archives/pleroma-ansible-playbook
Archived
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
This repository has been archived on 2023-05-06. You can view files and clone it, but cannot push or open issues or pull requests.
pleroma-ansible-playbook/roles/pleroma-nginx/templates/etc_ngnix_confd_pleroma.conf.j2
Dan Anglin 8db0186fec
feat: support for proving your site with Keybase. 
This commit adds support for uploading the site
owner's keybase.txt file onto their Pleroma server
so that Keybase can prove that they are the owner
of their site. This is diabled by default but can
be enabled by the user.

Resolves dananglin/pleroma-ansible-playbook#1
2019-11-08 05:55:25 +00:00

97 lines
3.2 KiB
Django/Jinja
Raw Blame History

proxy_cache_path /tmp/pleroma-media-cache levels=1:2 keys_zone=pleroma_media_cache:10m max_size=10g
inactive=720m use_temp_path=off;
server {
server_name {{ pleroma.config.host }};
root {{ pleroma_nginx_root_dir }};
listen 80;
listen [::]:80;
{% if pleroma.ssl.letsEncrypt.enable == true -%}
location ~/\.well-known/acme-challenge {
root {{ pleroma_letsEncrypt_baseDir }}/;
try_files $uri @forward_https;
}
location @forward_https {
return 301 https://$server_name$request_uri;
}
{% endif %}
location / {
return 301 https://$server_name$request_uri;
}
}
# Enable SSL session caching for improved performance
ssl_session_cache shared:ssl_session_cache:10m;
server {
server_name {{ pleroma.config.host }};
root {{ pleroma_nginx_root_dir }};
listen 443 ssl http2;
listen [::]:443 ssl http2;
ssl_session_timeout 5m;
ssl_certificate_key {{ pleroma_ssl_privateKeyPath }};
ssl_certificate /path/to/certificate.pem;
ssl_protocols TLSv1.2;
ssl_ciphers "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
ssl_prefer_server_ciphers on;
# In case of an old server with an OpenSSL version of 1.0.2 or below,
# leave only prime256v1 or comment out the following line.
ssl_ecdh_curve X25519:prime256v1:secp384r1:secp521r1;
ssl_stapling on;
ssl_stapling_verify on;
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_buffers 16 8k;
gzip_http_version 1.1;
gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript application/activity+json application/atom+xml;
# the nginx default is 1m, not enough for large media uploads
client_max_body_size 16m;
location / {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
# this is explicitly IPv4 since Pleroma.Web.Endpoint binds on IPv4 only
# and `localhost.` resolves to [::0] on some systems: see issue #930
proxy_pass http://127.0.0.1:{{ pleroma.config.listeningPort }};
client_max_body_size 16m;
}
location ~ ^/(media|proxy) {
proxy_cache pleroma_media_cache;
slice 1m;
proxy_cache_key $host$uri$is_args$args$slice_range;
proxy_set_header Range $slice_range;
proxy_http_version 1.1;
proxy_cache_valid 200 206 301 304 1h;
proxy_cache_lock on;
proxy_ignore_client_abort on;
proxy_buffering on;
chunked_transfer_encoding on;
proxy_ignore_headers Cache-Control;
proxy_hide_header Cache-Control;
proxy_pass http://localhost:{{ pleroma.config.listeningPort }};
}
{% if pleroma.keybase.enable == true -%}
location = /keybase.txt {
try_files $uri =404;
}
{% endif %}
}
Reference in a new issue View git blame Copy permalink