        }
    }
}