|
@@ -0,0 +1,106 @@
|
|
1
|
+map $http_upgrade $connection_upgrade {
|
|
2
|
+ default upgrade;
|
|
3
|
+ '' close;
|
|
4
|
+}
|
|
5
|
+
|
|
6
|
+proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=CACHE:10m inactive=7d max_size=1g;
|
|
7
|
+
|
|
8
|
+server {
|
|
9
|
+ listen 80;
|
|
10
|
+ listen [::]:80;
|
|
11
|
+ server_name example.com;
|
|
12
|
+ root /home/mastodon/live/public;
|
|
13
|
+ location /.well-known/acme-challenge/ { allow all; }
|
|
14
|
+ location / { return 301 https://$host$request_uri; }
|
|
15
|
+}
|
|
16
|
+
|
|
17
|
+server {
|
|
18
|
+ listen 443 ssl http2;
|
|
19
|
+ listen [::]:443 ssl http2;
|
|
20
|
+ server_name example.com;
|
|
21
|
+
|
|
22
|
+ ssl_protocols TLSv1.2;
|
|
23
|
+ ssl_ciphers HIGH:!MEDIUM:!LOW:!aNULL:!NULL:!SHA;
|
|
24
|
+ ssl_prefer_server_ciphers on;
|
|
25
|
+ ssl_session_cache shared:SSL:10m;
|
|
26
|
+
|
|
27
|
+ # Uncomment these lines once you acquire a certificate:
|
|
28
|
+ # ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
|
|
29
|
+ # ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
|
|
30
|
+
|
|
31
|
+ keepalive_timeout 70;
|
|
32
|
+ sendfile on;
|
|
33
|
+ client_max_body_size 80m;
|
|
34
|
+
|
|
35
|
+ root /home/mastodon/live/public;
|
|
36
|
+
|
|
37
|
+ gzip on;
|
|
38
|
+ gzip_disable "msie6";
|
|
39
|
+ gzip_vary on;
|
|
40
|
+ gzip_proxied any;
|
|
41
|
+ gzip_comp_level 6;
|
|
42
|
+ gzip_buffers 16 8k;
|
|
43
|
+ gzip_http_version 1.1;
|
|
44
|
+ gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
|
|
45
|
+
|
|
46
|
+ add_header Strict-Transport-Security "max-age=31536000";
|
|
47
|
+
|
|
48
|
+ location / {
|
|
49
|
+ try_files $uri @proxy;
|
|
50
|
+ }
|
|
51
|
+
|
|
52
|
+ location ~ ^/(emoji|packs|system/accounts/avatars|system/media_attachments/files) {
|
|
53
|
+ add_header Cache-Control "public, max-age=31536000, immutable";
|
|
54
|
+ add_header Strict-Transport-Security "max-age=31536000";
|
|
55
|
+ try_files $uri @proxy;
|
|
56
|
+ }
|
|
57
|
+
|
|
58
|
+ location /sw.js {
|
|
59
|
+ add_header Cache-Control "public, max-age=0";
|
|
60
|
+ add_header Strict-Transport-Security "max-age=31536000";
|
|
61
|
+ try_files $uri @proxy;
|
|
62
|
+ }
|
|
63
|
+
|
|
64
|
+ location @proxy {
|
|
65
|
+ proxy_set_header Host $host;
|
|
66
|
+ proxy_set_header X-Real-IP $remote_addr;
|
|
67
|
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
68
|
+ proxy_set_header X-Forwarded-Proto https;
|
|
69
|
+ proxy_set_header Proxy "";
|
|
70
|
+ proxy_pass_header Server;
|
|
71
|
+
|
|
72
|
+ proxy_pass http://127.0.0.1:3000;
|
|
73
|
+ proxy_buffering on;
|
|
74
|
+ proxy_redirect off;
|
|
75
|
+ proxy_http_version 1.1;
|
|
76
|
+ proxy_set_header Upgrade $http_upgrade;
|
|
77
|
+ proxy_set_header Connection $connection_upgrade;
|
|
78
|
+
|
|
79
|
+ proxy_cache CACHE;
|
|
80
|
+ proxy_cache_valid 200 7d;
|
|
81
|
+ proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
|
|
82
|
+ add_header X-Cached $upstream_cache_status;
|
|
83
|
+ add_header Strict-Transport-Security "max-age=31536000";
|
|
84
|
+
|
|
85
|
+ tcp_nodelay on;
|
|
86
|
+ }
|
|
87
|
+
|
|
88
|
+ location /api/v1/streaming {
|
|
89
|
+ proxy_set_header Host $host;
|
|
90
|
+ proxy_set_header X-Real-IP $remote_addr;
|
|
91
|
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
92
|
+ proxy_set_header X-Forwarded-Proto https;
|
|
93
|
+ proxy_set_header Proxy "";
|
|
94
|
+
|
|
95
|
+ proxy_pass http://127.0.0.1:4000;
|
|
96
|
+ proxy_buffering off;
|
|
97
|
+ proxy_redirect off;
|
|
98
|
+ proxy_http_version 1.1;
|
|
99
|
+ proxy_set_header Upgrade $http_upgrade;
|
|
100
|
+ proxy_set_header Connection $connection_upgrade;
|
|
101
|
+
|
|
102
|
+ tcp_nodelay on;
|
|
103
|
+ }
|
|
104
|
+
|
|
105
|
+ error_page 500 501 502 503 504 /500.html;
|
|
106
|
+}
|