diff options
author | Rigel Kent <sendmemail@rigelk.eu> | 2020-11-22 16:10:09 +0100 |
---|---|---|
committer | Rigel Kent <sendmemail@rigelk.eu> | 2020-11-23 10:03:48 +0100 |
commit | b2aecc1ecbed7449b9486812c573993b4582a267 (patch) | |
tree | 104f864c8953dc2acd5abaa8368b64f50508a52b /support | |
parent | 488a80fbc0f3adbbf37603c446f103ff05eb4a6d (diff) | |
download | PeerTube-b2aecc1ecbed7449b9486812c573993b4582a267.tar.gz PeerTube-b2aecc1ecbed7449b9486812c573993b4582a267.tar.zst PeerTube-b2aecc1ecbed7449b9486812c573993b4582a267.zip |
factorize nginx websocket and per route limits
Diffstat (limited to 'support')
-rw-r--r-- | support/nginx/peertube | 107 |
1 files changed, 62 insertions, 45 deletions
diff --git a/support/nginx/peertube b/support/nginx/peertube index 6d1c89459..f1ef4ccd1 100644 --- a/support/nginx/peertube +++ b/support/nginx/peertube | |||
@@ -1,6 +1,6 @@ | |||
1 | # Minimum Nginx version required: 1.13.0 (released Apr 25, 2017) | 1 | # Minimum Nginx version required: 1.13.0 (released Apr 25, 2017) |
2 | # Please check your Nginx installation features the following modules via 'nginx -V': | 2 | # Please check your Nginx installation features the following modules via 'nginx -V': |
3 | # STANDARD HTTP MODULES: Core, Map, Proxy, Rewrite. | 3 | # STANDARD HTTP MODULES: Core, Proxy, Rewrite. |
4 | # OPTIONAL HTTP MODULES: Gzip, Headers, HTTP/2, Log, Real IP, SSL, Thread Pool, Upstream. | 4 | # OPTIONAL HTTP MODULES: Gzip, Headers, HTTP/2, Log, Real IP, SSL, Thread Pool, Upstream. |
5 | # THIRD PARTY MODULES: None. | 5 | # THIRD PARTY MODULES: None. |
6 | 6 | ||
@@ -61,13 +61,38 @@ server { | |||
61 | # Application | 61 | # Application |
62 | ## | 62 | ## |
63 | 63 | ||
64 | location / { | 64 | location @api { |
65 | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | 65 | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; |
66 | proxy_set_header Host $host; | 66 | proxy_set_header Host $host; |
67 | proxy_set_header X-Real-IP $remote_addr; | 67 | proxy_set_header X-Real-IP $remote_addr; |
68 | 68 | ||
69 | client_max_body_size 100k; # default is 1M | ||
70 | |||
71 | proxy_connect_timeout 10m; | ||
72 | proxy_send_timeout 10m; | ||
73 | proxy_read_timeout 10m; | ||
74 | send_timeout 10m; | ||
75 | |||
76 | proxy_pass http://backend; | ||
77 | } | ||
78 | |||
79 | location / { | ||
80 | try_files /dev/null @api; | ||
81 | } | ||
82 | |||
83 | location = /api/v1/users/me/avatar/pick { | ||
84 | limit_except POST { deny all; } | ||
85 | |||
86 | client_max_body_size 2M; # default is 1M | ||
87 | |||
88 | try_files /dev/null @api; | ||
89 | } | ||
90 | |||
91 | location = /api/v1/videos/upload { | ||
92 | limit_except POST { deny all; } | ||
93 | |||
69 | # This is the maximum upload size, which roughly matches the maximum size of a video file | 94 | # This is the maximum upload size, which roughly matches the maximum size of a video file |
70 | # you can send via the API or the web interface. By default this is 8GB, but administrators | 95 | # you can send via the API or the web interface. By default we set it to 8GB, but administrators |
71 | # can increase or decrease the limit. Currently there's no way to communicate this limit | 96 | # can increase or decrease the limit. Currently there's no way to communicate this limit |
72 | # to users automatically, so you may want to leave a note in your instance 'about' page if | 97 | # to users automatically, so you may want to leave a note in your instance 'about' page if |
73 | # you change this. | 98 | # you change this. |
@@ -75,21 +100,16 @@ server { | |||
75 | # Note that temporary space is needed equal to the total size of all concurrent uploads. | 100 | # Note that temporary space is needed equal to the total size of all concurrent uploads. |
76 | # This data gets stored in /var/lib/nginx by default, so you may want to put this directory | 101 | # This data gets stored in /var/lib/nginx by default, so you may want to put this directory |
77 | # on a dedicated filesystem. | 102 | # on a dedicated filesystem. |
78 | client_max_body_size 8G; | 103 | client_max_body_size 8G; # default is 1M |
79 | |||
80 | proxy_connect_timeout 600s; | ||
81 | proxy_send_timeout 600s; | ||
82 | proxy_read_timeout 600s; | ||
83 | send_timeout 600s; | ||
84 | 104 | ||
85 | proxy_pass http://backend; | 105 | try_files /dev/null @api; |
86 | } | 106 | } |
87 | 107 | ||
88 | ## | 108 | ## |
89 | # Websocket | 109 | # Websocket |
90 | ## | 110 | ## |
91 | 111 | ||
92 | location /tracker/socket { | 112 | location @api_websocket { |
93 | proxy_http_version 1.1; | 113 | proxy_http_version 1.1; |
94 | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | 114 | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; |
95 | proxy_set_header Host $host; | 115 | proxy_set_header Host $host; |
@@ -97,22 +117,19 @@ server { | |||
97 | proxy_set_header Upgrade $http_upgrade; | 117 | proxy_set_header Upgrade $http_upgrade; |
98 | proxy_set_header Connection "upgrade"; | 118 | proxy_set_header Connection "upgrade"; |
99 | 119 | ||
100 | # Peers send a message to the tracker every 15 minutes | ||
101 | # Don't close the websocket before then | ||
102 | proxy_read_timeout 1200s; # default is 60s | ||
103 | |||
104 | proxy_pass http://backend; | 120 | proxy_pass http://backend; |
105 | } | 121 | } |
106 | 122 | ||
107 | location /socket.io { | 123 | location /socket.io { |
108 | proxy_http_version 1.1; | 124 | try_files /dev/null @api_websocket; |
109 | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | 125 | } |
110 | proxy_set_header Host $host; | ||
111 | proxy_set_header X-Real-IP $remote_addr; | ||
112 | proxy_set_header Upgrade $http_upgrade; | ||
113 | proxy_set_header Connection "upgrade"; | ||
114 | 126 | ||
115 | proxy_pass http://backend; | 127 | location /tracker/socket { |
128 | # Peers send a message to the tracker every 15 minutes | ||
129 | # Don't close the websocket before then | ||
130 | proxy_read_timeout 15m; # default is 60s | ||
131 | |||
132 | try_files /dev/null @api_websocket; | ||
116 | } | 133 | } |
117 | 134 | ||
118 | ## | 135 | ## |
@@ -152,14 +169,14 @@ server { | |||
152 | # See https://nginx.org/en/docs/http/ngx_http_core_module.html#client_body_temp_path | 169 | # See https://nginx.org/en/docs/http/ngx_http_core_module.html#client_body_temp_path |
153 | #client_body_temp_path /var/www/peertube/storage/nginx/; | 170 | #client_body_temp_path /var/www/peertube/storage/nginx/; |
154 | 171 | ||
155 | # Bypass PeerTube for performance reasons. Could be removed | 172 | # Bypass PeerTube for performance reasons. Optional. |
156 | # Should be consistent with client-overrides assets list in /server/controllers/client.ts | 173 | # Should be consistent with client-overrides assets list in /server/controllers/client.ts |
157 | location ~ ^/client/(assets/images/(icons/icon-36x36\.png|icons/icon-48x48\.png|icons/icon-72x72\.png|icons/icon-96x96\.png|icons/icon-144x144\.png|icons/icon-192x192\.png|icons/icon-512x512\.png|logo\.svg|favicon\.png))$ { | 174 | location ~ ^/client/(assets/images/(icons/icon-36x36\.png|icons/icon-48x48\.png|icons/icon-72x72\.png|icons/icon-96x96\.png|icons/icon-144x144\.png|icons/icon-192x192\.png|icons/icon-512x512\.png|logo\.svg|favicon\.png))$ { |
158 | add_header Cache-Control "public, max-age=31536000, immutable"; # Cache 1 year | 175 | add_header Cache-Control "public, max-age=31536000, immutable"; # Cache 1 year |
159 | 176 | ||
160 | root /var/www/peertube; | 177 | root /var/www/peertube; |
161 | 178 | ||
162 | try_files /storage/client-overrides/$1 /peertube-latest/client/dist/$1 /; | 179 | try_files /storage/client-overrides/$1 /peertube-latest/client/dist/$1 @api; |
163 | } | 180 | } |
164 | 181 | ||
165 | # Bypass PeerTube for performance reasons. Optional. | 182 | # Bypass PeerTube for performance reasons. Optional. |
@@ -172,23 +189,23 @@ server { | |||
172 | # Bypass PeerTube for performance reasons. Optional. | 189 | # Bypass PeerTube for performance reasons. Optional. |
173 | location ~ ^/static/(thumbnails|avatars)/ { | 190 | location ~ ^/static/(thumbnails|avatars)/ { |
174 | if ($request_method = 'OPTIONS') { | 191 | if ($request_method = 'OPTIONS') { |
175 | add_header 'Access-Control-Allow-Origin' '*'; | 192 | add_header Access-Control-Allow-Origin '*'; |
176 | add_header 'Access-Control-Allow-Methods' 'GET, OPTIONS'; | 193 | add_header Access-Control-Allow-Methods 'GET, OPTIONS'; |
177 | add_header 'Access-Control-Allow-Headers' 'Range,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type'; | 194 | add_header Access-Control-Allow-Headers 'Range,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type'; |
178 | add_header 'Access-Control-Max-Age' 1728000; # Preflight request can be cached 20 days | 195 | add_header Access-Control-Max-Age 1728000; # Preflight request can be cached 20 days |
179 | add_header 'Content-Type' 'text/plain charset=UTF-8'; | 196 | add_header Content-Type 'text/plain charset=UTF-8'; |
180 | add_header 'Content-Length' 0; | 197 | add_header Content-Length 0; |
181 | return 204; | 198 | return 204; |
182 | } | 199 | } |
183 | 200 | ||
184 | add_header 'Access-Control-Allow-Origin' '*'; | 201 | add_header Access-Control-Allow-Origin '*'; |
185 | add_header 'Access-Control-Allow-Methods' 'GET, OPTIONS'; | 202 | add_header Access-Control-Allow-Methods 'GET, OPTIONS'; |
186 | add_header 'Access-Control-Allow-Headers' 'Range,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type'; | 203 | add_header Access-Control-Allow-Headers 'Range,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type'; |
187 | add_header Cache-Control "public, max-age=7200"; # Cache response 2 hours | 204 | add_header Cache-Control "public, max-age=7200"; # Cache response 2 hours |
188 | 205 | ||
189 | rewrite ^/static/(.*)$ /$1 break; | 206 | rewrite ^/static/(.*)$ /$1 break; |
190 | 207 | ||
191 | try_files $uri /; | 208 | try_files $uri @api; |
192 | } | 209 | } |
193 | 210 | ||
194 | # Bypass PeerTube for performance reasons. Optional. | 211 | # Bypass PeerTube for performance reasons. Optional. |
@@ -209,19 +226,19 @@ server { | |||
209 | set $limit_rate $peertube_limit_rate; | 226 | set $limit_rate $peertube_limit_rate; |
210 | 227 | ||
211 | if ($request_method = 'OPTIONS') { | 228 | if ($request_method = 'OPTIONS') { |
212 | add_header 'Access-Control-Allow-Origin' '*'; | 229 | add_header Access-Control-Allow-Origin '*'; |
213 | add_header 'Access-Control-Allow-Methods' 'GET, OPTIONS'; | 230 | add_header Access-Control-Allow-Methods 'GET, OPTIONS'; |
214 | add_header 'Access-Control-Allow-Headers' 'Range,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type'; | 231 | add_header Access-Control-Allow-Headers 'Range,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type'; |
215 | add_header 'Access-Control-Max-Age' 1728000; # Preflight request can be cached 20 days | 232 | add_header Access-Control-Max-Age 1728000; # Preflight request can be cached 20 days |
216 | add_header 'Content-Type' 'text/plain charset=UTF-8'; | 233 | add_header Content-Type 'text/plain charset=UTF-8'; |
217 | add_header 'Content-Length' 0; | 234 | add_header Content-Length 0; |
218 | return 204; | 235 | return 204; |
219 | } | 236 | } |
220 | 237 | ||
221 | if ($request_method = 'GET') { | 238 | if ($request_method = 'GET') { |
222 | add_header 'Access-Control-Allow-Origin' '*'; | 239 | add_header Access-Control-Allow-Origin '*'; |
223 | add_header 'Access-Control-Allow-Methods' 'GET, OPTIONS'; | 240 | add_header Access-Control-Allow-Methods 'GET, OPTIONS'; |
224 | add_header 'Access-Control-Allow-Headers' 'Range,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type'; | 241 | add_header Access-Control-Allow-Headers 'Range,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type'; |
225 | 242 | ||
226 | # Don't spam access log file with byte range requests | 243 | # Don't spam access log file with byte range requests |
227 | access_log off; | 244 | access_log off; |
@@ -242,6 +259,6 @@ server { | |||
242 | rewrite ^/static/webseed/(.*)$ /videos/$1 break; | 259 | rewrite ^/static/webseed/(.*)$ /videos/$1 break; |
243 | rewrite ^/static/(.*)$ /$1 break; | 260 | rewrite ^/static/(.*)$ /$1 break; |
244 | 261 | ||
245 | try_files $uri /; | 262 | try_files $uri @api; |
246 | } | 263 | } |
247 | } | 264 | } |