diff options
Diffstat (limited to 'support/nginx/peertube')
| -rw-r--r-- | support/nginx/peertube | 16 |
1 files changed, 10 insertions, 6 deletions
diff --git a/support/nginx/peertube b/support/nginx/peertube index 50d3a919f..a17868c5a 100644 --- a/support/nginx/peertube +++ b/support/nginx/peertube | |||
| @@ -33,6 +33,8 @@ server { | |||
| 33 | ssl_session_tickets off; # Requires nginx >= 1.5.9 | 33 | ssl_session_tickets off; # Requires nginx >= 1.5.9 |
| 34 | ssl_stapling on; # Requires nginx >= 1.3.7 | 34 | ssl_stapling on; # Requires nginx >= 1.3.7 |
| 35 | ssl_stapling_verify on; # Requires nginx => 1.3.7 | 35 | ssl_stapling_verify on; # Requires nginx => 1.3.7 |
| 36 | # HSTS (https://hstspreload.org), requires to be copied in 'location' sections that have add_header directives | ||
| 37 | #add_header Strict-Transport-Security "max-age=63072000; includeSubDomains"; | ||
| 36 | 38 | ||
| 37 | # Configure with your resolvers | 39 | # Configure with your resolvers |
| 38 | # resolver $DNS-IP-1 $DNS-IP-2 valid=300s; | 40 | # resolver $DNS-IP-1 $DNS-IP-2 valid=300s; |
| @@ -49,12 +51,6 @@ server { | |||
| 49 | # See https://nginx.org/en/docs/http/ngx_http_core_module.html#client_body_temp_path | 51 | # See https://nginx.org/en/docs/http/ngx_http_core_module.html#client_body_temp_path |
| 50 | # client_body_temp_path /var/www/peertube/storage/nginx/; | 52 | # client_body_temp_path /var/www/peertube/storage/nginx/; |
| 51 | 53 | ||
| 52 | # Enable HSTS | ||
| 53 | # Tells browsers to stick with HTTPS and never visit the insecure HTTP | ||
| 54 | # version. Once a browser sees this header, it will only visit the site over | ||
| 55 | # HTTPS for the next 2 years: (read more on hstspreload.org) | ||
| 56 | #add_header Strict-Transport-Security "max-age=63072000; includeSubDomains"; | ||
| 57 | |||
| 58 | access_log /var/log/nginx/peertube.example.com.access.log; | 54 | access_log /var/log/nginx/peertube.example.com.access.log; |
| 59 | error_log /var/log/nginx/peertube.example.com.error.log; | 55 | error_log /var/log/nginx/peertube.example.com.error.log; |
| 60 | 56 | ||
| @@ -156,6 +152,14 @@ server { | |||
| 156 | 152 | ||
| 157 | root /var/www/peertube/storage; | 153 | root /var/www/peertube/storage; |
| 158 | 154 | ||
| 155 | # Use this in tandem with fuse-mounting i.e. https://docs.joinpeertube.org/#/admin-remote-storage | ||
| 156 | # to serve files directly from a public bucket without proxying. | ||
| 157 | # Assumes you have buckets named after the storage subdirectories, i.e. 'videos', 'redundancy', etc. | ||
| 158 | #set $cdn <your S3-compatiable bucket public url mounted via fuse>; | ||
| 159 | #rewrite ^/static/webseed/(.*)$ $cdn/videos/$1 redirect; | ||
| 160 | #rewrite ^/static/redundancy/(.*)$ $cdn/redundancy/$1 redirect; | ||
| 161 | #rewrite ^/static/streaming-playlists/(.*)$ $cdn/streaming-playlists/$1 redirect; | ||
| 162 | |||
| 159 | rewrite ^/static/webseed/(.*)$ /videos/$1 break; | 163 | rewrite ^/static/webseed/(.*)$ /videos/$1 break; |
| 160 | rewrite ^/static/redundancy/(.*)$ /redundancy/$1 break; | 164 | rewrite ^/static/redundancy/(.*)$ /redundancy/$1 break; |
| 161 | rewrite ^/static/streaming-playlists/(.*)$ /streaming-playlists/$1 break; | 165 | rewrite ^/static/streaming-playlists/(.*)$ /streaming-playlists/$1 break; |