aboutsummaryrefslogtreecommitdiffhomepage
path: root/support/nginx
diff options
context:
space:
mode:
authorRigel Kent <sendmemail@rigelk.eu>2020-03-03 00:29:52 +0100
committerRigel Kent <sendmemail@rigelk.eu>2020-11-11 16:45:46 +0100
commit1a9b141d835cf3bfe9bdca67f881b520975f9058 (patch)
tree444b35656c7093250181121ccfadb870c5046be4 /support/nginx
parent8e98e6124d2b006ba9f616b0dfce7369fa7b2684 (diff)
downloadPeerTube-1a9b141d835cf3bfe9bdca67f881b520975f9058.tar.gz
PeerTube-1a9b141d835cf3bfe9bdca67f881b520975f9058.tar.zst
PeerTube-1a9b141d835cf3bfe9bdca67f881b520975f9058.zip
Add nginx behind traefik in docker-compose + image updates
- support/docker/production/docker-compose.yml: addition of a nginx image reusing support/nginx/peertube nginx conf to improve performance, and lessen setup differences between the docker-compose install and the typical production install. - support/docker/production/docker-compose.yml: postgres 10 -> postgres 12, redis 4 -> redis 5. Postgres major updates implies manual upgrade. - support/nginx/peertube: HTTP -> HTTPS redirection is now commented by default, to allow its reuse in support/docker/production/docker-compose.yml.
Diffstat (limited to 'support/nginx')
-rw-r--r--support/nginx/peertube42
1 files changed, 20 insertions, 22 deletions
diff --git a/support/nginx/peertube b/support/nginx/peertube
index a17868c5a..7f2c0f263 100644
--- a/support/nginx/peertube
+++ b/support/nginx/peertube
@@ -1,26 +1,24 @@
1server { 1# Uncomment in production to redirect HTTP to HTTPS. Leave commented for docker-compose.
2 listen 80; 2#server {
3 listen [::]:80; 3# listen 80;
4 server_name peertube.example.com; 4# listen [::]:80;
5 5# server_name ${WEBSERVER_HOST};
6 access_log /var/log/nginx/peertube.example.com.access.log; 6#
7 error_log /var/log/nginx/peertube.example.com.error.log; 7# location /.well-known/acme-challenge/ {
8 8# default_type "text/plain";
9 location /.well-known/acme-challenge/ { 9# root /var/www/certbot;
10 default_type "text/plain"; 10# }
11 root /var/www/certbot; 11# location / { return 301 https://$host$request_uri; }
12 } 12#}
13 location / { return 301 https://$host$request_uri; }
14}
15 13
16server { 14server {
17 listen 443 ssl http2; 15 listen 443 ssl http2;
18 listen [::]:443 ssl http2; 16 listen [::]:443 ssl http2;
19 server_name peertube.example.com; 17 server_name ${WEBSERVER_HOST};
20 18
21 # For example with certbot (you need a certificate to run https) 19 # For example with certbot (you need a certificate to run https)
22 ssl_certificate /etc/letsencrypt/live/peertube.example.com/fullchain.pem; 20 ssl_certificate /etc/letsencrypt/live/${WEBSERVER_HOST}/fullchain.pem;
23 ssl_certificate_key /etc/letsencrypt/live/peertube.example.com/privkey.pem; 21 ssl_certificate_key /etc/letsencrypt/live/${WEBSERVER_HOST}/privkey.pem;
24 22
25 # Security hardening (as of 11/02/2018) 23 # Security hardening (as of 11/02/2018)
26 ssl_protocols TLSv1.2; # TLSv1.3, TLSv1.2 if nginx >= 1.13.0 24 ssl_protocols TLSv1.2; # TLSv1.3, TLSv1.2 if nginx >= 1.13.0
@@ -51,8 +49,8 @@ server {
51 # See https://nginx.org/en/docs/http/ngx_http_core_module.html#client_body_temp_path 49 # See https://nginx.org/en/docs/http/ngx_http_core_module.html#client_body_temp_path
52 # client_body_temp_path /var/www/peertube/storage/nginx/; 50 # client_body_temp_path /var/www/peertube/storage/nginx/;
53 51
54 access_log /var/log/nginx/peertube.example.com.access.log; 52 access_log /var/log/nginx/${WEBSERVER_HOST}.access.log;
55 error_log /var/log/nginx/peertube.example.com.error.log; 53 error_log /var/log/nginx/${WEBSERVER_HOST}.error.log;
56 54
57 location ^~ '/.well-known/acme-challenge' { 55 location ^~ '/.well-known/acme-challenge' {
58 default_type "text/plain"; 56 default_type "text/plain";
@@ -92,7 +90,7 @@ server {
92 } 90 }
93 91
94 location / { 92 location / {
95 proxy_pass http://127.0.0.1:9000; 93 proxy_pass http://${PEERTUBE_HOST};
96 proxy_set_header X-Real-IP $remote_addr; 94 proxy_set_header X-Real-IP $remote_addr;
97 proxy_set_header Host $host; 95 proxy_set_header Host $host;
98 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 96 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
@@ -177,14 +175,14 @@ server {
177 proxy_http_version 1.1; 175 proxy_http_version 1.1;
178 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 176 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
179 proxy_set_header Host $host; 177 proxy_set_header Host $host;
180 proxy_pass http://127.0.0.1:9000; 178 proxy_pass http://${PEERTUBE_HOST};
181 } 179 }
182 180
183 location /socket.io { 181 location /socket.io {
184 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 182 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
185 proxy_set_header Host $host; 183 proxy_set_header Host $host;
186 184
187 proxy_pass http://127.0.0.1:9000; 185 proxy_pass http://${PEERTUBE_HOST};
188 186
189 # enable WebSockets 187 # enable WebSockets
190 proxy_http_version 1.1; 188 proxy_http_version 1.1;