diff options
Diffstat (limited to 'installation')
| -rw-r--r-- | installation/caddyfile-pleroma.example | 31 | ||||
| -rwxr-xr-x | installation/pleroma-mongooseim.cfg | 2 | ||||
| -rw-r--r-- | installation/pleroma.nginx | 13 | ||||
| -rw-r--r-- | installation/pleroma.vcl | 41 |
4 files changed, 24 insertions, 63 deletions
diff --git a/installation/caddyfile-pleroma.example b/installation/caddyfile-pleroma.example index 7985d9c67..cc7dda011 100644 --- a/installation/caddyfile-pleroma.example +++ b/installation/caddyfile-pleroma.example @@ -5,34 +5,13 @@ # 2. Copy this section into your Caddyfile and restart Caddy. example.tld { - log /var/log/caddy/pleroma_access.log - errors /var/log/caddy/pleroma_error.log + log { + output file /var/log/caddy/pleroma.log + } - gzip + encode gzip # this is explicitly IPv4 since Pleroma.Web.Endpoint binds on IPv4 only # and `localhost.` resolves to [::0] on some systems: see issue #930 - proxy / 127.0.0.1:4000 { - websocket - transparent - } - - tls { - # Remove the rest of the lines in here, if you want to support older devices - key_type p256 - ciphers ECDHE-ECDSA-WITH-CHACHA20-POLY1305 ECDHE-RSA-WITH-CHACHA20-POLY1305 ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-GCM-SHA256 - } - - # If you do not want to use the mediaproxy function, remove these lines. - # To use this directive, you need the http.cache plugin for Caddy. - cache { - match_path /media - default_max_age 720m - } - - cache { - match_path /proxy - default_max_age 720m - } - # Stop removing lines here. + reverse_proxy 127.0.0.1:4000 } diff --git a/installation/pleroma-mongooseim.cfg b/installation/pleroma-mongooseim.cfg index 576f83541..3ecba5641 100755 --- a/installation/pleroma-mongooseim.cfg +++ b/installation/pleroma-mongooseim.cfg @@ -466,7 +466,7 @@ %% == PostgreSQL == %% {rdbms, global, default, [{workers, 10}], -%% [{server, {pgsql, "server", 5432, "database", "username", "password"}}]}, +%% [{server, {pgsql, "server", "port", "database", "username", "password"}}]}, %% == ODBC (MSSQL) == %% {rdbms, global, default, [{workers, 10}], diff --git a/installation/pleroma.nginx b/installation/pleroma.nginx index 9890cb2b1..273cfb390 100644 --- a/installation/pleroma.nginx +++ b/installation/pleroma.nginx @@ -81,6 +81,19 @@ server { proxy_pass http://phoenix; } + # Uncomment this if you want notice compatibility routes for frontends like Soapbox. + # location ~ ^/@[^/]+/([^/]+)$ { + # proxy_pass http://phoenix/notice/$1; + # } + # + # location ~ ^/@[^/]+/posts/([^/]+)$ { + # proxy_pass http://phoenix/notice/$1; + # } + # + # location ~ ^/[^/]+/status/([^/]+)$ { + # proxy_pass http://phoenix/notice/$1; + # } + location ~ ^/(media|proxy) { proxy_cache pleroma_media_cache; slice 1m; diff --git a/installation/pleroma.vcl b/installation/pleroma.vcl index 4752510ea..4eb2f3cfa 100644 --- a/installation/pleroma.vcl +++ b/installation/pleroma.vcl @@ -1,4 +1,5 @@ # Recommended varnishncsa logging format: '%h %l %u %t "%m %{X-Forwarded-Proto}i://%{Host}i%U%q %H" %s %b "%{Referer}i" "%{User-agent}i"' +# Please use Varnish 7.0+ for proper Range Requests / Chunked encoding support vcl 4.1; import std; @@ -22,11 +23,6 @@ sub vcl_recv { set req.http.X-Forwarded-Proto = "https"; } - # CHUNKED SUPPORT - if (req.http.Range ~ "bytes=") { - set req.http.x-range = req.http.Range; - } - # Pipe if WebSockets request is coming through if (req.http.upgrade ~ "(?i)websocket") { return (pipe); @@ -35,9 +31,9 @@ sub vcl_recv { # Allow purging of the cache if (req.method == "PURGE") { if (!client.ip ~ purge) { - return(synth(405,"Not allowed.")); + return (synth(405,"Not allowed.")); } - return(purge); + return (purge); } } @@ -53,17 +49,11 @@ sub vcl_backend_response { return (retry); } - # CHUNKED SUPPORT - if (bereq.http.x-range ~ "bytes=" && beresp.status == 206) { - set beresp.ttl = 10m; - set beresp.http.CR = beresp.http.content-range; - } - # Bypass cache for large files # 50000000 ~ 50MB if (std.integer(beresp.http.content-length, 0) > 50000000) { set beresp.uncacheable = true; - return(deliver); + return (deliver); } # Don't cache objects that require authentication @@ -94,7 +84,7 @@ sub vcl_synth { if (resp.status == 750) { set resp.status = 301; set resp.http.Location = req.http.x-redir; - return(deliver); + return (deliver); } } @@ -106,25 +96,12 @@ sub vcl_pipe { } } -sub vcl_hash { - # CHUNKED SUPPORT - if (req.http.x-range ~ "bytes=") { - hash_data(req.http.x-range); - unset req.http.Range; - } -} - sub vcl_backend_fetch { # Be more lenient for slow servers on the fediverse if (bereq.url ~ "^/proxy/") { set bereq.first_byte_timeout = 300s; } - # CHUNKED SUPPORT - if (bereq.http.x-range) { - set bereq.http.Range = bereq.http.x-range; - } - if (bereq.retries == 0) { # Clean up the X-Varnish-Backend-503 flag that is used internally # to mark broken backend responses that should be retried. @@ -143,14 +120,6 @@ sub vcl_backend_fetch { } } -sub vcl_deliver { - # CHUNKED SUPPORT - if (resp.http.CR) { - set resp.http.Content-Range = resp.http.CR; - unset resp.http.CR; - } -} - sub vcl_backend_error { # Retry broken backend responses. set bereq.http.X-Varnish-Backend-503 = "1"; |