aboutsummaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
authorChocobozzz <me@florianbigard.com>2022-10-25 15:48:00 +0200
committerChocobozzz <me@florianbigard.com>2022-10-25 15:48:00 +0200
commit216fa9d5793469f2ad958363fb270990fbce3787 (patch)
treee50c01aef8e6b5e160fa97552622b8db56f300f6
parentae7b0cbbcf05f7847dee765d8def9cf91052aec0 (diff)
downloadPeerTube-216fa9d5793469f2ad958363fb270990fbce3787.tar.gz
PeerTube-216fa9d5793469f2ad958363fb270990fbce3787.tar.zst
PeerTube-216fa9d5793469f2ad958363fb270990fbce3787.zip
Update nginx template
Add rate limit to download and private static files
-rw-r--r--support/nginx/peertube18
1 files changed, 13 insertions, 5 deletions
diff --git a/support/nginx/peertube b/support/nginx/peertube
index cf200ba00..aeeb5a612 100644
--- a/support/nginx/peertube
+++ b/support/nginx/peertube
@@ -214,8 +214,16 @@ server {
214 try_files $uri @api; 214 try_files $uri @api;
215 } 215 }
216 216
217 location ~ ^/static/(webseed|streaming-playlists)/private/ { 217 location ~ ^(/static/(webseed|streaming-playlists)/private/)|^/download {
218 try_files /dev/null @api; 218 # We can't rate limit a try_files directive, so we need to duplicate @api
219
220 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
221 proxy_set_header Host $host;
222 proxy_set_header X-Real-IP $remote_addr;
223
224 proxy_limit_rate 5M;
225
226 proxy_pass http://backend;
219 } 227 }
220 228
221 # Bypass PeerTube for performance reasons. Optional. 229 # Bypass PeerTube for performance reasons. Optional.
@@ -231,9 +239,9 @@ server {
231 } 239 }
232 240
233 # Use this line with nginx >= 1.17.0 241 # Use this line with nginx >= 1.17.0
234 #limit_rate $peertube_limit_rate; 242 limit_rate $peertube_limit_rate;
235 # Or this line if your nginx < 1.17.0 243 # Or this line with nginx < 1.17.0
236 set $limit_rate $peertube_limit_rate; 244 # set $limit_rate $peertube_limit_rate;
237 245
238 if ($request_method = 'OPTIONS') { 246 if ($request_method = 'OPTIONS') {
239 add_header Access-Control-Allow-Origin '*'; 247 add_header Access-Control-Allow-Origin '*';