96 lines
3.1 KiB
Text
96 lines
3.1 KiB
Text
worker_processes auto;
|
|
|
|
events {
|
|
worker_connections 1024;
|
|
}
|
|
|
|
http {
|
|
# We construct a string consistent of the "request method" and "http accept header"
|
|
# and then apply soem ~simply regexp matches to that combination to decide on the
|
|
# HTTP upstream we should proxy the request to.
|
|
#
|
|
# Example strings:
|
|
#
|
|
# "GET:application/activity+json"
|
|
# "GET:text/html"
|
|
# "POST:application/activity+json"
|
|
#
|
|
# You can see some basic match tests in this regex101 matching this configuration
|
|
# https://regex101.com/r/vwMJNc/1
|
|
#
|
|
# Learn more about nginx maps here http://nginx.org/en/docs/http/ngx_http_map_module.html
|
|
map "$request_method:$http_accept" $proxpass {
|
|
# If no explicit matches exists below, send traffic to lemmy-ui
|
|
default "http://lemmy-ui";
|
|
|
|
# GET/HEAD requests that accepts ActivityPub or Linked Data JSON should go to lemmy.
|
|
#
|
|
# These requests are used by Mastodon and other fediverse instances to look up profile information,
|
|
# discover site information and so on.
|
|
"~^(?:GET|HEAD):.*?application\/(?:activity|ld)\+json" "http://lemmy";
|
|
|
|
# All non-GET/HEAD requests should go to lemmy
|
|
#
|
|
# Rather than calling out POST, PUT, DELETE, PATCH, CONNECT and all the verbs manually
|
|
# we simply negate the GET|HEAD pattern from above and accept all possibly $http_accept values
|
|
"~^(?!(GET|HEAD)).*:" "http://lemmy";
|
|
}
|
|
|
|
upstream lemmy {
|
|
# this needs to map to the lemmy (server) docker service hostname
|
|
server "lemmy:8536";
|
|
}
|
|
|
|
upstream lemmy-ui {
|
|
# this needs to map to the lemmy-ui docker service hostname
|
|
server "lemmy-ui:1234";
|
|
}
|
|
|
|
server {
|
|
# this is the port inside docker, not the public one yet
|
|
listen 1236;
|
|
listen 8536;
|
|
|
|
# change if needed, this is facing the public web
|
|
server_name localhost;
|
|
server_tokens off;
|
|
|
|
gzip on;
|
|
gzip_types text/css application/javascript image/svg+xml;
|
|
gzip_vary on;
|
|
|
|
# Upload limit, relevant for pictrs
|
|
client_max_body_size 20M;
|
|
|
|
add_header X-Frame-Options SAMEORIGIN;
|
|
add_header X-Content-Type-Options nosniff;
|
|
add_header X-XSS-Protection "1; mode=block";
|
|
|
|
# frontend general requests
|
|
location / {
|
|
proxy_pass $proxpass;
|
|
|
|
rewrite ^(.+)/+$ $1 permanent;
|
|
|
|
# Send actual client IP upstream
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
}
|
|
|
|
# backend
|
|
location ~ ^/(api|pictrs|feeds|nodeinfo|.well-known) {
|
|
proxy_pass "http://lemmy";
|
|
|
|
# proxy common stuff
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Upgrade $http_upgrade;
|
|
proxy_set_header Connection "upgrade";
|
|
|
|
# Send actual client IP upstream
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
}
|
|
}
|
|
}
|