2018-04-17 00:02:25 +02:00
|
|
|
location / {
|
2018-05-10 23:20:19 +02:00
|
|
|
alias __FINALPATH__/front/dist/;
|
2018-06-23 22:30:47 +02:00
|
|
|
|
|
|
|
|
if ($scheme = http) {
|
|
|
|
|
rewrite ^ https://$server_name$request_uri? permanent;
|
|
|
|
|
}
|
|
|
|
|
|
2018-04-17 00:02:25 +02:00
|
|
|
try_files $uri $uri/ @rewrites;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
location @rewrites {
|
|
|
|
|
rewrite ^(.+)$ /index.html last;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
location /api/ {
|
|
|
|
|
include __FINALPATH__/deploy/funkwhale_proxy.conf;
|
|
|
|
|
# this is needed if you have file import via upload enabled
|
|
|
|
|
client_max_body_size 30M;
|
|
|
|
|
proxy_pass http://127.0.0.1:__PORT__/api/;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
location /federation/ {
|
|
|
|
|
include __FINALPATH__/deploy/funkwhale_proxy.conf;
|
|
|
|
|
proxy_pass http://127.0.0.1:__PORT__/federation/;
|
|
|
|
|
}
|
|
|
|
|
|
2018-05-10 18:54:23 +02:00
|
|
|
location /.well-known/ {
|
2018-04-17 00:02:25 +02:00
|
|
|
include __FINALPATH__/deploy/funkwhale_proxy.conf;
|
2018-05-10 18:54:23 +02:00
|
|
|
proxy_pass http://127.0.0.1:__PORT__/.well-known/;
|
2018-04-17 00:02:25 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
location /media/ {
|
|
|
|
|
alias __FINALPATH__/data/media/;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
location __PATH__/_protected/media/ {
|
|
|
|
|
# this is an internal location that is used to serve
|
|
|
|
|
# audio files once correct permission / authentication
|
|
|
|
|
# has been checked on API side
|
|
|
|
|
internal;
|
|
|
|
|
alias __FINALPATH__/data/media/;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
# Transcoding logic and caching
|
|
|
|
|
# TODO: try to enable this
|
|
|
|
|
# https://code.eliotberriot.com/funkwhale/funkwhale/blob/0.8/deploy/nginx.conf#L4
|
|
|
|
|
# https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_cache
|
|
|
|
|
|
|
|
|
|
location = /transcode-auth {
|
|
|
|
|
include __FINALPATH__/deploy/funkwhale_proxy.conf;
|
|
|
|
|
# needed so we can authenticate transcode requests, but still
|
|
|
|
|
# cache the result
|
|
|
|
|
internal;
|
|
|
|
|
set $query '';
|
|
|
|
|
# ensure we actually pass the jwt to the underlytin auth url
|
|
|
|
|
if ($request_uri ~* "[^\?]+\?(.*)$") {
|
|
|
|
|
set $query $1;
|
|
|
|
|
}
|
|
|
|
|
proxy_pass http://127.0.0.1:__PORT__/api/v1/trackfiles/viewable/?$query;
|
|
|
|
|
proxy_pass_request_body off;
|
|
|
|
|
proxy_set_header Content-Length "";
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
location /api/v1/trackfiles/transcode/ {
|
|
|
|
|
include __FINALPATH__/deploy/funkwhale_proxy.conf;
|
|
|
|
|
# this block deals with authenticating and caching transcoding
|
|
|
|
|
# requests. Caching is heavily recommended as transcoding
|
|
|
|
|
# is a CPU intensive process.
|
|
|
|
|
auth_request /transcode-auth;
|
|
|
|
|
if ($args ~ (.*)jwt=[^&]*(.*)) {
|
|
|
|
|
set $cleaned_args $1$2;
|
|
|
|
|
}
|
|
|
|
|
proxy_cache_key "$scheme$request_method$host$uri$is_args$cleaned_args";
|
2018-05-12 12:21:31 +02:00
|
|
|
proxy_cache __NAME__-transcode;
|
2018-04-17 00:02:25 +02:00
|
|
|
proxy_cache_valid 200 7d;
|
|
|
|
|
proxy_ignore_headers "Set-Cookie";
|
|
|
|
|
proxy_hide_header "Set-Cookie";
|
|
|
|
|
add_header X-Cache-Status $upstream_cache_status;
|
|
|
|
|
proxy_pass http://127.0.0.1:__PORT__;
|
|
|
|
|
}
|
|
|
|
|
# end of transcoding logic
|
|
|
|
|
|
|
|
|
|
location /staticfiles/ {
|
|
|
|
|
# django static files
|
|
|
|
|
alias __FINALPATH__/data/static/;
|
|
|
|
|
}
|
2018-05-10 18:54:23 +02:00
|
|
|
|
|
|
|
|
location /rest/ {
|
|
|
|
|
include __FINALPATH__/deploy/funkwhale_proxy.conf;
|
|
|
|
|
proxy_pass http://127.0.0.1:__PORT__/api/subsonic/rest/;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
location /_protected/music {
|
|
|
|
|
internal;
|
|
|
|
|
alias __FINALPATH__/data/music;
|
|
|
|
|
}
|
