Add nginx as cache for images and other small, static files

This commit is contained in:
Felix Ableitner 2019-03-21 00:34:40 +01:00
parent c4e8053d8a
commit 952abb4a3f
2 changed files with 65 additions and 10 deletions

View file

@ -12,20 +12,32 @@ services:
- /var/run/docker.sock:/var/run/docker.sock # So that Traefik can listen to the Docker events - /var/run/docker.sock:/var/run/docker.sock # So that Traefik can listen to the Docker events
- ./volumes/traefik/acme.json:/etc/acme.json - ./volumes/traefik/acme.json:/etc/acme.json
- ./traefik.toml:/traefik.toml - ./traefik.toml:/traefik.toml
depends_on:
- cache
restart: "always" restart: "always"
# If you want to use the Traefik dashboard, you should expose it on a # If you want to use the Traefik dashboard, you should expose it on a
# subdomain with HTTPS and authentification: # subdomain with HTTPS and authentification:
# https://medium.com/@xavier.priour/secure-traefik-dashboard-with-https-and-password-in-docker-5b657e2aa15f # https://medium.com/@xavier.priour/secure-traefik-dashboard-with-https-and-password-in-docker-5b657e2aa15f
# https://github.com/containous/traefik/issues/880#issuecomment-310301168 # https://github.com/containous/traefik/issues/880#issuecomment-310301168
cache:
image: nginx:1.15-alpine
volumes:
- ./nginx.conf:/etc/nginx/nginx.conf
labels:
traefik.enable: "true"
traefik.frontend.rule: "Host:${PEERTUBE_WEBSERVER_HOSTNAME}"
traefik.port: "9000"
depends_on:
- peertube
restart: "always"
peertube: peertube:
image: chocobozzz/peertube:v1.2.1-stretch image: chocobozzz/peertube:v1.2.1-stretch
env_file: env_file:
- .env - .env
labels: labels:
traefik.enable: "true" traefik.enable: "false"
traefik.frontend.rule: "Host:${PEERTUBE_WEBSERVER_HOSTNAME}"
traefik.port: "9000"
volumes: volumes:
- ./volumes/data:/data - ./volumes/data:/data
- /mnt/external:/data-external - /mnt/external:/data-external
@ -38,23 +50,19 @@ services:
postgres: postgres:
image: postgres:10-alpine image: postgres:10-alpine
environment:
# POSTGRES_USER: ${PEERTUBE_DB_USERNAME}
# POSTGRES_PASSWORD: ${PEERTUBE_DB_PASSWORD}
POSTGRES_DB: peertube
volumes: volumes:
- ./volumes/db:/var/lib/postgresql/data - ./volumes/db:/var/lib/postgresql/data
restart: "always"
labels: labels:
traefik.enable: "false" traefik.enable: "false"
restart: "always"
redis: redis:
image: redis:5-alpine image: redis:5-alpine
volumes: volumes:
- ./volumes/redis:/data - ./volumes/redis:/data
restart: "always"
labels: labels:
- "traefik.enable=false" traefik.enable: "false"
restart: "always"
postfix: postfix:
image: mwader/postfix-relay image: mwader/postfix-relay

47
nginx.conf Normal file
View file

@ -0,0 +1,47 @@
events {
worker_connections 1024;
}
http {
proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=peertube_cache:10m max_size=15g inactive=7d use_temp_path=off;
server {
listen 9000;
# Hide nginx version
server_tokens off;
# Enable compression for JS/CSS/HTML bundle, for improved client load times.
# It might be nice to compress JSON, but leaving that out to protect against potential
# compression+encryption information leak attacks like BREACH.
gzip on;
gzip_types text/css application/javascript;
gzip_vary on;
# Enable HSTS
# Tells browsers to stick with HTTPS and never visit the insecure HTTP
# version. Once a browser sees this header, it will only visit the site over
# HTTPS for the next 2 years: (read more on hstspreload.org)
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
location / {
proxy_pass http://peertube:9000;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
client_max_body_size 600M;
proxy_connect_timeout 600;
proxy_send_timeout 600;
proxy_read_timeout 600;
send_timeout 600;
}
location ~ ^/(static/(thumbnails|previews|avatars)|client)/ {
proxy_cache peertube_cache;
proxy_cache_use_stale error timeout http_500 http_502 http_503 http_504;
proxy_cache_revalidate on;
proxy_cache_min_uses 3;
proxy_cache_lock on;
add_header X-Cached $upstream_cache_status;
}
}
}