From 75f6e5e8b7e0408241a633daba7fde8b51dde8ca Mon Sep 17 00:00:00 2001 From: Mark Felder Date: Mon, 21 Sep 2020 16:10:31 -0500 Subject: Add FedSockets config --- installation/pleroma.nginx | 14 ++++++++++++++ 1 file changed, 14 insertions(+) (limited to 'installation') diff --git a/installation/pleroma.nginx b/installation/pleroma.nginx index d301ca615..a3b3394f1 100644 --- a/installation/pleroma.nginx +++ b/installation/pleroma.nginx @@ -63,6 +63,7 @@ server { # the nginx default is 1m, not enough for large media uploads client_max_body_size 16m; + ignore_invalid_headers off; location / { proxy_http_version 1.1; @@ -91,4 +92,17 @@ server { chunked_transfer_encoding on; proxy_pass http://127.0.0.1:4000; } + + location /api/fedsocket/v1 { + proxy_http_version 1.1; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header Host $host; + + # The Important Websocket Bits! + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + proxy_request_buffering off; + proxy_pass http://127.0.0.1:4000/api/fedsocket/v1; + } } -- cgit v1.2.3 From 2b553b8f8e7cf01d8530b905c48b97b815098cd9 Mon Sep 17 00:00:00 2001 From: Mark Felder Date: Mon, 21 Sep 2020 16:11:01 -0500 Subject: Remove duplicate setting --- installation/pleroma.nginx | 2 -- 1 file changed, 2 deletions(-) (limited to 'installation') diff --git a/installation/pleroma.nginx b/installation/pleroma.nginx index a3b3394f1..ce74f46e1 100644 --- a/installation/pleroma.nginx +++ b/installation/pleroma.nginx @@ -75,8 +75,6 @@ server { # this is explicitly IPv4 since Pleroma.Web.Endpoint binds on IPv4 only # and `localhost.` resolves to [::0] on some systems: see issue #930 proxy_pass http://127.0.0.1:4000; - - client_max_body_size 16m; } location ~ ^/(media|proxy) { -- cgit v1.2.3 From ade7fede7134d0e05c91ef48d52e48e64fd6dd98 Mon Sep 17 00:00:00 2001 From: Mark Felder Date: Mon, 21 Sep 2020 16:13:45 -0500 Subject: Most proxy settings can be global --- installation/pleroma.nginx | 21 ++++++--------------- 1 file changed, 6 insertions(+), 15 deletions(-) (limited to 'installation') diff --git a/installation/pleroma.nginx b/installation/pleroma.nginx index ce74f46e1..5517e3fc3 100644 --- a/installation/pleroma.nginx +++ b/installation/pleroma.nginx @@ -65,13 +65,13 @@ server { client_max_body_size 16m; ignore_invalid_headers off; - location / { - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - proxy_set_header Host $http_host; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_set_header Host $http_host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + location / { # this is explicitly IPv4 since Pleroma.Web.Endpoint binds on IPv4 only # and `localhost.` resolves to [::0] on some systems: see issue #930 proxy_pass http://127.0.0.1:4000; @@ -82,7 +82,6 @@ server { slice 1m; proxy_cache_key $host$uri$is_args$args$slice_range; proxy_set_header Range $slice_range; - proxy_http_version 1.1; proxy_cache_valid 200 206 301 304 1h; proxy_cache_lock on; proxy_ignore_client_abort on; @@ -92,14 +91,6 @@ server { } location /api/fedsocket/v1 { - proxy_http_version 1.1; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header Host $host; - - # The Important Websocket Bits! - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "Upgrade"; proxy_request_buffering off; proxy_pass http://127.0.0.1:4000/api/fedsocket/v1; } -- cgit v1.2.3 From 8906f30ba16bdd91ac51ab9d4568c19070c270d5 Mon Sep 17 00:00:00 2001 From: Mark Felder Date: Mon, 21 Sep 2020 16:19:08 -0500 Subject: Use an upstream for reverse proxy so future modifications are simplified --- installation/pleroma.nginx | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) (limited to 'installation') diff --git a/installation/pleroma.nginx b/installation/pleroma.nginx index 5517e3fc3..d613befd2 100644 --- a/installation/pleroma.nginx +++ b/installation/pleroma.nginx @@ -9,6 +9,12 @@ proxy_cache_path /tmp/pleroma-media-cache levels=1:2 keys_zone=pleroma_media_cache:10m max_size=10g inactive=720m use_temp_path=off; +# this is explicitly IPv4 since Pleroma.Web.Endpoint binds on IPv4 only +# and `localhost.` resolves to [::0] on some systems: see issue #930 +upstream phoenix { + server 127.0.0.1:4000 max_fails=5 fail_timeout=60s; +} + server { server_name example.tld; @@ -72,9 +78,7 @@ server { proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; location / { - # this is explicitly IPv4 since Pleroma.Web.Endpoint binds on IPv4 only - # and `localhost.` resolves to [::0] on some systems: see issue #930 - proxy_pass http://127.0.0.1:4000; + proxy_pass http://phoenix; } location ~ ^/(media|proxy) { @@ -87,11 +91,11 @@ server { proxy_ignore_client_abort on; proxy_buffering on; chunked_transfer_encoding on; - proxy_pass http://127.0.0.1:4000; + proxy_pass http://phoenix; } location /api/fedsocket/v1 { proxy_request_buffering off; - proxy_pass http://127.0.0.1:4000/api/fedsocket/v1; + proxy_pass http://phoenix/api/fedsocket/v1; } } -- cgit v1.2.3 From 49229107e812d649e66e36e32e238db66b353b0f Mon Sep 17 00:00:00 2001 From: Mark Felder Date: Wed, 30 Sep 2020 12:32:54 -0500 Subject: Make it possible for Varnish logs to contain the true scheme used by clients instead of always reporting http:// --- installation/pleroma.vcl | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'installation') diff --git a/installation/pleroma.vcl b/installation/pleroma.vcl index 154747aa6..57b6d17b3 100644 --- a/installation/pleroma.vcl +++ b/installation/pleroma.vcl @@ -1,3 +1,4 @@ +# Recommended varnishncsa logging format: '%h %l %u %t "%m %{X-Forwarded-Proto}i://%{Host}i%U%q %H" %s %b "%{Referer}i" "%{User-agent}i"' vcl 4.1; import std; @@ -14,8 +15,11 @@ acl purge { sub vcl_recv { # Redirect HTTP to HTTPS if (std.port(server.ip) != 443) { + set req.http.X-Forwarded-Proto = "http"; set req.http.x-redir = "https://" + req.http.host + req.url; return (synth(750, "")); + } else { + set req.http.X-Forwarded-Proto = "https"; } # CHUNKED SUPPORT -- cgit v1.2.3 From b3015db841536c26934f43374ed75fb77a11ff68 Mon Sep 17 00:00:00 2001 From: Mark Felder Date: Wed, 30 Sep 2020 12:49:51 -0500 Subject: Syntax error --- installation/pleroma.vcl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'installation') diff --git a/installation/pleroma.vcl b/installation/pleroma.vcl index 57b6d17b3..13dad784c 100644 --- a/installation/pleroma.vcl +++ b/installation/pleroma.vcl @@ -109,7 +109,7 @@ sub vcl_hash { sub vcl_backend_fetch { # Be more lenient for slow servers on the fediverse - if bereq.url ~ "^/proxy/" { + if (bereq.url ~ "^/proxy/") { set bereq.first_byte_timeout = 300s; } -- cgit v1.2.3