Merge remote-tracking branch 'origin/develop' into shigusegubu

* origin/develop: (180 commits) Deep link to the user account in AdminFE in account confirmation emails Spelling Ask user to use matching values for database setup Syntax error Don't always need to drop Improve backup/restore documentation Lint Apply 1 suggestion(s) to 1 file(s) Apply 1 suggestion(s) to 1 file(s) Apply 2 suggestion(s) to 2 file(s) Improve description yet again Don't leak internal variables in the docs. They're useless to users. Credo Improve descriptions for reserved and proxies Add test for an entry without CIDR format Move hardcoded default configuration into config.exs Fix docs for default headers used by RemoteIp. We only use X-Forwarded-For by default. Document the NSFW link preview change Add helper function to convert single IPs into CIDR format if they were not provided that way Docs: Modify docs so the postgres config is harder to get wrong. ...
2020-10-11 21:13:29 +03:00 · 2020-10-11 21:13:29 +03:00 · 5f23876552
commit 5f23876552
parent 461c465fe7 bc3cf0fee0
154 changed files with 6361 additions and 1693 deletions
--- a/installation/pleroma.nginx
+++ b/installation/pleroma.nginx
@ -9,6 +9,12 @@
 proxy_cache_path /tmp/pleroma-media-cache levels=1:2 keys_zone=pleroma_media_cache:10m max_size=10g
                 inactive=720m use_temp_path=off;

+# this is explicitly IPv4 since Pleroma.Web.Endpoint binds on IPv4 only
+# and `localhost.` resolves to [::0] on some systems: see issue #930
+upstream phoenix {
+    server 127.0.0.1:4000 max_fails=5 fail_timeout=60s;
+}
+
 server {
    server_name    example.tld;

@ -63,19 +69,16 @@ server {

    # the nginx default is 1m, not enough for large media uploads
    client_max_body_size 16m;
+    ignore_invalid_headers off;
+
+    proxy_http_version 1.1;
+    proxy_set_header Upgrade $http_upgrade;
+    proxy_set_header Connection "upgrade";
+    proxy_set_header Host $http_host;
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

    location / {
-        proxy_http_version 1.1;
-        proxy_set_header Upgrade $http_upgrade;
-        proxy_set_header Connection "upgrade";
-        proxy_set_header Host $http_host;
-        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-
-        # this is explicitly IPv4 since Pleroma.Web.Endpoint binds on IPv4 only
-        # and `localhost.` resolves to [::0] on some systems: see issue #930
-        proxy_pass http://127.0.0.1:4000;
-
-        client_max_body_size 16m;
+        proxy_pass http://phoenix;
    }

    location ~ ^/(media|proxy) {
@ -83,12 +86,16 @@ server {
        slice              1m;
        proxy_cache_key    $host$uri$is_args$args$slice_range;
        proxy_set_header   Range $slice_range;
-        proxy_http_version 1.1;
        proxy_cache_valid  200 206 301 304 1h;
        proxy_cache_lock   on;
        proxy_ignore_client_abort on;
        proxy_buffering    on;
        chunked_transfer_encoding on;
-        proxy_pass         http://127.0.0.1:4000;
+        proxy_pass         http://phoenix;
+    }
+
+    location /api/fedsocket/v1 {
+        proxy_request_buffering off;
+        proxy_pass http://phoenix/api/fedsocket/v1;
    }
 }
--- a/installation/pleroma.vcl
+++ b/installation/pleroma.vcl
@ -1,3 +1,4 @@
+# Recommended varnishncsa logging format: '%h %l %u %t "%m %{X-Forwarded-Proto}i://%{Host}i%U%q %H" %s %b "%{Referer}i" "%{User-agent}i"'
 vcl 4.1;
 import std;

@ -14,8 +15,11 @@ acl purge {
 sub vcl_recv {
    # Redirect HTTP to HTTPS
    if (std.port(server.ip) != 443) {
+      set req.http.X-Forwarded-Proto = "http";
      set req.http.x-redir = "https://" + req.http.host + req.url;
      return (synth(750, ""));
+    } else {
+      set req.http.X-Forwarded-Proto = "https";
    }

    # CHUNKED SUPPORT
@ -105,7 +109,7 @@ sub vcl_hash {

 sub vcl_backend_fetch {
    # Be more lenient for slow servers on the fediverse
-    if bereq.url ~ "^/proxy/" {
+    if (bereq.url ~ "^/proxy/") {
      set bereq.first_byte_timeout = 300s;
    }