4 # 1. Install your TLS certificate, possibly using Let's Encrypt. |
4 # 1. Install your TLS certificate, possibly using Let's Encrypt. |
5 # 2. Replace 'example.tld' with your instance's domain wherever it appears. |
5 # 2. Replace 'example.tld' with your instance's domain wherever it appears. |
6 # 3. Copy this file to /etc/nginx/sites-available/ and then add a symlink to it |
6 # 3. Copy this file to /etc/nginx/sites-available/ and then add a symlink to it |
7 # in /etc/nginx/sites-enabled/ and run 'nginx -s reload' or restart nginx. |
7 # in /etc/nginx/sites-enabled/ and run 'nginx -s reload' or restart nginx. |
8 |
8 |
9 proxy_cache_path /tmp/pleroma-media-cache levels=1:2 keys_zone=pleroma_media_cache:10m max_size=10g |
9 proxy_cache_path /tmp/{{pleroma_user}}-pleroma-media-cache levels=1:2 keys_zone={{pleroma_user}}-pleroma_media_cache:10m max_size=10g |
10 inactive=720m use_temp_path=off; |
10 inactive=720m use_temp_path=off; |
11 |
11 |
12 server { |
12 server { |
13 listen {{nginx_port}}; |
13 listen {{nginx_port}}; |
14 listen [::]:{{nginx_port}}; |
14 # listen [::]:{{nginx_port}}; |
15 server_name {{nginx_server_name}}; |
15 server_name {{nginx_server_name}}; |
16 return 301 https://$server_name$request_uri; |
16 return 301 https://$server_name$request_uri; |
17 |
17 |
18 # Uncomment this if you need to use the 'webroot' method with certbot. Make sure |
18 # Uncomment this if you need to use the 'webroot' method with certbot. Make sure |
19 # that you also create the .well-known/acme-challenge directory structure in pleroma/priv/static and |
19 # that you also create the .well-known/acme-challenge directory structure in pleroma/priv/static and |
28 # Enable SSL session caching for improved performance |
28 # Enable SSL session caching for improved performance |
29 ssl_session_cache shared:ssl_session_cache:10m; |
29 ssl_session_cache shared:ssl_session_cache:10m; |
30 |
30 |
31 server { |
31 server { |
32 listen {{nginx_ssl_port}} ssl http2; |
32 listen {{nginx_ssl_port}} ssl http2; |
33 listen [::]:{{nginx_ssl_port}} ssl ipv6only=on; |
33 # listen [::]:{{nginx_ssl_port}} ssl ipv6only=on; |
34 server_name {{nginx_server_name}}; |
34 server_name {{nginx_server_name}}; |
35 |
35 |
36 ssl_certificate /etc/letsencrypt/live/{{nginx_server_name}}/fullchain.pem; |
36 ssl_certificate /etc/letsencrypt/live/{{nginx_server_name}}/fullchain.pem; |
37 ssl_certificate_key /etc/letsencrypt/live/{{nginx_server_name}}/privkey.pem; |
37 ssl_certificate_key /etc/letsencrypt/live/{{nginx_server_name}}/privkey.pem; |
38 include /etc/letsencrypt/options-ssl-nginx.conf; |
38 include /etc/letsencrypt/options-ssl-nginx.conf; |
79 proxy_http_version 1.1; |
79 proxy_http_version 1.1; |
80 proxy_set_header Upgrade $http_upgrade; |
80 proxy_set_header Upgrade $http_upgrade; |
81 proxy_set_header Connection "upgrade"; |
81 proxy_set_header Connection "upgrade"; |
82 proxy_set_header Host $http_host; |
82 proxy_set_header Host $http_host; |
83 |
83 |
84 proxy_pass {{pleroma_url}}; |
84 proxy_pass {{pleroma_proxy_pass}}; |
85 |
85 |
86 client_max_body_size 16m; |
86 client_max_body_size 16m; |
87 } |
87 } |
88 |
88 |
89 location /proxy { |
89 location /proxy { |
90 proxy_cache pleroma_media_cache; |
90 proxy_cache {{pleroma_user}}-pleroma_media_cache; |
91 proxy_cache_lock on; |
91 proxy_cache_lock on; |
92 proxy_ignore_client_abort on; |
92 proxy_ignore_client_abort on; |
93 proxy_pass {{pleroma_url}}; |
93 proxy_pass {{pleroma_proxy_pass}}; |
94 } |
94 } |
95 } |
95 } |