chofstede/media

## media
proxy_cache_path   /tmp/nginx-cache-instance-media levels=1:2 keys_zone=s3_cache:10m max_size=10g
                    inactive=48h use_temp_path=off;

server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;

    server_name media.burningboard.net;

    access_log off;
    error_log /var/log/nginx/media.burningboard.net-error.log;

    root /opt/mastodon/data/public/system;

    set $s3_backend 'https://bucketname.s3.fr-par.scw.cloud/something';

    keepalive_timeout 30;

    location = / {
        index index.html;
    }

    location / {
        try_files $uri @s3;
    }

    location @s3 {
        limit_except GET {
                deny all;
        }

        resolver 9.9.9.9;
        proxy_set_header Host 'bucketname.s3.fr-par.scw.cloud';
        proxy_set_header Connection '';
        proxy_set_header Authorization '';
        proxy_hide_header Set-Cookie;
        proxy_hide_header 'Access-Control-Allow-Origin';
        proxy_hide_header 'Access-Control-Allow-Methods';
        proxy_hide_header 'Access-Control-Allow-Headers';
        proxy_hide_header x-amz-id-2;
        proxy_hide_header x-amz-request-id;
        proxy_hide_header x-amz-meta-server-side-encryption;
        proxy_hide_header x-amz-server-side-encryption;
        proxy_hide_header x-amz-bucket-region;
        proxy_hide_header x-amzn-requestid;
        proxy_ignore_headers Set-Cookie;
        proxy_pass $s3_backend$uri;
        proxy_intercept_errors off;

        proxy_cache s3_cache;
        proxy_cache_valid 200 304 48h;
        proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
        proxy_cache_lock on;
        proxy_cache_revalidate on;

        expires 1y;
        add_header Cache-Control public;
        add_header 'Access-Control-Allow-Origin' '*';
        add_header X-Cache-Status $upstream_cache_status;
    }

    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305;

    ssl_prefer_server_ciphers on;
    ssl_session_cache shared:SSL:10m;
    ssl_session_tickets off;

    ssl_certificate /etc/letsencrypt/live/burningboard.net/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/burningboard.net/privkey.pem;
}


server {
    listen 80;
    listen [::]:80;

    if ($host = media.burningboard.net) {
        return 301 https://$host$request_uri;
    }

    server_name media.burningboard.net;
}
	proxy_cache_path /tmp/nginx-cache-instance-media levels=1:2 keys_zone=s3_cache:10m max_size=10g
	inactive=48h use_temp_path=off;

	server {
	listen 443 ssl http2;
	listen [::]:443 ssl http2;

	server_name media.burningboard.net;

	access_log off;
	error_log /var/log/nginx/media.burningboard.net-error.log;

	root /opt/mastodon/data/public/system;

	set $s3_backend 'https://bucketname.s3.fr-par.scw.cloud/something';

	keepalive_timeout 30;

	location = / {
	index index.html;
	}

	location / {
	try_files $uri @s3;
	}

	location @s3 {
	limit_except GET {
	deny all;
	}

	resolver 9.9.9.9;
	proxy_set_header Host 'bucketname.s3.fr-par.scw.cloud';
	proxy_set_header Connection '';
	proxy_set_header Authorization '';
	proxy_hide_header Set-Cookie;
	proxy_hide_header 'Access-Control-Allow-Origin';
	proxy_hide_header 'Access-Control-Allow-Methods';
	proxy_hide_header 'Access-Control-Allow-Headers';
	proxy_hide_header x-amz-id-2;
	proxy_hide_header x-amz-request-id;
	proxy_hide_header x-amz-meta-server-side-encryption;
	proxy_hide_header x-amz-server-side-encryption;
	proxy_hide_header x-amz-bucket-region;
	proxy_hide_header x-amzn-requestid;
	proxy_ignore_headers Set-Cookie;
	proxy_pass $s3_backend$uri;
	proxy_intercept_errors off;

	proxy_cache s3_cache;
	proxy_cache_valid 200 304 48h;
	proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
	proxy_cache_lock on;
	proxy_cache_revalidate on;

	expires 1y;
	add_header Cache-Control public;
	add_header 'Access-Control-Allow-Origin' '*';
	add_header X-Cache-Status $upstream_cache_status;
	}

	ssl_protocols TLSv1.2 TLSv1.3;
	ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305;

	ssl_prefer_server_ciphers on;
	ssl_session_cache shared:SSL:10m;
	ssl_session_tickets off;

	ssl_certificate /etc/letsencrypt/live/burningboard.net/fullchain.pem;
	ssl_certificate_key /etc/letsencrypt/live/burningboard.net/privkey.pem;
	}


	server {
	listen 80;
	listen [::]:80;

	if ($host = media.burningboard.net) {
	return 301 https://$host$request_uri;
	}

	server_name media.burningboard.net;
	}
No results found