Pleroma nginx settings

2018-03-28 19:16:02 +01:00 · 2018-03-28 19:16:02 +01:00 · 3b1940c1f9
parent d182a363b6
commit 3b1940c1f9
1 changed files with 40 additions and 28 deletions
--- a/src/freedombone-app-pleroma
+++ b/src/freedombone-app-pleroma
@ -1020,17 +1020,14 @@ function install_pleroma {
        function_check nginx_http_redirect
        nginx_http_redirect "$PLEROMA_DOMAIN_NAME" "index index.html"
        { echo '';
-        echo 'proxy_cache_path /tmp/pleroma-media-cache levels=1:2 keys_zone=pleroma_media_cache:10m max_size=100m inactive=80m use_temp_path=off;';
-        echo '';
-        echo 'server {';
-        echo '  listen 443 ssl http2;';
-        echo '  #listen [::]:443 ssl http2;';
-        echo "  server_name $PLEROMA_DOMAIN_NAME;";
-        echo ''; } >> "$pleroma_nginx_site"
-        function_check nginx_compress
-        nginx_compress "$PLEROMA_DOMAIN_NAME"
-        echo '' >> "$pleroma_nginx_site"
-        echo '  # Security' >> "$pleroma_nginx_site"
+          echo 'proxy_cache_path /tmp/pleroma-media-cache levels=1:2 keys_zone=pleroma_media_cache:10m max_size=100m inactive=80m use_temp_path=off;';
+          echo '';
+          echo 'server {';
+          echo '  listen 443 ssl http2;';
+          echo '  #listen [::]:443 ssl http2;';
+          echo "  server_name $PLEROMA_DOMAIN_NAME;";
+          echo '';
+          echo '  # Security'; } >> "$pleroma_nginx_site"
        function_check nginx_ssl
        nginx_ssl "$PLEROMA_DOMAIN_NAME"

@ -1054,10 +1051,14 @@ function install_pleroma {
          echo '  gzip_http_version 1.1;';
          echo '  gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript application/activity+json application/atom+xml;';
          echo '';
-          echo '  location / {'; } >> "$pleroma_nginx_site"
-        function_check nginx_limits
-        nginx_limits "$PLEROMA_DOMAIN_NAME" '15m'
-        { echo "    add_header 'Access-Control-Allow-Origin' '*';";
+          echo '  location / {';
+          echo '    client_max_body_size 15m;';
+          echo '    client_body_buffer_size 15m;';
+          echo '';
+          echo '    limit_conn conn_limit_per_ip 50;';
+          echo '    limit_req zone=req_limit_per_ip burst=50 nodelay;';
+          echo '';
+          echo "    add_header 'Access-Control-Allow-Origin' '*';";
          echo '    proxy_http_version 1.1;';
          echo "    proxy_set_header Upgrade \$http_upgrade;";
          echo '    proxy_set_header Connection "upgrade";';
@ -1066,9 +1067,14 @@ function install_pleroma {
          echo "    proxy_pass http://localhost:$PLEROMA_PORT;";
          echo '  }';
          echo '';
-          echo '  location /proxy {'; } >> "$pleroma_nginx_site"
-        nginx_limits "$PLEROMA_DOMAIN_NAME" '15m'
-        { echo '    proxy_cache pleroma_media_cache;';
+          echo '  location /proxy {';
+          echo '    client_max_body_size 15m;';
+          echo '    client_body_buffer_size 15m;';
+          echo '';
+          echo '    limit_conn conn_limit_per_ip 50;';
+          echo '    limit_req zone=req_limit_per_ip burst=50 nodelay;';
+          echo '';
+          echo '    proxy_cache pleroma_media_cache;';
          echo '    proxy_cache_lock on;';
          echo "    proxy_pass http://localhost:$PLEROMA_PORT;";
          echo '  }';
@ -1082,9 +1088,6 @@ function install_pleroma {
      echo "    listen 127.0.0.1:$PLEROMA_ONION_PORT default_server http2;";
      echo "    server_name $PLEROMA_ONION_HOSTNAME;";
      echo ''; } >> "$pleroma_nginx_site"
-    function_check nginx_compress
-    nginx_compress "$PLEROMA_DOMAIN_NAME"
-    echo '' >> "$pleroma_nginx_site"
    function_check nginx_security_options
    nginx_security_options "$PLEROMA_DOMAIN_NAME"
    { echo '';
@ -1103,10 +1106,14 @@ function install_pleroma {
      echo '  gzip_http_version 1.1;';
      echo '  gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript application/activity+json application/atom+xml;';
      echo '';
-      echo '  location / {'; } >> "$pleroma_nginx_site"
-    function_check nginx_limits
-    nginx_limits "$PLEROMA_DOMAIN_NAME" '15m'
-    { echo "      add_header 'Access-Control-Allow-Origin' '*';";
+      echo '  location / {';
+      echo '    client_max_body_size 15m;';
+      echo '    client_body_buffer_size 15m;';
+      echo '';
+      echo '    limit_conn conn_limit_per_ip 50;';
+      echo '    limit_req zone=req_limit_per_ip burst=50 nodelay;';
+      echo '';
+      echo "      add_header 'Access-Control-Allow-Origin' '*';";
      echo '      proxy_http_version 1.1;';
      echo "      proxy_set_header Upgrade \$http_upgrade;";
      echo '      proxy_set_header Connection "upgrade";';
@ -1115,9 +1122,14 @@ function install_pleroma {
      echo "      proxy_pass http://localhost:$PLEROMA_PORT;";
      echo '  }';
      echo '';
-      echo '  location /proxy {'; } >> "$pleroma_nginx_site"
-    nginx_limits "$PLEROMA_DOMAIN_NAME" '15m'
-    { echo '    proxy_cache pleroma_media_cache;';
+      echo '  location /proxy {';
+      echo '    client_max_body_size 15m;';
+      echo '    client_body_buffer_size 15m;';
+      echo '';
+      echo '    limit_conn conn_limit_per_ip 50;';
+      echo '    limit_req zone=req_limit_per_ip burst=50 nodelay;';
+      echo '';
+      echo '    proxy_cache pleroma_media_cache;';
      echo '    proxy_cache_lock on;';
      echo "    proxy_pass http://localhost:$PLEROMA_PORT;";
      echo '  }';