Pleroma nginx settings

This commit is contained in:
Bob Mottram 2018-03-28 19:16:02 +01:00
parent d182a363b6
commit 3b1940c1f9
1 changed files with 40 additions and 28 deletions

View File

@ -1020,17 +1020,14 @@ function install_pleroma {
function_check nginx_http_redirect function_check nginx_http_redirect
nginx_http_redirect "$PLEROMA_DOMAIN_NAME" "index index.html" nginx_http_redirect "$PLEROMA_DOMAIN_NAME" "index index.html"
{ echo ''; { echo '';
echo 'proxy_cache_path /tmp/pleroma-media-cache levels=1:2 keys_zone=pleroma_media_cache:10m max_size=100m inactive=80m use_temp_path=off;'; echo 'proxy_cache_path /tmp/pleroma-media-cache levels=1:2 keys_zone=pleroma_media_cache:10m max_size=100m inactive=80m use_temp_path=off;';
echo ''; echo '';
echo 'server {'; echo 'server {';
echo ' listen 443 ssl http2;'; echo ' listen 443 ssl http2;';
echo ' #listen [::]:443 ssl http2;'; echo ' #listen [::]:443 ssl http2;';
echo " server_name $PLEROMA_DOMAIN_NAME;"; echo " server_name $PLEROMA_DOMAIN_NAME;";
echo ''; } >> "$pleroma_nginx_site" echo '';
function_check nginx_compress echo ' # Security'; } >> "$pleroma_nginx_site"
nginx_compress "$PLEROMA_DOMAIN_NAME"
echo '' >> "$pleroma_nginx_site"
echo ' # Security' >> "$pleroma_nginx_site"
function_check nginx_ssl function_check nginx_ssl
nginx_ssl "$PLEROMA_DOMAIN_NAME" nginx_ssl "$PLEROMA_DOMAIN_NAME"
@ -1054,10 +1051,14 @@ function install_pleroma {
echo ' gzip_http_version 1.1;'; echo ' gzip_http_version 1.1;';
echo ' gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript application/activity+json application/atom+xml;'; echo ' gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript application/activity+json application/atom+xml;';
echo ''; echo '';
echo ' location / {'; } >> "$pleroma_nginx_site" echo ' location / {';
function_check nginx_limits echo ' client_max_body_size 15m;';
nginx_limits "$PLEROMA_DOMAIN_NAME" '15m' echo ' client_body_buffer_size 15m;';
{ echo " add_header 'Access-Control-Allow-Origin' '*';"; echo '';
echo ' limit_conn conn_limit_per_ip 50;';
echo ' limit_req zone=req_limit_per_ip burst=50 nodelay;';
echo '';
echo " add_header 'Access-Control-Allow-Origin' '*';";
echo ' proxy_http_version 1.1;'; echo ' proxy_http_version 1.1;';
echo " proxy_set_header Upgrade \$http_upgrade;"; echo " proxy_set_header Upgrade \$http_upgrade;";
echo ' proxy_set_header Connection "upgrade";'; echo ' proxy_set_header Connection "upgrade";';
@ -1066,9 +1067,14 @@ function install_pleroma {
echo " proxy_pass http://localhost:$PLEROMA_PORT;"; echo " proxy_pass http://localhost:$PLEROMA_PORT;";
echo ' }'; echo ' }';
echo ''; echo '';
echo ' location /proxy {'; } >> "$pleroma_nginx_site" echo ' location /proxy {';
nginx_limits "$PLEROMA_DOMAIN_NAME" '15m' echo ' client_max_body_size 15m;';
{ echo ' proxy_cache pleroma_media_cache;'; echo ' client_body_buffer_size 15m;';
echo '';
echo ' limit_conn conn_limit_per_ip 50;';
echo ' limit_req zone=req_limit_per_ip burst=50 nodelay;';
echo '';
echo ' proxy_cache pleroma_media_cache;';
echo ' proxy_cache_lock on;'; echo ' proxy_cache_lock on;';
echo " proxy_pass http://localhost:$PLEROMA_PORT;"; echo " proxy_pass http://localhost:$PLEROMA_PORT;";
echo ' }'; echo ' }';
@ -1082,9 +1088,6 @@ function install_pleroma {
echo " listen 127.0.0.1:$PLEROMA_ONION_PORT default_server http2;"; echo " listen 127.0.0.1:$PLEROMA_ONION_PORT default_server http2;";
echo " server_name $PLEROMA_ONION_HOSTNAME;"; echo " server_name $PLEROMA_ONION_HOSTNAME;";
echo ''; } >> "$pleroma_nginx_site" echo ''; } >> "$pleroma_nginx_site"
function_check nginx_compress
nginx_compress "$PLEROMA_DOMAIN_NAME"
echo '' >> "$pleroma_nginx_site"
function_check nginx_security_options function_check nginx_security_options
nginx_security_options "$PLEROMA_DOMAIN_NAME" nginx_security_options "$PLEROMA_DOMAIN_NAME"
{ echo ''; { echo '';
@ -1103,10 +1106,14 @@ function install_pleroma {
echo ' gzip_http_version 1.1;'; echo ' gzip_http_version 1.1;';
echo ' gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript application/activity+json application/atom+xml;'; echo ' gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript application/activity+json application/atom+xml;';
echo ''; echo '';
echo ' location / {'; } >> "$pleroma_nginx_site" echo ' location / {';
function_check nginx_limits echo ' client_max_body_size 15m;';
nginx_limits "$PLEROMA_DOMAIN_NAME" '15m' echo ' client_body_buffer_size 15m;';
{ echo " add_header 'Access-Control-Allow-Origin' '*';"; echo '';
echo ' limit_conn conn_limit_per_ip 50;';
echo ' limit_req zone=req_limit_per_ip burst=50 nodelay;';
echo '';
echo " add_header 'Access-Control-Allow-Origin' '*';";
echo ' proxy_http_version 1.1;'; echo ' proxy_http_version 1.1;';
echo " proxy_set_header Upgrade \$http_upgrade;"; echo " proxy_set_header Upgrade \$http_upgrade;";
echo ' proxy_set_header Connection "upgrade";'; echo ' proxy_set_header Connection "upgrade";';
@ -1115,9 +1122,14 @@ function install_pleroma {
echo " proxy_pass http://localhost:$PLEROMA_PORT;"; echo " proxy_pass http://localhost:$PLEROMA_PORT;";
echo ' }'; echo ' }';
echo ''; echo '';
echo ' location /proxy {'; } >> "$pleroma_nginx_site" echo ' location /proxy {';
nginx_limits "$PLEROMA_DOMAIN_NAME" '15m' echo ' client_max_body_size 15m;';
{ echo ' proxy_cache pleroma_media_cache;'; echo ' client_body_buffer_size 15m;';
echo '';
echo ' limit_conn conn_limit_per_ip 50;';
echo ' limit_req zone=req_limit_per_ip burst=50 nodelay;';
echo '';
echo ' proxy_cache pleroma_media_cache;';
echo ' proxy_cache_lock on;'; echo ' proxy_cache_lock on;';
echo " proxy_pass http://localhost:$PLEROMA_PORT;"; echo " proxy_pass http://localhost:$PLEROMA_PORT;";
echo ' }'; echo ' }';