mirror of https://github.com/LemmyNet/lemmy.git
121 lines
3.5 KiB
Nginx Configuration File
121 lines
3.5 KiB
Nginx Configuration File
|
worker_processes 1;
|
||
|
events {
|
||
|
worker_connections 1024;
|
||
|
}
|
||
|
http {
|
||
|
proxy_cache_path /var/cache/lemmy_frontend levels=1:2 keys_zone=lemmy_frontend_cache:10m max_size=100m use_temp_path=off;
|
||
|
include mime.types;
|
||
|
default_type application/octet-stream;
|
||
|
|
||
|
#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
|
||
|
# '$status $body_bytes_sent "$http_referer" '
|
||
|
# '"$http_user_agent" "$http_x_forwarded_for"';
|
||
|
|
||
|
#access_log logs/access.log main;
|
||
|
|
||
|
sendfile on;
|
||
|
#tcp_nopush on;
|
||
|
|
||
|
#keepalive_timeout 0;
|
||
|
keepalive_timeout 65;
|
||
|
|
||
|
#gzip on;
|
||
|
|
||
|
server {
|
||
|
listen 80;
|
||
|
server_name localhost;
|
||
|
|
||
|
#charset koi8-r;
|
||
|
|
||
|
#access_log logs/host.access.log main;
|
||
|
|
||
|
location / {
|
||
|
root /usr/share/nginx/html;
|
||
|
index index.html index.htm;
|
||
|
}
|
||
|
|
||
|
#error_page 404 /404.html;
|
||
|
|
||
|
# redirect server error pages to the static page /50x.html
|
||
|
#
|
||
|
error_page 500 502 503 504 /50x.html;
|
||
|
location = /50x.html {
|
||
|
root /usr/share/nginx/html;
|
||
|
}
|
||
|
}
|
||
|
|
||
|
server {
|
||
|
listen 8535;
|
||
|
server_name localhost;
|
||
|
|
||
|
|
||
|
|
||
|
# Enable compression for JS/CSS/HTML bundle, for improved client load times.
|
||
|
# It might be nice to compress JSON, but leaving that out to protect against potential
|
||
|
# compression+encryption information leak attacks like BREACH.
|
||
|
gzip on;
|
||
|
gzip_types text/css application/javascript;
|
||
|
gzip_vary on;
|
||
|
|
||
|
# Only connect to this site via HTTPS for the two years
|
||
|
add_header Strict-Transport-Security "max-age=63072000";
|
||
|
|
||
|
# Various content security headers
|
||
|
add_header Referrer-Policy "same-origin";
|
||
|
add_header X-Content-Type-Options "nosniff";
|
||
|
add_header X-Frame-Options "DENY";
|
||
|
add_header X-XSS-Protection "1; mode=block";
|
||
|
|
||
|
# Upload limit for pictrs
|
||
|
# client_max_body_size 50M;
|
||
|
|
||
|
# frontend
|
||
|
location / {
|
||
|
# The default ports:
|
||
|
# lemmy_port: 8536
|
||
|
# lemmy_ui_port: 1235
|
||
|
# Use :1234 if you want to develop locally, using yarn start in the lemmy-ui folder
|
||
|
|
||
|
set $proxpass "http://0.0.0.0:1235";
|
||
|
if ($http_accept = "application/activity+json") {
|
||
|
set $proxpass "http://0.0.0.0:8536";
|
||
|
}
|
||
|
if ($http_accept = "application/ld+json; profile=\"https://www.w3.org/ns/activitystreams\"") {
|
||
|
set $proxpass "http://0.0.0.0:8536";
|
||
|
}
|
||
|
if ($request_method = POST) {
|
||
|
set $proxpass "http://0.0.0.0:8536";
|
||
|
}
|
||
|
proxy_pass $proxpass;
|
||
|
|
||
|
rewrite ^(.+)/+$ $1 permanent;
|
||
|
|
||
|
# Send actual client IP upstream
|
||
|
proxy_set_header X-Real-IP $remote_addr;
|
||
|
proxy_set_header Host $host;
|
||
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||
|
}
|
||
|
|
||
|
# backend
|
||
|
location ~ ^/(api|pictrs|feeds|nodeinfo|.well-known) {
|
||
|
proxy_pass http://0.0.0.0:8536;
|
||
|
proxy_http_version 1.1;
|
||
|
proxy_set_header Upgrade $http_upgrade;
|
||
|
proxy_set_header Connection "upgrade";
|
||
|
|
||
|
# Rate limit
|
||
|
# limit_req zone=lemmy_ratelimit burst=30 nodelay;
|
||
|
|
||
|
# Add IP forwarding headers
|
||
|
proxy_set_header X-Real-IP $remote_addr;
|
||
|
proxy_set_header Host $host;
|
||
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||
|
}
|
||
|
|
||
|
# Redirect pictshare images to pictrs
|
||
|
location ~ /pictshare/(.*)$ {
|
||
|
return 301 /pictrs/image/$1;
|
||
|
}
|
||
|
}
|
||
|
}
|