support/nginx/peertube

   1 server {
   2   listen 80;
   3   # listen [::]:80;
   4   server_name domain.tld;
   5
   6   access_log /var/log/nginx/peertube_access.log;
   7   error_log /var/log/nginx/peertube_error.log;
   8
   9   location /.well-known/acme-challenge/ { allow all; }
  10   location / { return 301 https://$host$request_uri; }
  11 }
  12
  13 server {
  14   listen 443 ssl http2;
  15   # listen [::]:443 ssl http2;
  16   server_name domain.tld;
  17
  18   access_log /var/log/nginx/peertube_access.log;
  19   error_log /var/log/nginx/peertube_error.log;
  20
  21   # For example with Let's Encrypt
  22   ssl_certificate      /etc/letsencrypt/live/domain.tld/fullchain.pem;
  23   ssl_certificate_key  /etc/letsencrypt/live/domain.tld/privkey.pem;
  24   ssl_trusted_certificate /etc/letsencrypt/live/domain.tld/chain.pem;
  25
  26   location ~ ^/client/(.*\.(js|css|woff2|otf|ttf|woff|eot))$ {
  27     add_header Cache-Control "public, max-age=31536000, immutable";
  28
  29     alias /var/www/peertube/peertube-latest/client/dist/$1;
  30   }
  31
  32   location ~ ^/static/(thumbnails|avatars)/(.*)$ {
  33     add_header Cache-Control "public, max-age=31536000, immutable";
  34
  35     alias /var/www/peertube/storage/$1/$2;
  36   }
  37
  38   location / {
  39     proxy_pass http://localhost:9000;
  40     proxy_set_header X-Real-IP $remote_addr;
  41     proxy_set_header Host $host;
  42     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  43
  44     # For the video upload
  45     client_max_body_size 2G;
  46     proxy_connect_timeout       600;
  47     proxy_send_timeout          600;
  48     proxy_read_timeout          600;
  49   }
  50
  51   # Bypass PeerTube webseed route for better performances
  52   location /static/webseed {
  53     # Clients usually have 4 simultaneous webseed connections, so the real limit is 3MB/s per client
  54     limit_rate 800k;
  55
  56     if ($request_method = 'OPTIONS') {
  57       add_header 'Access-Control-Allow-Origin' '*';
  58       add_header 'Access-Control-Allow-Methods' 'GET, OPTIONS';
  59       add_header 'Access-Control-Allow-Headers' 'Range,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
  60       add_header 'Access-Control-Max-Age' 1728000;
  61       add_header 'Content-Type' 'text/plain charset=UTF-8';
  62       add_header 'Content-Length' 0;
  63       return 204;
  64     }
  65
  66     if ($request_method = 'GET') {
  67       add_header 'Access-Control-Allow-Origin' '*';
  68       add_header 'Access-Control-Allow-Methods' 'GET, OPTIONS';
  69       add_header 'Access-Control-Allow-Headers' 'Range,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
  70
  71       # Don't spam access log file with byte range requests
  72       access_log off;
  73     }
  74
  75     alias /var/www/peertube/storage/videos;
  76   }
  77
  78   # Websocket tracker
  79   location /tracker/socket {
  80     # Peers send a message to the tracker every 15 minutes
  81     # Don't close the websocket before this time
  82     proxy_read_timeout 1200s;
  83     proxy_set_header Upgrade $http_upgrade;
  84     proxy_set_header Connection "upgrade";
  85     proxy_http_version 1.1;
  86     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  87     proxy_set_header Host $host;
  88     proxy_pass http://localhost:9000;
  89   }
  90 }