Created
May 24, 2018 22:08
-
-
Save SkyLeite/39e3ad30f7095f0c196e9004497867f7 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Ensure you update at least the server_name variables to match your own | |
| # transcode cache | |
| proxy_cache_path /tmp/funkwhale-transcode levels=1:2 keys_zone=transcode:10m max_size=1g inactive=7d; | |
| # domain | |
| upstream funkwhale-api { | |
| # depending on your setup, you may want to udpate this | |
| server localhost:5000; | |
| } | |
| server { | |
| listen 80; | |
| listen [::]:80; | |
| # update this to match your instance name | |
| server_name music.rodrigo.li; | |
| # useful for Let's Encrypt | |
| location /.well-known/acme-challenge/ { allow all; } | |
| location / { return 301 https://$host$request_uri; } | |
| # HSTS | |
| add_header Strict-Transport-Security "max-age=31536000"; | |
| root /srv/funkwhale/front/dist; | |
| location / { | |
| try_files $uri $uri/ @rewrites; | |
| } | |
| location @rewrites { | |
| rewrite ^(.+)$ /index.html last; | |
| } | |
| location /api/ { | |
| include /etc/nginx/funkwhale_proxy.conf; | |
| # this is needed if you have file import via upload enabled | |
| client_max_body_size 30M; | |
| proxy_pass http://funkwhale-api/api/; | |
| } | |
| location /federation/ { | |
| include /etc/nginx/funkwhale_proxy.conf; | |
| proxy_pass http://funkwhale-api/federation/; | |
| } | |
| location /.well-known/ { | |
| include /etc/nginx/funkwhale_proxy.conf; | |
| proxy_pass http://funkwhale-api/.well-known/; | |
| } | |
| location /media/ { | |
| alias /srv/funkwhale/data/media/; | |
| } | |
| location /_protected/media { | |
| # this is an internal location that is used to serve | |
| # audio files once correct permission / authentication | |
| # has been checked on API side | |
| internal; | |
| alias /srv/funkwhale/data/media; | |
| } | |
| location /_protected/music { | |
| # this is an internal location that is used to serve | |
| # audio files once correct permission / authentication | |
| # has been checked on API side | |
| internal; | |
| alias /srv/funkwhale/data/music; | |
| } | |
| # Transcoding logic and caching | |
| location = /transcode-auth { | |
| include /etc/nginx/funkwhale_proxy.conf; | |
| # needed so we can authenticate transcode requests, but still | |
| # cache the result | |
| internal; | |
| set $query ''; | |
| # ensure we actually pass the jwt to the underlytin auth url | |
| if ($request_uri ~* "[^\?]+\?(.*)$") { | |
| set $query $1; | |
| } | |
| proxy_pass http://funkwhale-api/api/v1/trackfiles/viewable/?$query; | |
| proxy_pass_request_body off; | |
| proxy_set_header Content-Length ""; | |
| } | |
| location /api/v1/trackfiles/transcode/ { | |
| include /etc/nginx/funkwhale_proxy.conf; | |
| # this block deals with authenticating and caching transcoding | |
| # requests. Caching is heavily recommended as transcoding | |
| # is a CPU intensive process. | |
| auth_request /transcode-auth; | |
| if ($args ~ (.*)jwt=[^&]*(.*)) { | |
| set $cleaned_args $1$2; | |
| } | |
| proxy_cache_key "$scheme$request_method$host$uri$is_args$cleaned_args"; | |
| proxy_cache transcode; | |
| proxy_cache_valid 200 7d; | |
| proxy_ignore_headers "Set-Cookie"; | |
| proxy_hide_header "Set-Cookie"; | |
| add_header X-Cache-Status $upstream_cache_status; | |
| proxy_pass http://funkwhale-api; | |
| } | |
| # end of transcoding logic | |
| location /staticfiles/ { | |
| # django static files | |
| alias /srv/funkwhale/data/static/; | |
| } | |
| } | |
| # required for websocket support | |
| map $http_upgrade $connection_upgrade { | |
| default upgrade; | |
| '' close; | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment