pleroma-otp/templates/pleroma.cloudflare.index.nginx.conf.j2
changeset 95 35b63b150a51
parent 94 7082ab4828c5
child 99 ed9f4d0ddce3
equal deleted inserted replaced
94:7082ab4828c5 95:35b63b150a51
       
     1 # default nginx site config for Pleroma
       
     2 #
       
     3 # Simple installation instructions:
       
     4 # 1. Install your TLS certificate, possibly using Let's Encrypt.
       
     5 # 2. Replace 'example.tld' with your instance's domain wherever it appears.
       
     6 # 3. Copy this file to /etc/nginx/sites-available/ and then add a symlink to it
       
     7 #    in /etc/nginx/sites-enabled/ and run 'nginx -s reload' or restart nginx.
       
     8 
       
     9 proxy_cache_path /tmp/{{pleroma_instance}}-pleroma-media-cache levels=1:2 keys_zone={{pleroma_instance}}-pleroma_media_cache:10m max_size=10g
       
    10                  inactive=720m use_temp_path=off;
       
    11 
       
    12 server {
       
    13     listen {{nginx_port}};
       
    14     # listen [::]:{{nginx_port}};
       
    15     server_name {{nginx_server_name}};
       
    16     return 301 https://$host$request_uri;
       
    17 }
       
    18 
       
    19 # Enable SSL session caching for improved performance
       
    20 ssl_session_cache shared:ssl_session_cache:10m;
       
    21 
       
    22 server {
       
    23     listen {{nginx_ssl_port}} ssl http2;
       
    24     # listen [::]:{{nginx_ssl_port}} ssl ipv6only=on;
       
    25     server_name {{nginx_server_name}};
       
    26 
       
    27     ssl_certificate {{nginx_ssl_cert}};
       
    28     ssl_certificate_key {{nginx_ssl_privkey}};
       
    29     ssl_ecdh_curve X25519:prime256v1:secp384r1:secp521r1;
       
    30 
       
    31     add_header Strict-Transport-Security "max-age=31536000" always;
       
    32 
       
    33     gzip_vary on;
       
    34     gzip_proxied any;
       
    35     gzip_comp_level 6;
       
    36     gzip_buffers 16 8k;
       
    37     gzip_http_version 1.1;
       
    38     gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript application/activity+json application/atom+xml;
       
    39 
       
    40     # the nginx default is 1m, not enough for large media uploads
       
    41     client_max_body_size 16m;
       
    42 
       
    43     root {{nginx_html_root}};
       
    44 
       
    45     location = / {
       
    46         index index.html;
       
    47     }
       
    48 
       
    49     location / {
       
    50         try_files $uri @pleroma;
       
    51     }
       
    52 
       
    53     location @pleroma {
       
    54         add_header X-XSS-Protection "1; mode=block";
       
    55         add_header X-Permitted-Cross-Domain-Policies none;
       
    56         add_header X-Frame-Options DENY;
       
    57         add_header X-Content-Type-Options nosniff;
       
    58         add_header Referrer-Policy same-origin;
       
    59         add_header X-Download-Options noopen;
       
    60 
       
    61         add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
       
    62 
       
    63         proxy_http_version 1.1;
       
    64         proxy_set_header Upgrade $http_upgrade;
       
    65         proxy_set_header Connection "upgrade";
       
    66         proxy_set_header Host $http_host;
       
    67 
       
    68         proxy_pass {{pleroma_proxy_pass}};
       
    69 
       
    70         client_max_body_size 16m;
       
    71     }
       
    72 
       
    73     location /proxy {
       
    74         proxy_cache {{pleroma_instance}}-pleroma_media_cache;
       
    75         proxy_cache_lock on;
       
    76         proxy_ignore_client_abort on;
       
    77         proxy_pass {{pleroma_proxy_pass}};
       
    78     }
       
    79 }