peertube.rare/templates/nginx.conf

63 lines
2.6 KiB
Nginx Configuration File

events {
worker_connections 1024;
}
http {
proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=peertube_cache:10m max_size=15g use_temp_path=off;
server {
listen 9000;
# Hide nginx version
server_tokens off;
# Enable compression for JS/CSS/HTML bundle, for improved client load times.
# It might be nice to compress JSON, but leaving that out to protect against potential
# compression+encryption information leak attacks like BREACH.
gzip on;
gzip_types text/css application/javascript;
gzip_vary on;
# Enable HSTS
# Tells browsers to stick with HTTPS and never visit the insecure HTTP
# version. Once a browser sees this header, it will only visit the site over
# HTTPS for the next 2 years: (read more on hstspreload.org)
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
add_header Referrer-Policy "same-origin";
location / {
proxy_pass http://peertube:9000;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
client_max_body_size 600M;
proxy_connect_timeout 600;
proxy_send_timeout 600;
proxy_read_timeout 600;
send_timeout 600;
}
location ~ ^/(static/(thumbnails|previews|avatars)|client)/ {
proxy_pass http://peertube:9000;
proxy_cache peertube_cache;
proxy_cache_use_stale error timeout http_500 http_502 http_503 http_504;
proxy_cache_revalidate on;
proxy_cache_min_uses 3;
proxy_cache_lock on;
add_header X-Cached $upstream_cache_status;
}
location ~ ^/static/(webseed|redundancy)/ {
slice 1m;
proxy_cache peertube_cache;
proxy_cache_valid 206 1h;
proxy_cache_key $uri$is_args$args$slice_range;
proxy_set_header Range $slice_range;
# for debugging
#add_header X-Cache-Status $upstream_cache_status;
proxy_http_version 1.1;
# required workaround for https://github.com/Chocobozzz/PeerTube/issues/1777
proxy_ignore_headers Cache-Control;
proxy_pass http://peertube:9000;
}
}
}