X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=support%2Fnginx%2Fpeertube;h=86564d33d18f45333e22b5da98349ad939128bf6;hb=e01146559acd32e009ad7d399a4af151fa0d4c52;hp=641d254afcd55e9da4bf4add962dba083e47392b;hpb=d4132d3f56b392a2e4e632db59e6644e4851228e;p=github%2FChocobozzz%2FPeerTube.git diff --git a/support/nginx/peertube b/support/nginx/peertube index 641d254af..86564d33d 100644 --- a/support/nginx/peertube +++ b/support/nginx/peertube @@ -1,21 +1,19 @@ # Minimum Nginx version required: 1.13.0 (released Apr 25, 2017) # Please check your Nginx installation features the following modules via 'nginx -V': -# STANDARD HTTP MODULES: Core, Proxy, Rewrite. -# OPTIONAL HTTP MODULES: Gzip, Headers, HTTP/2, Log, Real IP, SSL, Thread Pool, Upstream. +# STANDARD HTTP MODULES: Core, Proxy, Rewrite, Access, Gzip, Headers, HTTP/2, Log, Real IP, SSL, Thread Pool, Upstream, AIO Multithreading. # THIRD PARTY MODULES: None. -# Uncomment in production to redirect HTTP to HTTPS. Leave commented for docker-compose. -#server { -# listen 80; -# listen [::]:80; -# server_name ${WEBSERVER_HOST}; -# -# location /.well-known/acme-challenge/ { -# default_type "text/plain"; -# root /var/www/certbot; -# } -# location / { return 301 https://$host$request_uri; } -#} +server { + listen 80; + listen [::]:80; + server_name ${WEBSERVER_HOST}; + + location /.well-known/acme-challenge/ { + default_type "text/plain"; + root /var/www/certbot; + } + location / { return 301 https://$host$request_uri; } +} upstream backend { server ${PEERTUBE_HOST}; @@ -33,8 +31,8 @@ server { # Certificates # you need a certificate to run in production. see https://letsencrypt.org/ ## - ssl_certificate /etc/letsencrypt/live/peertube/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/peertube/privkey.pem; + ssl_certificate /etc/letsencrypt/live/${WEBSERVER_HOST}/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/${WEBSERVER_HOST}/privkey.pem; location ^~ '/.well-known/acme-challenge' { default_type "text/plain"; @@ -80,11 +78,9 @@ server { try_files /dev/null @api; } - location = /api/v1/users/me/avatar/pick { - limit_except POST HEAD { deny all; } - - client_max_body_size 2M; # default is 1M - add_header X-File-Maximum-Size 2M always; # inform backend of the set value in bytes + location ~ ^/api/v1/(videos|video-playlists|users/me/avatar/pick)$ { + client_max_body_size 3M; # default is 1M + add_header X-File-Maximum-Size 2M always; # inform backend of the set value in bytes before mime-encoding (x * 1.4 >= client_max_body_size) try_files /dev/null @api; } @@ -96,8 +92,8 @@ server { # Note that temporary space is needed equal to the total size of all concurrent uploads. # This data gets stored in /var/lib/nginx by default, so you may want to put this directory # on a dedicated filesystem. - client_max_body_size 8G; # default is 1M - add_header X-File-Maximum-Size 8G always; # inform backend of the set value in bytes + client_max_body_size 12G; # default is 1M + add_header X-File-Maximum-Size 8G always; # inform backend of the set value in bytes before mime-encoding (x * 1.4 >= client_max_body_size) try_files /dev/null @api; } @@ -158,6 +154,7 @@ server { keepalive_timeout 10s; # default is 75 resolver_timeout 10s; # default is 30 reset_timedout_connection on; + proxy_ignore_client_abort on; tcp_nopush on; # send headers in one piece tcp_nodelay on; # don't buffer data sent, good for small data bursts in real time