archives/pleroma-ansible-playbook
Archived
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
This repository has been archived on 2023-05-06. You can view files and clone it, but cannot push or open issues or pull requests.
pleroma-ansible-playbook/roles/pleroma-proxy/templates/etc_ngnix_confd_pleroma.conf.j2

97 lines
3.3 KiB
Text
Raw Permalink Normal View History

initial commit
2019-10-02 01:31:38 +01:00
proxy_cache_path /tmp/pleroma-media-cache levels=1:2 keys_zone=pleroma_media_cache:10m max_size=10g
inactive=720m use_temp_path=off;
server {
change: define pleroma variable as a dictionary
2019-10-07 21:28:53 +01:00
server_name {{ pleroma.config.host }};
initial commit
2019-10-02 01:31:38 +01:00
feat: ensure playbook supports version 2.0.1 - Add proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - Remove proxy_ignore_headers Cache-Control; and proxy_hide_header Cache-Control; - Replace :pleroma, :instance, dynamic_configuration with :pleroma, :instance, configurable_from_database - Enhanced/fixed tasks retrieving the versions - Updated theme configuration file - Set proxy_pass to localhost IPv4 address resolves dananglin/pleroma-ansible-playbook#11
2020-04-03 05:22:34 +01:00
root {{ pleroma_nginx_root_dir }};
feat: support for proving your site with Keybase. This commit adds support for uploading the site owner's keybase.txt file onto their Pleroma server so that Keybase can prove that they are the owner of their site. This is diabled by default but can be enabled by the user. Resolves dananglin/pleroma-ansible-playbook#1
2019-11-08 05:55:25 +00:00
initial commit
2019-10-02 01:31:38 +01:00
listen 80;
listen [::]:80;
feat: support for proving your site with Keybase. This commit adds support for uploading the site owner's keybase.txt file onto their Pleroma server so that Keybase can prove that they are the owner of their site. This is diabled by default but can be enabled by the user. Resolves dananglin/pleroma-ansible-playbook#1
2019-11-08 05:55:25 +00:00
refactor: Let's Encrypt location block Removed the 'blockinfile' task and added the location block for Let's Encrypt in the Nginx config template. This bloc will be rendered if Let's encrypt support is enabled. Part of dananglin/pleroma-ansible-playbook#1
2019-11-06 22:52:46 +00:00
{% if pleroma.ssl.letsEncrypt.enable == true -%}
location ~/\.well-known/acme-challenge {
root {{ pleroma_letsEncrypt_baseDir }}/;
try_files $uri @forward_https;
}
location @forward_https {
return 301 https://$server_name$request_uri;
}
{% endif %}
added: support for generating SSL certs from Let's Encrypt.
2019-10-24 00:22:13 +01:00
initial commit
2019-10-02 01:31:38 +01:00
location / {
return 301 https://$server_name$request_uri;
}
}
# Enable SSL session caching for improved performance
ssl_session_cache shared:ssl_session_cache:10m;
server {
change: define pleroma variable as a dictionary
2019-10-07 21:28:53 +01:00
server_name {{ pleroma.config.host }};
initial commit
2019-10-02 01:31:38 +01:00
feat: ensure playbook supports version 2.0.1 - Add proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - Remove proxy_ignore_headers Cache-Control; and proxy_hide_header Cache-Control; - Replace :pleroma, :instance, dynamic_configuration with :pleroma, :instance, configurable_from_database - Enhanced/fixed tasks retrieving the versions - Updated theme configuration file - Set proxy_pass to localhost IPv4 address resolves dananglin/pleroma-ansible-playbook#11
2020-04-03 05:22:34 +01:00
root {{ pleroma_nginx_root_dir }};
feat: support for proving your site with Keybase. This commit adds support for uploading the site owner's keybase.txt file onto their Pleroma server so that Keybase can prove that they are the owner of their site. This is diabled by default but can be enabled by the user. Resolves dananglin/pleroma-ansible-playbook#1
2019-11-08 05:55:25 +00:00
initial commit
2019-10-02 01:31:38 +01:00
listen 443 ssl http2;
listen [::]:443 ssl http2;
ssl_session_timeout 5m;
ssl_certificate_key {{ pleroma_ssl_privateKeyPath }};
fix: inconsistencies while setting the SSL cert. When running the pleybook more than once the ssl_certificate_key line was being overwritten by the 'lineinfile' tasks because the regular expression was too greedy. This merge request uses a stricter regular expression to indentify and update the ssl_certificate line in the Nginx configuration.
2019-10-26 23:56:35 +01:00
ssl_certificate /path/to/certificate.pem;
initial commit
2019-10-02 01:31:38 +01:00
ssl_protocols TLSv1.2;
ssl_ciphers "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
ssl_prefer_server_ciphers on;
# In case of an old server with an OpenSSL version of 1.0.2 or below,
# leave only prime256v1 or comment out the following line.
ssl_ecdh_curve X25519:prime256v1:secp384r1:secp521r1;
ssl_stapling on;
ssl_stapling_verify on;
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_buffers 16 8k;
gzip_http_version 1.1;
gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript application/activity+json application/atom+xml;
# the nginx default is 1m, not enough for large media uploads
client_max_body_size 16m;
location / {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
feat: ensure playbook supports version 2.0.1 - Add proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - Remove proxy_ignore_headers Cache-Control; and proxy_hide_header Cache-Control; - Replace :pleroma, :instance, dynamic_configuration with :pleroma, :instance, configurable_from_database - Enhanced/fixed tasks retrieving the versions - Updated theme configuration file - Set proxy_pass to localhost IPv4 address resolves dananglin/pleroma-ansible-playbook#11
2020-04-03 05:22:34 +01:00
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
initial commit
2019-10-02 01:31:38 +01:00
feat: ensure playbook supports version 2.0.1 - Add proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - Remove proxy_ignore_headers Cache-Control; and proxy_hide_header Cache-Control; - Replace :pleroma, :instance, dynamic_configuration with :pleroma, :instance, configurable_from_database - Enhanced/fixed tasks retrieving the versions - Updated theme configuration file - Set proxy_pass to localhost IPv4 address resolves dananglin/pleroma-ansible-playbook#11
2020-04-03 05:22:34 +01:00
# this is explicitly IPv4 since Pleroma.Web.Endpoint binds on IPv4 only
# and `localhost.` resolves to [::0] on some systems: see issue #930
change: define pleroma variable as a dictionary
2019-10-07 21:28:53 +01:00
proxy_pass http://127.0.0.1:{{ pleroma.config.listeningPort }};
initial commit
2019-10-02 01:31:38 +01:00
client_max_body_size 16m;
}
location ~ ^/(media|proxy) {
feat: ensure playbook supports version 2.0.1 - Add proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - Remove proxy_ignore_headers Cache-Control; and proxy_hide_header Cache-Control; - Replace :pleroma, :instance, dynamic_configuration with :pleroma, :instance, configurable_from_database - Enhanced/fixed tasks retrieving the versions - Updated theme configuration file - Set proxy_pass to localhost IPv4 address resolves dananglin/pleroma-ansible-playbook#11
2020-04-03 05:22:34 +01:00
proxy_cache pleroma_media_cache;
slice 1m;
proxy_cache_key $host$uri$is_args$args$slice_range;
proxy_set_header Range $slice_range;
proxy_http_version 1.1;
proxy_cache_valid 200 206 301 304 1h;
proxy_cache_lock on;
initial commit
2019-10-02 01:31:38 +01:00
proxy_ignore_client_abort on;
feat: ensure playbook supports version 2.0.1 - Add proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - Remove proxy_ignore_headers Cache-Control; and proxy_hide_header Cache-Control; - Replace :pleroma, :instance, dynamic_configuration with :pleroma, :instance, configurable_from_database - Enhanced/fixed tasks retrieving the versions - Updated theme configuration file - Set proxy_pass to localhost IPv4 address resolves dananglin/pleroma-ansible-playbook#11
2020-04-03 05:22:34 +01:00
proxy_buffering on;
initial commit
2019-10-02 01:31:38 +01:00
chunked_transfer_encoding on;
feat: ensure playbook supports version 2.0.1 - Add proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - Remove proxy_ignore_headers Cache-Control; and proxy_hide_header Cache-Control; - Replace :pleroma, :instance, dynamic_configuration with :pleroma, :instance, configurable_from_database - Enhanced/fixed tasks retrieving the versions - Updated theme configuration file - Set proxy_pass to localhost IPv4 address resolves dananglin/pleroma-ansible-playbook#11
2020-04-03 05:22:34 +01:00
proxy_pass http://127.0.0.1:{{ pleroma.config.listeningPort }};
initial commit
2019-10-02 01:31:38 +01:00
}
feat: support for proving your site with Keybase. This commit adds support for uploading the site owner's keybase.txt file onto their Pleroma server so that Keybase can prove that they are the owner of their site. This is diabled by default but can be enabled by the user. Resolves dananglin/pleroma-ansible-playbook#1
2019-11-08 05:55:25 +00:00
{% if pleroma.keybase.enable == true -%}
location = /keybase.txt {
try_files $uri =404;
}
{% endif %}
initial commit
2019-10-02 01:31:38 +01:00
}
Reference in a new issue Copy permalink