Update example nginx config
To account for our subdomain recommendations
This commit is contained in:
parent
fc36b04016
commit
fb54c47f0b
2 changed files with 45 additions and 1 deletions
|
@ -396,7 +396,8 @@ This section describe PWA manifest instance-specific values. Currently this opti
|
||||||
## :media_proxy
|
## :media_proxy
|
||||||
|
|
||||||
* `enabled`: Enables proxying of remote media to the instance’s proxy
|
* `enabled`: Enables proxying of remote media to the instance’s proxy
|
||||||
* `base_url`: The base URL to access a user-uploaded file. Useful when you want to proxy the media files via another host/CDN fronts.
|
* `base_url`: The base URL to access a user-uploaded file.
|
||||||
|
Using a (sub)domain distinct from the instance endpoint is **strongly** recommended.
|
||||||
* `proxy_opts`: All options defined in `Pleroma.ReverseProxy` documentation, defaults to `[max_body_length: (25*1_048_576)]`.
|
* `proxy_opts`: All options defined in `Pleroma.ReverseProxy` documentation, defaults to `[max_body_length: (25*1_048_576)]`.
|
||||||
* `whitelist`: List of hosts with scheme to bypass the mediaproxy (e.g. `https://example.com`)
|
* `whitelist`: List of hosts with scheme to bypass the mediaproxy (e.g. `https://example.com`)
|
||||||
* `invalidation`: options for remove media from cache after delete object:
|
* `invalidation`: options for remove media from cache after delete object:
|
||||||
|
|
|
@ -75,9 +75,48 @@ server {
|
||||||
proxy_set_header Host $http_host;
|
proxy_set_header Host $http_host;
|
||||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
|
|
||||||
|
location ~ ^/(media|proxy) {
|
||||||
|
return 404;
|
||||||
|
}
|
||||||
|
|
||||||
location / {
|
location / {
|
||||||
proxy_pass http://phoenix;
|
proxy_pass http://phoenix;
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
# Upload and MediaProxy Subdomain
|
||||||
|
# (see main domain setup for more details)
|
||||||
|
server {
|
||||||
|
server_name media.example.tld;
|
||||||
|
|
||||||
|
listen 80;
|
||||||
|
listen [::]:80;
|
||||||
|
|
||||||
|
location / {
|
||||||
|
return 301 https://$server_name$request_uri;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
server {
|
||||||
|
server_name media.example.tld;
|
||||||
|
|
||||||
|
listen 443 ssl http2;
|
||||||
|
listen [::]:443 ssl http2;
|
||||||
|
|
||||||
|
ssl_trusted_certificate /etc/letsencrypt/live/media.example.tld/chain.pem;
|
||||||
|
ssl_certificate /etc/letsencrypt/live/media.example.tld/fullchain.pem;
|
||||||
|
ssl_certificate_key /etc/letsencrypt/live/media.example.tld/privkey.pem;
|
||||||
|
# .. copy all other the ssl_* and gzip_* stuff from main domain
|
||||||
|
|
||||||
|
# the nginx default is 1m, not enough for large media uploads
|
||||||
|
client_max_body_size 16m;
|
||||||
|
ignore_invalid_headers off;
|
||||||
|
|
||||||
|
proxy_http_version 1.1;
|
||||||
|
proxy_set_header Upgrade $http_upgrade;
|
||||||
|
proxy_set_header Connection "upgrade";
|
||||||
|
proxy_set_header Host $http_host;
|
||||||
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
|
|
||||||
location ~ ^/(media|proxy) {
|
location ~ ^/(media|proxy) {
|
||||||
proxy_cache akkoma_media_cache;
|
proxy_cache akkoma_media_cache;
|
||||||
|
@ -91,4 +130,8 @@ server {
|
||||||
chunked_transfer_encoding on;
|
chunked_transfer_encoding on;
|
||||||
proxy_pass http://phoenix;
|
proxy_pass http://phoenix;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
location / {
|
||||||
|
return 404;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue