X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=support%2Fnginx%2Fpeertube;h=827a57e9359ab534c7ceafb87fda631bd16b4851;hb=9f72e689c9ac2df03f20b1f938ecab384b5ffceb;hp=f1ef4ccd1d818085fe5143eed8aaafbbf6f816f4;hpb=b2aecc1ecbed7449b9486812c573993b4582a267;p=github%2FChocobozzz%2FPeerTube.git diff --git a/support/nginx/peertube b/support/nginx/peertube index f1ef4ccd1..827a57e93 100644 --- a/support/nginx/peertube +++ b/support/nginx/peertube @@ -1,21 +1,19 @@ # Minimum Nginx version required: 1.13.0 (released Apr 25, 2017) # Please check your Nginx installation features the following modules via 'nginx -V': -# STANDARD HTTP MODULES: Core, Proxy, Rewrite. -# OPTIONAL HTTP MODULES: Gzip, Headers, HTTP/2, Log, Real IP, SSL, Thread Pool, Upstream. +# STANDARD HTTP MODULES: Core, Proxy, Rewrite, Access, Gzip, Headers, HTTP/2, Log, Real IP, SSL, Thread Pool, Upstream, AIO Multithreading. # THIRD PARTY MODULES: None. -# Uncomment in production to redirect HTTP to HTTPS. Leave commented for docker-compose. -#server { -# listen 80; -# listen [::]:80; -# server_name ${WEBSERVER_HOST}; -# -# location /.well-known/acme-challenge/ { -# default_type "text/plain"; -# root /var/www/certbot; -# } -# location / { return 301 https://$host$request_uri; } -#} +server { + listen 80; + listen [::]:80; + server_name ${WEBSERVER_HOST}; + + location /.well-known/acme-challenge/ { + default_type "text/plain"; + root /var/www/certbot; + } + location / { return 301 https://$host$request_uri; } +} upstream backend { server ${PEERTUBE_HOST}; @@ -33,8 +31,8 @@ server { # Certificates # you need a certificate to run in production. see https://letsencrypt.org/ ## - ssl_certificate /etc/letsencrypt/live/peertube/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/peertube/privkey.pem; + ssl_certificate /etc/letsencrypt/live/${WEBSERVER_HOST}/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/${WEBSERVER_HOST}/privkey.pem; location ^~ '/.well-known/acme-challenge' { default_type "text/plain"; @@ -62,9 +60,9 @@ server { ## location @api { - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; client_max_body_size 100k; # default is 1M @@ -80,27 +78,29 @@ server { try_files /dev/null @api; } - location = /api/v1/users/me/avatar/pick { - limit_except POST { deny all; } - - client_max_body_size 2M; # default is 1M + location = /api/v1/videos/upload-resumable { + client_max_body_size 0; + proxy_request_buffering off; try_files /dev/null @api; } location = /api/v1/videos/upload { - limit_except POST { deny all; } - - # This is the maximum upload size, which roughly matches the maximum size of a video file - # you can send via the API or the web interface. By default we set it to 8GB, but administrators - # can increase or decrease the limit. Currently there's no way to communicate this limit - # to users automatically, so you may want to leave a note in your instance 'about' page if - # you change this. - # + limit_except POST HEAD { deny all; } + + # This is the maximum upload size, which roughly matches the maximum size of a video file. # Note that temporary space is needed equal to the total size of all concurrent uploads. # This data gets stored in /var/lib/nginx by default, so you may want to put this directory # on a dedicated filesystem. - client_max_body_size 8G; # default is 1M + client_max_body_size 12G; # default is 1M + add_header X-File-Maximum-Size 8G always; # inform backend of the set value in bytes before mime-encoding (x * 1.4 >= client_max_body_size) + + try_files /dev/null @api; + } + + location ~ ^/api/v1/(videos|video-playlists|video-channels|users/me) { + client_max_body_size 6M; # default is 1M + add_header X-File-Maximum-Size 4M always; # inform backend of the set value in bytes before mime-encoding (x * 1.4 >= client_max_body_size) try_files /dev/null @api; } @@ -161,6 +161,7 @@ server { keepalive_timeout 10s; # default is 75 resolver_timeout 10s; # default is 30 reset_timedout_connection on; + proxy_ignore_client_abort on; tcp_nopush on; # send headers in one piece tcp_nodelay on; # don't buffer data sent, good for small data bursts in real time @@ -250,7 +251,7 @@ server { sendfile_max_chunk 1M; # prevent one fast connection from entirely occupying the worker process. should be > 800k. aio threads; - # Use this in tandem with fuse-mounting i.e. https://docs.joinpeertube.org/#/admin-remote-storage + # Use this in tandem with fuse-mounting i.e. https://docs.joinpeertube.org/admin-remote-storage # to serve files directly from a public bucket without proxying. # Assumes you have buckets named after the storage subdirectories, i.e. 'videos', 'redundancy', etc. #set $cdn ;