X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;ds=sidebyside;f=support%2Fnginx%2Fpeertube;h=abb83d5c411d9dae4f5b3fb98b1fc1687efcaa96;hb=09f33366a765b860555236af877e5f37b6886d02;hp=641d254afcd55e9da4bf4add962dba083e47392b;hpb=d4132d3f56b392a2e4e632db59e6644e4851228e;p=github%2FChocobozzz%2FPeerTube.git

diff --git a/support/nginx/peertube b/support/nginx/peertube
index 641d254af..abb83d5c4 100644
--- a/support/nginx/peertube
+++ b/support/nginx/peertube
@@ -1,21 +1,19 @@
 # Minimum Nginx version required:  1.13.0 (released Apr 25, 2017)
 # Please check your Nginx installation features the following modules via 'nginx -V':
-# STANDARD HTTP MODULES: Core, Proxy, Rewrite.
-# OPTIONAL HTTP MODULES: Gzip, Headers, HTTP/2, Log, Real IP, SSL, Thread Pool, Upstream.
+# STANDARD HTTP MODULES: Core, Proxy, Rewrite, Access, Gzip, Headers, HTTP/2, Log, Real IP, SSL, Thread Pool, Upstream, AIO Multithreading.
 # THIRD PARTY MODULES:   None.
 
-# Uncomment in production to redirect HTTP to HTTPS. Leave commented for docker-compose.
-#server {
-#  listen 80;
-#  listen [::]:80;
-#  server_name ${WEBSERVER_HOST};
-#
-#  location /.well-known/acme-challenge/ {
-#    default_type "text/plain";
-#    root /var/www/certbot;
-#  }
-#  location / { return 301 https://$host$request_uri; }
-#}
+server {
+  listen 80;
+  listen [::]:80;
+  server_name ${WEBSERVER_HOST};
+
+  location /.well-known/acme-challenge/ {
+    default_type "text/plain";
+    root /var/www/certbot;
+  }
+  location / { return 301 https://$host$request_uri; }
+}
 
 upstream backend {
   server ${PEERTUBE_HOST};
@@ -33,8 +31,8 @@ server {
   # Certificates
   # you need a certificate to run in production. see https://letsencrypt.org/
   ##
-  ssl_certificate     /etc/letsencrypt/live/peertube/fullchain.pem;
-  ssl_certificate_key /etc/letsencrypt/live/peertube/privkey.pem;
+  ssl_certificate     /etc/letsencrypt/live/${WEBSERVER_HOST}/fullchain.pem;
+  ssl_certificate_key /etc/letsencrypt/live/${WEBSERVER_HOST}/privkey.pem;
 
   location ^~ '/.well-known/acme-challenge' {
     default_type "text/plain";
@@ -80,24 +78,29 @@ server {
     try_files /dev/null @api;
   }
 
-  location = /api/v1/users/me/avatar/pick {
-    limit_except POST HEAD { deny all; }
-
-    client_max_body_size                      2M; # default is 1M
-    add_header            X-File-Maximum-Size 2M always; # inform backend of the set value in bytes
+  location = /api/v1/videos/upload-resumable {
+    client_max_body_size    0;
+    proxy_request_buffering off;
 
     try_files /dev/null @api;
   }
 
-  location = /api/v1/videos/upload {
+  location ~ ^/api/v1/videos/(upload|([^/]+/studio/edit))$ {
     limit_except POST HEAD { deny all; }
 
     # This is the maximum upload size, which roughly matches the maximum size of a video file.
     # Note that temporary space is needed equal to the total size of all concurrent uploads.
     # This data gets stored in /var/lib/nginx by default, so you may want to put this directory
     # on a dedicated filesystem.
-    client_max_body_size                      8G; # default is 1M
-    add_header            X-File-Maximum-Size 8G always; # inform backend of the set value in bytes
+    client_max_body_size                      12G; # default is 1M
+    add_header            X-File-Maximum-Size 8G always; # inform backend of the set value in bytes before mime-encoding (x * 1.4 >= client_max_body_size)
+
+    try_files /dev/null @api;
+  }
+
+  location ~ ^/api/v1/(videos|video-playlists|video-channels|users/me) {
+    client_max_body_size                      6M; # default is 1M
+    add_header            X-File-Maximum-Size 4M always; # inform backend of the set value in bytes before mime-encoding (x * 1.4 >= client_max_body_size)
 
     try_files /dev/null @api;
   }
@@ -158,6 +161,7 @@ server {
   keepalive_timeout         10s; # default is 75
   resolver_timeout          10s; # default is 30
   reset_timedout_connection on;
+  proxy_ignore_client_abort on;
 
   tcp_nopush                on; # send headers in one piece
   tcp_nodelay               on; # don't buffer data sent, good for small data bursts in real time
@@ -168,7 +172,7 @@ server {
 
   # Bypass PeerTube for performance reasons. Optional.
   # Should be consistent with client-overrides assets list in /server/controllers/client.ts
-  location ~ ^/client/(assets/images/(icons/icon-36x36\.png|icons/icon-48x48\.png|icons/icon-72x72\.png|icons/icon-96x96\.png|icons/icon-144x144\.png|icons/icon-192x192\.png|icons/icon-512x512\.png|logo\.svg|favicon\.png))$ {
+  location ~ ^/client/(assets/images/(icons/icon-36x36\.png|icons/icon-48x48\.png|icons/icon-72x72\.png|icons/icon-96x96\.png|icons/icon-144x144\.png|icons/icon-192x192\.png|icons/icon-512x512\.png|logo\.svg|favicon\.png|default-playlist\.jpg|default-avatar-account\.png|default-avatar-account-48x48\.png|default-avatar-video-channel\.png|default-avatar-video-channel-48x48\.png))$ {
     add_header Cache-Control "public, max-age=31536000, immutable"; # Cache 1 year
 
     root /var/www/peertube;
@@ -247,12 +251,6 @@ server {
     sendfile_max_chunk 1M; # prevent one fast connection from entirely occupying the worker process. should be > 800k.
     aio threads;
 
-    # Use this in tandem with fuse-mounting i.e. https://docs.joinpeertube.org/#/admin-remote-storage
-    # to serve files directly from a public bucket without proxying.
-    # Assumes you have buckets named after the storage subdirectories, i.e. 'videos', 'redundancy', etc.
-    #set $cdn <your S3-compatiable bucket public url mounted via fuse>;
-    #rewrite ^/static/webseed/(.*)$ $cdn/videos/$1 redirect;
-    #rewrite ^/static/(.*)$         $cdn/$1        redirect;
     rewrite ^/static/webseed/(.*)$ /videos/$1 break;
     rewrite ^/static/(.*)$         /$1        break;