1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/mastodon_ynh.git synced 2024-09-03 19:46:02 +02:00
mastodon_ynh/conf/nginx.conf

114 lines
3.5 KiB
Nginx Configuration File
Raw Normal View History

2023-07-07 23:04:37 +02:00
client_max_body_size 99m;
Packaging v2 (#399) * Convert to v2 (#383) * convert script * v2 * Auto-update README * Update documentation cc @panomaki * Bump ruby version from 3.0.6 to 3.2.2 * v2 * Auto-update README * woops * v2 * v2 * s/final_path/install_dir * Update PRE_INSTALL.md * too soon... * v2 * v2 * v2 * Update tests.toml * Update doc/PRE_INSTALL.md Co-authored-by: Alexandre Aubin <alex.aubin@mailoo.org> * Update doc/PRE_INSTALL_fr.md Co-authored-by: Alexandre Aubin <alex.aubin@mailoo.org> * Update tests.toml Co-authored-by: Alexandre Aubin <alex.aubin@mailoo.org> * Update tests.toml Co-authored-by: Alexandre Aubin <alex.aubin@mailoo.org> * Update doc/PRE_INSTALL.md Co-authored-by: Alexandre Aubin <alex.aubin@mailoo.org> * Update doc/PRE_INSTALL_fr.md Co-authored-by: Alexandre Aubin <alex.aubin@mailoo.org> * Apply suggestions * Update manifest.toml * Auto-update README * Update manifest.toml * Update scripts * Auto-update README * Remove SSO integration * Use new mail mechanism * cleaning * Update manifest.toml --------- Co-authored-by: yunohost-bot <yunohost@yunohost.org> Co-authored-by: Alexandre Aubin <alex.aubin@mailoo.org> Co-authored-by: Éric Gaspar <46165813+ericgaspar@users.noreply.github.com> * Bump ynh version * Auto-update README * Update manifest.toml * Update doc/PRE_INSTALL.md Co-authored-by: Alexandre Aubin <alex.aubin@mailoo.org> * Add service setting for app shell * Use logrotate * smtp config follow-up Sidekiq service can be properly hardened since it doesn't use sendmail anymore o/ * Fix mkdir failing if /var/log/mastodon already exists * upgrade: Rename database to match packaging v2 * Bump 4.1.6~ynh2 * Auto-update README * Disable install.private test * remove full_domain * 4.1.7 (#403) * 4.1.7 * Auto-update README * Update manifest.toml * Auto-update README --------- Co-authored-by: yunohost-bot <yunohost@yunohost.org> Co-authored-by: Tagada <36127788+Tagadda@users.noreply.github.com> * fix * fix * Don't swap when running on a LXC * Hardcore the needed RAM * Auto-update README * Auto-update README * Update manifest.toml * Auto-update README * Update _common.sh * Auto-update README * cleaning * cleaning * Auto-update README * Auto-update README * Update tests.toml * Fix restore * Fix manifest.toml * Auto-update README * Auto-update README * add `tootctl self-destruct` info * format * Auto-update README * lol autotranslate * break line * break lines * translation from french * update version * Auto-update README * Update manifest.toml --------- Co-authored-by: yunohost-bot <yunohost@yunohost.org> Co-authored-by: Alexandre Aubin <alex.aubin@mailoo.org> Co-authored-by: Éric Gaspar <46165813+ericgaspar@users.noreply.github.com> Co-authored-by: ericgaspar <junk.eg@free.fr> Co-authored-by: OniriCorpe <oniricorpe@disroot.org>
2024-02-24 23:28:27 +01:00
root __INSTALL_DIR__/live/public;
2017-04-16 16:08:42 +02:00
location / {
2017-04-09 16:56:56 +02:00
2020-02-23 18:44:50 +01:00
proxy_set_header Accept-Encoding "";
try_files $uri @proxy;
2017-04-09 16:56:56 +02:00
2020-02-23 18:44:50 +01:00
# Include SSOWAT user panel.
include conf.d/yunohost_panel.conf.inc;
}
2023-07-07 23:04:37 +02:00
location ~ /sw.js {
more_set_headers "Cache-Control: public, max-age=604800, must-revalidate";
more_set_headers "Strict-Transport-Security: max-age=63072000; includeSubDomains";
try_files $uri =404;
}
2023-07-07 23:04:37 +02:00
location ~ ^/assets/ {
more_set_headers "Cache-Control: public, max-age=2419200, must-revalidate";
more_set_headers "Strict-Transport-Security: max-age=63072000; includeSubDomains";
try_files $uri =404;
}
2023-07-07 23:04:37 +02:00
location ~ ^/avatars/ {
more_set_headers "Cache-Control: public, max-age=2419200, must-revalidate";
more_set_headers "Strict-Transport-Security: max-age=63072000; includeSubDomains";
try_files $uri =404;
}
location ~ ^/emoji/ {
more_set_headers "Cache-Control: public, max-age=2419200, must-revalidate";
more_set_headers "Strict-Transport-Security: max-age=63072000; includeSubDomains";
try_files $uri =404;
}
location ~ ^/headers/ {
more_set_headers "Cache-Control: public, max-age=2419200, must-revalidate";
more_set_headers "Strict-Transport-Security: max-age=63072000; includeSubDomains";
try_files $uri =404;
}
location ~ ^/packs/ {
more_set_headers "Cache-Control: public, max-age=2419200, must-revalidate";
more_set_headers "Strict-Transport-Security: max-age=63072000; includeSubDomains";
try_files $uri =404;
}
location ~ ^/shortcuts/ {
more_set_headers "Cache-Control: public, max-age=2419200, must-revalidate";
more_set_headers "Strict-Transport-Security: max-age=63072000; includeSubDomains";
try_files $uri =404;
}
location ~ ^/sounds/ {
more_set_headers "Cache-Control: public, max-age=2419200, must-revalidate";
more_set_headers "Strict-Transport-Security: max-age=63072000; includeSubDomains";
try_files $uri =404;
}
location ~ ^/system/ {
more_set_headers "Cache-Control: public, max-age=2419200, immutable";
more_set_headers "Strict-Transport-Security: max-age=63072000; includeSubDomains";
more_set_headers "X-Content-Type-Option: nosniff";
more_set_headers "Content-Security-Policy: default-src 'none'; form-action 'none'";
try_files $uri =404;
}
location ^~ /api/v1/streaming {
2020-02-23 18:44:50 +01:00
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
2023-07-07 23:04:37 +02:00
proxy_set_header X-Forwarded-Proto $scheme;
2020-02-23 18:44:50 +01:00
proxy_set_header Proxy "";
2023-07-07 23:04:37 +02:00
proxy_pass http://127.0.0.1:__PORT_STREAM__;
proxy_buffering off;
2020-02-23 18:44:50 +01:00
proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
2023-07-07 23:04:37 +02:00
proxy_set_header Connection $connection_upgrade;
2023-07-07 23:04:37 +02:00
more_set_headers "Strict-Transport-Security: max-age=63072000; includeSubDomains";
2020-02-23 18:44:50 +01:00
tcp_nodelay on;
}
2017-04-08 04:04:27 +02:00
2023-07-07 23:04:37 +02:00
location @proxy {
2020-02-23 18:44:50 +01:00
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
2023-07-07 23:04:37 +02:00
proxy_set_header X-Forwarded-Proto $scheme;
2020-02-23 18:44:50 +01:00
proxy_set_header Proxy "";
2023-07-07 23:04:37 +02:00
proxy_pass_header Server;
2020-02-23 18:44:50 +01:00
2023-07-07 23:04:37 +02:00
proxy_pass http://127.0.0.1:__PORT_WEB__;
proxy_buffering on;
2020-02-23 18:44:50 +01:00
proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
2023-07-07 23:04:37 +02:00
proxy_set_header Connection $connection_upgrade;
#proxy_cache CACHE;
2023-07-07 23:04:37 +02:00
proxy_cache_valid 200 7d;
proxy_cache_valid 410 24h;
proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
more_set_headers "X-Cached: $upstream_cache_status";
2020-02-23 18:44:50 +01:00
tcp_nodelay on;
}
2020-02-23 18:44:50 +01:00
error_page 500 501 502 503 504 /500.html;