#
#  Respawn LAN Steam content server configuration
#  http://www.respawn.com.au/steam/
#
#  Configuration developed by Tricky from  Respawn LAN
#
#  If any questions, contact Squid/Chris at:
#  sirsquidness@respawn.com.au
#  or SirSquid on irc.oz.org (#respawn, yo!)

#  Steam Content Server v1.0, released 29/10/2012
#  Todo: - Add steam config file name below
#        - Make program to purge old content from cache
#           (should only be a few hours work, just need 
#            to find the time to do it)
#        - Investigate solutions to auto-download and 
#          populate the cache without using the Steam 
#          client. 
#
#        - Publish a list of games on the New CS
#          ( We already have this, just need to sort out
#            a few details regarding it. Feel free to ask
#            me if a game is on the new CS, and I'll tell
#            you, but I can't give you a link just yet :)
#            .. or just try downloading it, and see if it 
#            caches )

#  You can use Squid, HAProxy, etc for this. We use nginx beacuse 
#  it's what we are familiar with. Additionally, (and I'm not sure 
#  if other packages replicate this functionality) this method 
#  leaves the cache from every content server combined in one 
#  directory on teh filesystem, so you can run a tool to prune it,
#  and browse it not from a web browser, etc. 
#
#  There will be a tool released at some point that prunes files from
#  the content server that are no longer a part of the up-to-date
#  version of a given depotID/package. 
#
#  This configuration was tested as working on 29/10/2012. 
#  Future Steam updates could break it - who knows? If it
#  does stop working, feel free to email/PM SirSquid to ask 
#  what's up. 
#
#  USAGE:
#
#  At your firewall, block the following IPs:
#  49.143.234.14
#  117.121.248.124
#  117.121.255.214
#  111.119.10.2
#
#  If these change in the future, they'll be updated in one of Steam's 
#  config files (TODO: Add the filename here. I think it's Steam.ini?)
#  Steam tries these IPs before trying content*.steampowered.com - it's
#  easiest to just block them with a REJECT - if you DROP instead of 
#  REJECT, there will be a few second delay before Steam starts 
#  downloading, and that's just tedious. 
#
#  On your LANs DNS server (your LAN is running one, right?), add an
#  A record for content1.steampowered.com through to 
#  content9.steampowered.com (all 9 records!) to point to the IP address
#  of this server.
#
#  Below in the config, set the resolver IP address to something external
#  (eg, Google's 8.8.8.8 or the DNS server of your ISP).
#
#  No configuration of your Steam client is necessary. Just open Steam 
#  and start downloading!
#  
#  BEFORE YOUR LAN:
#
#  Run the pruning tool. It's not available yet, but nag SirSquid about it
#  and it'll get released eventually. 
#
#  Re-download any games that either a) aren't already cached or b) the 
#  pruning tool said were out of date. 
#
#  This cache can only cache games that you own on Steam, thus can download.
#  There are tools around that can download, and it's also on my to-do list
#  to investigate these and utilise them to build a full Steam cache. 
#
#
#  ALTERNATIVES:
#
#  You can set up a transparent content server and cache anything with the
#  Steam download MIME type (uh, I don't recall what it is atm) OR cache
#  anything from /depot/
#
#  HOWEVER...
#  Since the content comes from one of a bunch of IPs and domains (over a 
#  dozen different source URIs), this may cause your transparent proxy to 
#  miss a lot of potential cache hits. (hence why this solution is superior)
#  I'm sure you can configure your proxy to treat them all as teh same
#  domain though - I'm no Squid expert ;3
#
#  RESPAWN LAN REPRESENT, YO. http://www.respawn.com.au


server {
	listen 80;
	server_name ~^(content[0-9]+)\.steampowered\.com$;

  # IMPORTANT: set this to something other than your LAN's DNS server
  # We direct Steam clients here by setting a bunch of A records on
  # your DNS server. This server needs to be able to get the real results,
  # otherwise it cannot fetch files from the outside world. 
	resolver 10.0.0.1;

  # Do not leave either of these in their default state - 
  #    you will have GBs of logs very quickly. 
  #	access_log /var/log/nginx/steam-access.log;
  #	error_log /var/log/nginx/steam-error.log crit;
  access_log /dev/null crit;
  error_log /dev/null crit;

   # Where you would like to store the cache
   # If you change it here, change it below too
	root /steam;

	location / {
		proxy_pass http://$host;
	}

	location ~ ^/depot {
		autoindex on;
		error_page 404 = @fetch;
	}

	location @fetch {
		internal;

		proxy_http_version 1.1 ;
		proxy_pass http://$host;
		proxy_store on;
		proxy_store_access user:rw group:rw all:rw;
		proxy_temp_path /steam/temp;
		proxy_connect_timeout    5; 
		keepalive_timeout 1; 
		proxy_max_temp_file_size 4096m;

  # If you change the cache location, change it here too
		root /steam;
	}
}


##
# You should look at the following URL's in order to grasp a solid understanding
# of Nginx configuration files in order to fully unleash the power of Nginx.
# http://wiki.nginx.org/Pitfalls
# http://wiki.nginx.org/QuickStart
# http://wiki.nginx.org/Configuration
#
# Generally, you will want to move this file somewhere, and start with a clean
# file but keep this around for reference. Or just disable in sites-enabled.
#
# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
##

server {
	#listen   80; ## listen for ipv4; this line is default and implied
	#listen   [::]:80 default ipv6only=on; ## listen for ipv6

	root /usr/share/nginx/www;
	index index.html index.htm;

	# Make site accessible from http://localhost/
	server_name localhost;

	location / {
		# First attempt to serve request as file, then
		# as directory, then fall back to index.html
		try_files $uri $uri/ /index.html;
		# Uncomment to enable naxsi on this location
		# include /etc/nginx/naxsi.rules
	}

	location /doc/ {
		alias /usr/share/doc/;
		autoindex on;
		allow 127.0.0.1;
		deny all;
	}

	# Only for nginx-naxsi : process denied requests
	#location /RequestDenied {
		# For example, return an error code
		#return 418;
	#}

	#error_page 404 /404.html;

	# redirect server error pages to the static page /50x.html
	#
	#error_page 500 502 503 504 /50x.html;
	#location = /50x.html {
	#	root /usr/share/nginx/www;
	#}

	# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
	#
	#location ~ \.php$ {
	#	fastcgi_split_path_info ^(.+\.php)(/.+)$;
	#	# NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
	#
	#	# With php5-cgi alone:
	#	fastcgi_pass 127.0.0.1:9000;
	#	# With php5-fpm:
	#	fastcgi_pass unix:/var/run/php5-fpm.sock;
	#	fastcgi_index index.php;
	#	include fastcgi_params;
	#}

	# deny access to .htaccess files, if Apache's document root
	# concurs with nginx's one
	#
	#location ~ /\.ht {
	#	deny all;
	#}
}


# another virtual host using mix of IP-, name-, and port-based configuration
#
#server {
#	listen 8000;
#	listen somename:8080;
#	server_name somename alias another.alias;
#	root html;
#	index index.html index.htm;
#
#	location / {
#		try_files $uri $uri/ /index.html;
#	}
#}


# HTTPS server
#
#server {
#	listen 443;
#	server_name localhost;
#
#	root html;
#	index index.html index.htm;
#
#	ssl on;
#	ssl_certificate cert.pem;
#	ssl_certificate_key cert.key;
#
#	ssl_session_timeout 5m;
#
#	ssl_protocols SSLv3 TLSv1;
#	ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP;
#	ssl_prefer_server_ciphers on;
#
#	location / {
#		try_files $uri $uri/ /index.html;
#	}
#}