2019-03-20 23:34:40 +00:00
|
|
|
events {
|
|
|
|
worker_connections 1024;
|
|
|
|
}
|
|
|
|
|
|
|
|
http {
|
|
|
|
proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=peertube_cache:10m max_size=15g inactive=7d use_temp_path=off;
|
|
|
|
|
|
|
|
server {
|
|
|
|
listen 9000;
|
|
|
|
|
|
|
|
# Hide nginx version
|
|
|
|
server_tokens off;
|
|
|
|
|
|
|
|
# Enable compression for JS/CSS/HTML bundle, for improved client load times.
|
|
|
|
# It might be nice to compress JSON, but leaving that out to protect against potential
|
|
|
|
# compression+encryption information leak attacks like BREACH.
|
|
|
|
gzip on;
|
|
|
|
gzip_types text/css application/javascript;
|
|
|
|
gzip_vary on;
|
|
|
|
|
|
|
|
# Enable HSTS
|
|
|
|
# Tells browsers to stick with HTTPS and never visit the insecure HTTP
|
|
|
|
# version. Once a browser sees this header, it will only visit the site over
|
|
|
|
# HTTPS for the next 2 years: (read more on hstspreload.org)
|
|
|
|
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
|
|
|
|
|
|
|
|
location / {
|
|
|
|
proxy_pass http://peertube:9000;
|
2019-03-28 00:29:47 +00:00
|
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
|
|
proxy_set_header Host $host;
|
|
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
|
|
client_max_body_size 600M;
|
|
|
|
proxy_connect_timeout 600;
|
|
|
|
proxy_send_timeout 600;
|
|
|
|
proxy_read_timeout 600;
|
|
|
|
send_timeout 600;
|
2019-03-20 23:34:40 +00:00
|
|
|
}
|
|
|
|
location ~ ^/(static/(thumbnails|previews|avatars)|client)/ {
|
2019-03-28 00:29:47 +00:00
|
|
|
proxy_pass http://peertube:9000;
|
2019-03-20 23:34:40 +00:00
|
|
|
proxy_cache peertube_cache;
|
|
|
|
proxy_cache_use_stale error timeout http_500 http_502 http_503 http_504;
|
|
|
|
proxy_cache_revalidate on;
|
|
|
|
proxy_cache_min_uses 3;
|
|
|
|
proxy_cache_lock on;
|
|
|
|
add_header X-Cached $upstream_cache_status;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|