forked from nutomic/peertube.social
Add nginx as cache for images and other small, static files
This commit is contained in:
parent
c4e8053d8a
commit
952abb4a3f
2 changed files with 65 additions and 10 deletions
|
@ -12,20 +12,32 @@ services:
|
||||||
- /var/run/docker.sock:/var/run/docker.sock # So that Traefik can listen to the Docker events
|
- /var/run/docker.sock:/var/run/docker.sock # So that Traefik can listen to the Docker events
|
||||||
- ./volumes/traefik/acme.json:/etc/acme.json
|
- ./volumes/traefik/acme.json:/etc/acme.json
|
||||||
- ./traefik.toml:/traefik.toml
|
- ./traefik.toml:/traefik.toml
|
||||||
|
depends_on:
|
||||||
|
- cache
|
||||||
restart: "always"
|
restart: "always"
|
||||||
# If you want to use the Traefik dashboard, you should expose it on a
|
# If you want to use the Traefik dashboard, you should expose it on a
|
||||||
# subdomain with HTTPS and authentification:
|
# subdomain with HTTPS and authentification:
|
||||||
# https://medium.com/@xavier.priour/secure-traefik-dashboard-with-https-and-password-in-docker-5b657e2aa15f
|
# https://medium.com/@xavier.priour/secure-traefik-dashboard-with-https-and-password-in-docker-5b657e2aa15f
|
||||||
# https://github.com/containous/traefik/issues/880#issuecomment-310301168
|
# https://github.com/containous/traefik/issues/880#issuecomment-310301168
|
||||||
|
|
||||||
|
cache:
|
||||||
|
image: nginx:1.15-alpine
|
||||||
|
volumes:
|
||||||
|
- ./nginx.conf:/etc/nginx/nginx.conf
|
||||||
|
labels:
|
||||||
|
traefik.enable: "true"
|
||||||
|
traefik.frontend.rule: "Host:${PEERTUBE_WEBSERVER_HOSTNAME}"
|
||||||
|
traefik.port: "9000"
|
||||||
|
depends_on:
|
||||||
|
- peertube
|
||||||
|
restart: "always"
|
||||||
|
|
||||||
peertube:
|
peertube:
|
||||||
image: chocobozzz/peertube:v1.2.1-stretch
|
image: chocobozzz/peertube:v1.2.1-stretch
|
||||||
env_file:
|
env_file:
|
||||||
- .env
|
- .env
|
||||||
labels:
|
labels:
|
||||||
traefik.enable: "true"
|
traefik.enable: "false"
|
||||||
traefik.frontend.rule: "Host:${PEERTUBE_WEBSERVER_HOSTNAME}"
|
|
||||||
traefik.port: "9000"
|
|
||||||
volumes:
|
volumes:
|
||||||
- ./volumes/data:/data
|
- ./volumes/data:/data
|
||||||
- /mnt/external:/data-external
|
- /mnt/external:/data-external
|
||||||
|
@ -38,23 +50,19 @@ services:
|
||||||
|
|
||||||
postgres:
|
postgres:
|
||||||
image: postgres:10-alpine
|
image: postgres:10-alpine
|
||||||
environment:
|
|
||||||
# POSTGRES_USER: ${PEERTUBE_DB_USERNAME}
|
|
||||||
# POSTGRES_PASSWORD: ${PEERTUBE_DB_PASSWORD}
|
|
||||||
POSTGRES_DB: peertube
|
|
||||||
volumes:
|
volumes:
|
||||||
- ./volumes/db:/var/lib/postgresql/data
|
- ./volumes/db:/var/lib/postgresql/data
|
||||||
restart: "always"
|
|
||||||
labels:
|
labels:
|
||||||
traefik.enable: "false"
|
traefik.enable: "false"
|
||||||
|
restart: "always"
|
||||||
|
|
||||||
redis:
|
redis:
|
||||||
image: redis:5-alpine
|
image: redis:5-alpine
|
||||||
volumes:
|
volumes:
|
||||||
- ./volumes/redis:/data
|
- ./volumes/redis:/data
|
||||||
restart: "always"
|
|
||||||
labels:
|
labels:
|
||||||
- "traefik.enable=false"
|
traefik.enable: "false"
|
||||||
|
restart: "always"
|
||||||
|
|
||||||
postfix:
|
postfix:
|
||||||
image: mwader/postfix-relay
|
image: mwader/postfix-relay
|
||||||
|
|
47
nginx.conf
Normal file
47
nginx.conf
Normal file
|
@ -0,0 +1,47 @@
|
||||||
|
events {
|
||||||
|
worker_connections 1024;
|
||||||
|
}
|
||||||
|
|
||||||
|
http {
|
||||||
|
proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=peertube_cache:10m max_size=15g inactive=7d use_temp_path=off;
|
||||||
|
|
||||||
|
server {
|
||||||
|
listen 9000;
|
||||||
|
|
||||||
|
# Hide nginx version
|
||||||
|
server_tokens off;
|
||||||
|
|
||||||
|
# Enable compression for JS/CSS/HTML bundle, for improved client load times.
|
||||||
|
# It might be nice to compress JSON, but leaving that out to protect against potential
|
||||||
|
# compression+encryption information leak attacks like BREACH.
|
||||||
|
gzip on;
|
||||||
|
gzip_types text/css application/javascript;
|
||||||
|
gzip_vary on;
|
||||||
|
|
||||||
|
# Enable HSTS
|
||||||
|
# Tells browsers to stick with HTTPS and never visit the insecure HTTP
|
||||||
|
# version. Once a browser sees this header, it will only visit the site over
|
||||||
|
# HTTPS for the next 2 years: (read more on hstspreload.org)
|
||||||
|
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
|
||||||
|
|
||||||
|
location / {
|
||||||
|
proxy_pass http://peertube:9000;
|
||||||
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
|
client_max_body_size 600M;
|
||||||
|
proxy_connect_timeout 600;
|
||||||
|
proxy_send_timeout 600;
|
||||||
|
proxy_read_timeout 600;
|
||||||
|
send_timeout 600;
|
||||||
|
}
|
||||||
|
location ~ ^/(static/(thumbnails|previews|avatars)|client)/ {
|
||||||
|
proxy_cache peertube_cache;
|
||||||
|
proxy_cache_use_stale error timeout http_500 http_502 http_503 http_504;
|
||||||
|
proxy_cache_revalidate on;
|
||||||
|
proxy_cache_min_uses 3;
|
||||||
|
proxy_cache_lock on;
|
||||||
|
add_header X-Cached $upstream_cache_status;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
Loading…
Reference in a new issue