Add a sample nginx.conf .

3 years ago · 43d64fda20
parent ed2744201b
commit 43d64fda20
1 changed files with 120 additions and 0 deletions
--- a/docker/dev/nginx.conf
+++ b/docker/dev/nginx.conf
@ -0,0 +1,120 @@
+worker_processes  1;
+events {
+    worker_connections  1024;
+}
+http {
+  proxy_cache_path /var/cache/lemmy_frontend levels=1:2 keys_zone=lemmy_frontend_cache:10m max_size=100m                 use_temp_path=off;
+    include       mime.types;
+    default_type  application/octet-stream;
+
+    #log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
+    #                  '$status $body_bytes_sent "$http_referer" '
+    #                  '"$http_user_agent" "$http_x_forwarded_for"';
+
+    #access_log  logs/access.log  main;
+
+    sendfile        on;
+    #tcp_nopush     on;
+
+    #keepalive_timeout  0;
+    keepalive_timeout  65;
+
+    #gzip  on;
+
+    server {
+        listen       80;
+        server_name  localhost;
+
+        #charset koi8-r;
+
+        #access_log  logs/host.access.log  main;
+
+        location / {
+            root   /usr/share/nginx/html;
+            index  index.html index.htm;
+        }
+
+        #error_page  404              /404.html;
+
+        # redirect server error pages to the static page /50x.html
+        #
+        error_page   500 502 503 504  /50x.html;
+        location = /50x.html {
+            root   /usr/share/nginx/html;
+        }
+    }
+
+    server {
+      listen       8535;
+      server_name  localhost;
+
+
+
+      # Enable compression for JS/CSS/HTML bundle, for improved client load times.
+      # It might be nice to compress JSON, but leaving that out to protect against potential
+      # compression+encryption information leak attacks like BREACH.
+      gzip on;
+      gzip_types text/css application/javascript;
+      gzip_vary on;
+
+      # Only connect to this site via HTTPS for the two years
+      add_header Strict-Transport-Security "max-age=63072000";
+
+      # Various content security headers
+      add_header Referrer-Policy "same-origin";
+      add_header X-Content-Type-Options "nosniff";
+      add_header X-Frame-Options "DENY";
+      add_header X-XSS-Protection "1; mode=block";
+
+      # Upload limit for pictrs
+      # client_max_body_size 50M;
+
+      # frontend
+      location / {
+        # The default ports:
+        # lemmy_port: 8536
+        # lemmy_ui_port: 1235
+        #   Use :1234 if you want to develop locally, using yarn start in the lemmy-ui folder
+
+        set $proxpass "http://0.0.0.0:1235";
+        if ($http_accept = "application/activity+json") {
+          set $proxpass "http://0.0.0.0:8536";
+        }
+        if ($http_accept = "application/ld+json; profile=\"https://www.w3.org/ns/activitystreams\"") {
+          set $proxpass "http://0.0.0.0:8536";
+        }
+        if ($request_method = POST) {
+          set $proxpass "http://0.0.0.0:8536";
+        }
+        proxy_pass $proxpass;
+
+        rewrite ^(.+)/+$ $1 permanent;
+
+        # Send actual client IP upstream
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header Host $host;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+      }
+
+      # backend
+      location ~ ^/(api|pictrs|feeds|nodeinfo|.well-known) {
+        proxy_pass http://0.0.0.0:8536;
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+
+        # Rate limit
+        # limit_req zone=lemmy_ratelimit burst=30 nodelay;
+
+        # Add IP forwarding headers
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header Host $host;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+      }
+
+      # Redirect pictshare images to pictrs
+      location ~ /pictshare/(.*)$ {
+        return 301 /pictrs/image/$1;
+      }
+    }
+}