PonyMirrors/philomena
1
0
Fork 0
mirror of https://github.com/philomena-dev/philomena.git synced 2024-11-23 20:18:00 +01:00
Code Issues Projects Releases Packages Wiki Activity
philomena/docker/web/nginx.conf
Liam 25748dc8ff Fix HEAD requests to s3proxy
2024-08-17 17:28:56 -04:00

144 lines
3.6 KiB
Nginx Configuration File
Raw Blame History

upstream philomena {
server app:4000 fail_timeout=0;
}
map $uri $custom_content_type {
default "text/html";
~(.*\.png)$ "image/png";
~(.*\.jpe?g)$ "image/jpeg";
~(.*\.gif)$ "image/gif";
~(.*\.svg)$ "image/svg+xml";
~(.*\.mp4)$ "video/mp4";
~(.*\.webm)$ "video/webm";
}
lua_package_path '/etc/nginx/lua/?.lua;;';
resolver 1.1.1.1 ipv6=off;
init_by_lua_block {
aws_sig = require('aws-signature')
function clear_request()
-- Get rid of any client state that could cause
-- issues for the proxied request
for h, _ in pairs(ngx.req.get_headers()) do
if string.lower(h) ~= 'range' then
ngx.req.clear_header(h)
end
end
ngx.req.set_uri_args({})
ngx.req.discard_body()
end
function sign_aws_request()
-- The API token used should not allow writing, but
-- sanitize this anyway to stop an upstream error
if ngx.req.get_method() ~= 'GET' and ngx.req.get_method() ~= 'HEAD' then
ngx.status = ngx.HTTP_UNAUTHORIZED
ngx.say('Unauthorized')
return ngx.exit(ngx.HTTP_UNAUTHORIZED)
end
clear_request()
aws_sig.s3_set_headers("$S3_HOST", ngx.var.uri)
end
}
proxy_cache_path /var/www/cache levels=1:2 keys_zone=s3-cache:8m max_size=1000m inactive=600m;
server {
listen 80 default;
listen [::]:80;
root $APP_DIR/priv/static;
client_max_body_size 125000000;
client_body_buffer_size 128k;
location ~ ^/$S3_BUCKET {
internal;
access_by_lua "sign_aws_request()";
proxy_pass "$S3_SCHEME://$S3_HOST:$S3_PORT";
proxy_cache s3-cache;
proxy_cache_valid 1h;
proxy_hide_header Content-Type;
proxy_ssl_server_name on;
expires max;
add_header Cache-Control public;
add_header Content-Type $custom_content_type;
}
location ~ ^/img/download/(.+)/([0-9]+).*\.([A-Za-z0-9]+)$ {
rewrite ^/img/download/(.+)/([0-9]+).*\.([A-Za-z0-9]+)$ "/$S3_BUCKET/images/$1/$2/full.$3" break;
access_by_lua "sign_aws_request()";
proxy_pass "$S3_SCHEME://$S3_HOST:$S3_PORT";
proxy_cache s3-cache;
proxy_cache_valid 1h;
proxy_hide_header Content-Type;
proxy_ssl_server_name on;
expires max;
add_header Cache-Control public;
add_header Content-Type $custom_content_type;
add_header Content-Disposition "attachment";
}
location ~ ^/img/view/(.+)/([0-9]+).*\.([A-Za-z0-9]+)$ {
rewrite ^/img/view/(.+)/([0-9]+).*\.([A-Za-z0-9]+)$ "/$S3_BUCKET/images/$1/$2/full.$3" last;
}
location ~ ^/img/(.+)$ {
rewrite ^/img/(.+)$ "/$S3_BUCKET/images/$1" last;
}
location ~ ^/spns/(.+) {
rewrite ^/spns/(.+)$ "/$S3_BUCKET/adverts/$1" last;
}
location ~ ^/avatars/(.+) {
rewrite ^/avatars/(.+)$ "/$S3_BUCKET/avatars/$1" last;
}
# The following two location blocks use an -img suffix to avoid
# conflicting with the application routes. In production, this
# is not necessary since assets will be on a distinct domain.
location ~ ^/badge-img/(.+) {
rewrite ^/badge-img/(.+)$ "/$S3_BUCKET/badges/$1" last;
}
location ~ ^/tag-img/(.+) {
rewrite ^/tag-img/(.+)$ "/$S3_BUCKET/tags/$1" last;
}
location / {
try_files $uri @proxy;
}
location @proxy {
proxy_pass http://philomena;
proxy_redirect off;
proxy_set_header Host $host:$server_port;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_buffer_size 4k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
# Configuration for Phoenix WS
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}
Reference in a new issue View git blame Copy permalink