Merge remote-tracking branch 'origin/develop' into shigusegubu

* origin/develop: (180 commits)
  Deep link to the user account in AdminFE in account confirmation emails
  Spelling
  Ask user to use matching values for database setup
  Syntax error
  Don't always need to drop
  Improve backup/restore documentation
  Lint
  Apply 1 suggestion(s) to 1 file(s)
  Apply 1 suggestion(s) to 1 file(s)
  Apply 2 suggestion(s) to 2 file(s)
  Improve description yet again
  Don't leak internal variables in the docs. They're useless to users.
  Credo
  Improve descriptions for reserved and proxies
  Add test for an entry without CIDR format
  Move hardcoded default configuration into config.exs
  Fix docs for default headers used by RemoteIp. We only use X-Forwarded-For by default.
  Document the NSFW link preview change
  Add helper function to convert single IPs into CIDR format if they were not provided that way
  Docs: Modify docs so the postgres config is harder to get wrong.
  ...
This commit is contained in:
Henry Jameson 2020-10-11 21:13:29 +03:00
commit 5f23876552
154 changed files with 6361 additions and 1693 deletions

View file

@ -9,6 +9,12 @@
proxy_cache_path /tmp/pleroma-media-cache levels=1:2 keys_zone=pleroma_media_cache:10m max_size=10g
inactive=720m use_temp_path=off;
# this is explicitly IPv4 since Pleroma.Web.Endpoint binds on IPv4 only
# and `localhost.` resolves to [::0] on some systems: see issue #930
upstream phoenix {
server 127.0.0.1:4000 max_fails=5 fail_timeout=60s;
}
server {
server_name example.tld;
@ -63,19 +69,16 @@ server {
# the nginx default is 1m, not enough for large media uploads
client_max_body_size 16m;
ignore_invalid_headers off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
location / {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# this is explicitly IPv4 since Pleroma.Web.Endpoint binds on IPv4 only
# and `localhost.` resolves to [::0] on some systems: see issue #930
proxy_pass http://127.0.0.1:4000;
client_max_body_size 16m;
proxy_pass http://phoenix;
}
location ~ ^/(media|proxy) {
@ -83,12 +86,16 @@ server {
slice 1m;
proxy_cache_key $host$uri$is_args$args$slice_range;
proxy_set_header Range $slice_range;
proxy_http_version 1.1;
proxy_cache_valid 200 206 301 304 1h;
proxy_cache_lock on;
proxy_ignore_client_abort on;
proxy_buffering on;
chunked_transfer_encoding on;
proxy_pass http://127.0.0.1:4000;
proxy_pass http://phoenix;
}
location /api/fedsocket/v1 {
proxy_request_buffering off;
proxy_pass http://phoenix/api/fedsocket/v1;
}
}

View file

@ -1,3 +1,4 @@
# Recommended varnishncsa logging format: '%h %l %u %t "%m %{X-Forwarded-Proto}i://%{Host}i%U%q %H" %s %b "%{Referer}i" "%{User-agent}i"'
vcl 4.1;
import std;
@ -14,8 +15,11 @@ acl purge {
sub vcl_recv {
# Redirect HTTP to HTTPS
if (std.port(server.ip) != 443) {
set req.http.X-Forwarded-Proto = "http";
set req.http.x-redir = "https://" + req.http.host + req.url;
return (synth(750, ""));
} else {
set req.http.X-Forwarded-Proto = "https";
}
# CHUNKED SUPPORT
@ -105,7 +109,7 @@ sub vcl_hash {
sub vcl_backend_fetch {
# Be more lenient for slow servers on the fediverse
if bereq.url ~ "^/proxy/" {
if (bereq.url ~ "^/proxy/") {
set bereq.first_byte_timeout = 300s;
}