From 3b1940c1f9db9e51fa43e6fe4e0934e9728d935a Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Wed, 28 Mar 2018 19:16:02 +0100
Subject: [PATCH] Pleroma nginx settings

---
 src/freedombone-app-pleroma | 68 ++++++++++++++++++++++---------------
 1 file changed, 40 insertions(+), 28 deletions(-)

diff --git a/src/freedombone-app-pleroma b/src/freedombone-app-pleroma
index f294c06b..aee4f989 100755
--- a/src/freedombone-app-pleroma
+++ b/src/freedombone-app-pleroma
@@ -1020,17 +1020,14 @@ function install_pleroma {
         function_check nginx_http_redirect
         nginx_http_redirect "$PLEROMA_DOMAIN_NAME" "index index.html"
         { echo '';
-        echo 'proxy_cache_path /tmp/pleroma-media-cache levels=1:2 keys_zone=pleroma_media_cache:10m max_size=100m inactive=80m use_temp_path=off;';
-        echo '';
-        echo 'server {';
-        echo '  listen 443 ssl http2;';
-        echo '  #listen [::]:443 ssl http2;';
-        echo "  server_name $PLEROMA_DOMAIN_NAME;";
-        echo ''; } >> "$pleroma_nginx_site"
-        function_check nginx_compress
-        nginx_compress "$PLEROMA_DOMAIN_NAME"
-        echo '' >> "$pleroma_nginx_site"
-        echo '  # Security' >> "$pleroma_nginx_site"
+          echo 'proxy_cache_path /tmp/pleroma-media-cache levels=1:2 keys_zone=pleroma_media_cache:10m max_size=100m inactive=80m use_temp_path=off;';
+          echo '';
+          echo 'server {';
+          echo '  listen 443 ssl http2;';
+          echo '  #listen [::]:443 ssl http2;';
+          echo "  server_name $PLEROMA_DOMAIN_NAME;";
+          echo '';
+          echo '  # Security'; } >> "$pleroma_nginx_site"
         function_check nginx_ssl
         nginx_ssl "$PLEROMA_DOMAIN_NAME"
 
@@ -1054,10 +1051,14 @@ function install_pleroma {
           echo '  gzip_http_version 1.1;';
           echo '  gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript application/activity+json application/atom+xml;';
           echo '';
-          echo '  location / {'; } >> "$pleroma_nginx_site"
-        function_check nginx_limits
-        nginx_limits "$PLEROMA_DOMAIN_NAME" '15m'
-        { echo "    add_header 'Access-Control-Allow-Origin' '*';";
+          echo '  location / {';
+          echo '    client_max_body_size 15m;';
+          echo '    client_body_buffer_size 15m;';
+          echo '';
+          echo '    limit_conn conn_limit_per_ip 50;';
+          echo '    limit_req zone=req_limit_per_ip burst=50 nodelay;';
+          echo '';
+          echo "    add_header 'Access-Control-Allow-Origin' '*';";
           echo '    proxy_http_version 1.1;';
           echo "    proxy_set_header Upgrade \$http_upgrade;";
           echo '    proxy_set_header Connection "upgrade";';
@@ -1066,9 +1067,14 @@ function install_pleroma {
           echo "    proxy_pass http://localhost:$PLEROMA_PORT;";
           echo '  }';
           echo '';
-          echo '  location /proxy {'; } >> "$pleroma_nginx_site"
-        nginx_limits "$PLEROMA_DOMAIN_NAME" '15m'
-        { echo '    proxy_cache pleroma_media_cache;';
+          echo '  location /proxy {';
+          echo '    client_max_body_size 15m;';
+          echo '    client_body_buffer_size 15m;';
+          echo '';
+          echo '    limit_conn conn_limit_per_ip 50;';
+          echo '    limit_req zone=req_limit_per_ip burst=50 nodelay;';
+          echo '';
+          echo '    proxy_cache pleroma_media_cache;';
           echo '    proxy_cache_lock on;';
           echo "    proxy_pass http://localhost:$PLEROMA_PORT;";
           echo '  }';
@@ -1082,9 +1088,6 @@ function install_pleroma {
       echo "    listen 127.0.0.1:$PLEROMA_ONION_PORT default_server http2;";
       echo "    server_name $PLEROMA_ONION_HOSTNAME;";
       echo ''; } >> "$pleroma_nginx_site"
-    function_check nginx_compress
-    nginx_compress "$PLEROMA_DOMAIN_NAME"
-    echo '' >> "$pleroma_nginx_site"
     function_check nginx_security_options
     nginx_security_options "$PLEROMA_DOMAIN_NAME"
     { echo '';
@@ -1103,10 +1106,14 @@ function install_pleroma {
       echo '  gzip_http_version 1.1;';
       echo '  gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript application/activity+json application/atom+xml;';
       echo '';
-      echo '  location / {'; } >> "$pleroma_nginx_site"
-    function_check nginx_limits
-    nginx_limits "$PLEROMA_DOMAIN_NAME" '15m'
-    { echo "      add_header 'Access-Control-Allow-Origin' '*';";
+      echo '  location / {';
+      echo '    client_max_body_size 15m;';
+      echo '    client_body_buffer_size 15m;';
+      echo '';
+      echo '    limit_conn conn_limit_per_ip 50;';
+      echo '    limit_req zone=req_limit_per_ip burst=50 nodelay;';
+      echo '';
+      echo "      add_header 'Access-Control-Allow-Origin' '*';";
       echo '      proxy_http_version 1.1;';
       echo "      proxy_set_header Upgrade \$http_upgrade;";
       echo '      proxy_set_header Connection "upgrade";';
@@ -1115,9 +1122,14 @@ function install_pleroma {
       echo "      proxy_pass http://localhost:$PLEROMA_PORT;";
       echo '  }';
       echo '';
-      echo '  location /proxy {'; } >> "$pleroma_nginx_site"
-    nginx_limits "$PLEROMA_DOMAIN_NAME" '15m'
-    { echo '    proxy_cache pleroma_media_cache;';
+      echo '  location /proxy {';
+      echo '    client_max_body_size 15m;';
+      echo '    client_body_buffer_size 15m;';
+      echo '';
+      echo '    limit_conn conn_limit_per_ip 50;';
+      echo '    limit_req zone=req_limit_per_ip burst=50 nodelay;';
+      echo '';
+      echo '    proxy_cache pleroma_media_cache;';
       echo '    proxy_cache_lock on;';
       echo "    proxy_pass http://localhost:$PLEROMA_PORT;";
       echo '  }';