forked from nutomic/peertube.social
Add nginx as cache for images and other small, static files
This commit is contained in:
parent
c4e8053d8a
commit
952abb4a3f
2 changed files with 65 additions and 10 deletions
|
@ -12,20 +12,32 @@ services:
|
|||
- /var/run/docker.sock:/var/run/docker.sock # So that Traefik can listen to the Docker events
|
||||
- ./volumes/traefik/acme.json:/etc/acme.json
|
||||
- ./traefik.toml:/traefik.toml
|
||||
depends_on:
|
||||
- cache
|
||||
restart: "always"
|
||||
# If you want to use the Traefik dashboard, you should expose it on a
|
||||
# subdomain with HTTPS and authentification:
|
||||
# https://medium.com/@xavier.priour/secure-traefik-dashboard-with-https-and-password-in-docker-5b657e2aa15f
|
||||
# https://github.com/containous/traefik/issues/880#issuecomment-310301168
|
||||
|
||||
cache:
|
||||
image: nginx:1.15-alpine
|
||||
volumes:
|
||||
- ./nginx.conf:/etc/nginx/nginx.conf
|
||||
labels:
|
||||
traefik.enable: "true"
|
||||
traefik.frontend.rule: "Host:${PEERTUBE_WEBSERVER_HOSTNAME}"
|
||||
traefik.port: "9000"
|
||||
depends_on:
|
||||
- peertube
|
||||
restart: "always"
|
||||
|
||||
peertube:
|
||||
image: chocobozzz/peertube:v1.2.1-stretch
|
||||
env_file:
|
||||
- .env
|
||||
labels:
|
||||
traefik.enable: "true"
|
||||
traefik.frontend.rule: "Host:${PEERTUBE_WEBSERVER_HOSTNAME}"
|
||||
traefik.port: "9000"
|
||||
traefik.enable: "false"
|
||||
volumes:
|
||||
- ./volumes/data:/data
|
||||
- /mnt/external:/data-external
|
||||
|
@ -38,23 +50,19 @@ services:
|
|||
|
||||
postgres:
|
||||
image: postgres:10-alpine
|
||||
environment:
|
||||
# POSTGRES_USER: ${PEERTUBE_DB_USERNAME}
|
||||
# POSTGRES_PASSWORD: ${PEERTUBE_DB_PASSWORD}
|
||||
POSTGRES_DB: peertube
|
||||
volumes:
|
||||
- ./volumes/db:/var/lib/postgresql/data
|
||||
restart: "always"
|
||||
labels:
|
||||
traefik.enable: "false"
|
||||
restart: "always"
|
||||
|
||||
redis:
|
||||
image: redis:5-alpine
|
||||
volumes:
|
||||
- ./volumes/redis:/data
|
||||
restart: "always"
|
||||
labels:
|
||||
- "traefik.enable=false"
|
||||
traefik.enable: "false"
|
||||
restart: "always"
|
||||
|
||||
postfix:
|
||||
image: mwader/postfix-relay
|
||||
|
|
47
nginx.conf
Normal file
47
nginx.conf
Normal file
|
@ -0,0 +1,47 @@
|
|||
events {
|
||||
worker_connections 1024;
|
||||
}
|
||||
|
||||
http {
|
||||
proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=peertube_cache:10m max_size=15g inactive=7d use_temp_path=off;
|
||||
|
||||
server {
|
||||
listen 9000;
|
||||
|
||||
# Hide nginx version
|
||||
server_tokens off;
|
||||
|
||||
# Enable compression for JS/CSS/HTML bundle, for improved client load times.
|
||||
# It might be nice to compress JSON, but leaving that out to protect against potential
|
||||
# compression+encryption information leak attacks like BREACH.
|
||||
gzip on;
|
||||
gzip_types text/css application/javascript;
|
||||
gzip_vary on;
|
||||
|
||||
# Enable HSTS
|
||||
# Tells browsers to stick with HTTPS and never visit the insecure HTTP
|
||||
# version. Once a browser sees this header, it will only visit the site over
|
||||
# HTTPS for the next 2 years: (read more on hstspreload.org)
|
||||
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
|
||||
|
||||
location / {
|
||||
proxy_pass http://peertube:9000;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
client_max_body_size 600M;
|
||||
proxy_connect_timeout 600;
|
||||
proxy_send_timeout 600;
|
||||
proxy_read_timeout 600;
|
||||
send_timeout 600;
|
||||
}
|
||||
location ~ ^/(static/(thumbnails|previews|avatars)|client)/ {
|
||||
proxy_cache peertube_cache;
|
||||
proxy_cache_use_stale error timeout http_500 http_502 http_503 http_504;
|
||||
proxy_cache_revalidate on;
|
||||
proxy_cache_min_uses 3;
|
||||
proxy_cache_lock on;
|
||||
add_header X-Cached $upstream_cache_status;
|
||||
}
|
||||
}
|
||||
}
|
Loading…
Reference in a new issue