X-Git-Url: http://git.squeep.com/?a=blobdiff_plain;f=installation%2Fpleroma.nginx;h=25f6dadffc92059c72ff4ee9dee23ba27d497546;hb=1b03981783d9cc3bf5cac5c83375f99f5ba3bfbe;hp=1bdb95ab48566681695dff754cfbaa25897bfe28;hpb=9112eda14ffa203eeca1d129d6739840f684569d;p=akkoma diff --git a/installation/pleroma.nginx b/installation/pleroma.nginx index 1bdb95ab4..25f6dadff 100644 --- a/installation/pleroma.nginx +++ b/installation/pleroma.nginx @@ -1,3 +1,6 @@ +proxy_cache_path /tmp/pleroma-media-cache levels=1:2 keys_zone=pleroma_media_cache:10m max_size=10g + inactive=720m use_temp_path=off; + server { listen 80; server_name example.tld; @@ -5,22 +8,39 @@ server { } server { - listen 443; + listen 443 ssl http2; ssl on; ssl_session_timeout 5m; ssl_certificate /etc/letsencrypt/live/exmaple.tld/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/example.tld/privkey.pem; - ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2; + ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers "HIGH:!aNULL:!MD5 or HIGH:!aNULL:!MD5:!3DES"; ssl_prefer_server_ciphers on; server_name example.tld; + gzip_vary on; + gzip_proxied any; + gzip_comp_level 6; + gzip_buffers 16 8k; + gzip_http_version 1.1; + gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript application/activity+json application/atom+xml; location / { + add_header 'Access-Control-Allow-Origin' '*'; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_set_header Host $http_host; + + proxy_pass http://localhost:4000; + } + + location /proxy { + proxy_cache pleroma_media_cache; + proxy_cache_lock on; proxy_pass http://localhost:4000; } - include snippets/well-known.conf; -} \ No newline at end of file +}