nginx.conf.tmpl (7349B)
1 # https://comam.es/snac-doc/snac.8.html#EXAMPLES 2 # https://codeberg.org/grunfink/snac2/src/branch/master/examples/nginx-alpine-ssl/default.conf 3 4 upstream snac { 5 server {{ env "NOMAD_ADDR_http" }} max_fails=5 fail_timeout=60s; 6 } 7 8 server { 9 listen {{ env "NOMAD_PORT_https" }} ssl http2 default_server; 10 listen [::]:{{ env "NOMAD_PORT_https" }} ssl http2 default_server; 11 12 # SSL configuration 13 ssl_certificate /etc/letsencrypt/live/m.in0rdr.ch/fullchain.pem; 14 ssl_certificate_key /etc/letsencrypt/live/m.in0rdr.ch/privkey.pem; 15 16 location /.well-known/webfinger { 17 proxy_http_version 1.1; 18 proxy_set_header Upgrade $http_upgrade; 19 proxy_set_header Connection "upgrade"; 20 proxy_redirect off; 21 proxy_connect_timeout 90; 22 proxy_send_timeout 90; 23 proxy_read_timeout 90; 24 proxy_set_header Host $host; 25 proxy_set_header X-Real-IP $remote_addr; 26 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 27 proxy_set_header X-Forwarded-Proto $scheme; 28 proxy_set_header Proxy ""; 29 proxy_pass_header Server; 30 proxy_buffering on; 31 tcp_nodelay on; 32 proxy_pass http://snac; 33 } 34 35 location /.well-known/nodeinfo { 36 proxy_http_version 1.1; 37 proxy_set_header Upgrade $http_upgrade; 38 proxy_set_header Connection "upgrade"; 39 proxy_redirect off; 40 proxy_connect_timeout 90; 41 proxy_send_timeout 90; 42 proxy_read_timeout 90; 43 proxy_set_header Host $host; 44 proxy_set_header X-Real-IP $remote_addr; 45 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 46 proxy_set_header X-Forwarded-Proto $scheme; 47 proxy_set_header Proxy ""; 48 proxy_pass_header Server; 49 proxy_buffering on; 50 tcp_nodelay on; 51 proxy_pass http://snac; 52 } 53 54 location / { 55 proxy_http_version 1.1; 56 proxy_set_header Upgrade $http_upgrade; 57 proxy_set_header Connection "upgrade"; 58 proxy_redirect off; 59 proxy_connect_timeout 90; 60 proxy_send_timeout 90; 61 proxy_read_timeout 90; 62 proxy_set_header Host $host; 63 proxy_set_header X-Real-IP $remote_addr; 64 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 65 proxy_set_header X-Forwarded-Proto $scheme; 66 proxy_set_header Proxy ""; 67 proxy_pass_header Server; 68 proxy_buffering on; 69 tcp_nodelay on; 70 proxy_pass http://snac; 71 } 72 73 # Mastodon API (entry points) 74 location /api/v1/ { 75 proxy_http_version 1.1; 76 proxy_set_header Upgrade $http_upgrade; 77 proxy_set_header Connection "upgrade"; 78 proxy_redirect off; 79 proxy_connect_timeout 90; 80 proxy_send_timeout 90; 81 proxy_read_timeout 90; 82 proxy_set_header Host $host; 83 proxy_set_header X-Real-IP $remote_addr; 84 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 85 proxy_set_header X-Forwarded-Proto $scheme; 86 proxy_set_header Proxy ""; 87 proxy_pass_header Server; 88 proxy_buffering on; 89 tcp_nodelay on; 90 proxy_pass http://snac; 91 } 92 location /api/v2/ { 93 proxy_http_version 1.1; 94 proxy_set_header Upgrade $http_upgrade; 95 proxy_set_header Connection "upgrade"; 96 proxy_redirect off; 97 proxy_connect_timeout 90; 98 proxy_send_timeout 90; 99 proxy_read_timeout 90; 100 proxy_set_header Host $host; 101 proxy_set_header X-Real-IP $remote_addr; 102 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 103 proxy_set_header X-Forwarded-Proto $scheme; 104 proxy_set_header Proxy ""; 105 proxy_pass_header Server; 106 proxy_buffering on; 107 tcp_nodelay on; 108 proxy_pass http://snac; 109 } 110 # Mastodon API (OAuth support) 111 location /oauth { 112 proxy_http_version 1.1; 113 proxy_set_header Upgrade $http_upgrade; 114 proxy_set_header Connection "upgrade"; 115 proxy_redirect off; 116 proxy_connect_timeout 90; 117 proxy_send_timeout 90; 118 proxy_read_timeout 90; 119 proxy_set_header Host $host; 120 proxy_set_header X-Real-IP $remote_addr; 121 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 122 proxy_set_header X-Forwarded-Proto $scheme; 123 proxy_set_header Proxy ""; 124 proxy_pass_header Server; 125 proxy_buffering on; 126 tcp_nodelay on; 127 proxy_pass http://snac; 128 } 129 # optional (needed by some Mastodon API clients) 130 location /.well-known/host-meta { 131 proxy_http_version 1.1; 132 proxy_set_header Upgrade $http_upgrade; 133 proxy_set_header Connection "upgrade"; 134 proxy_redirect off; 135 proxy_connect_timeout 90; 136 proxy_send_timeout 90; 137 proxy_read_timeout 90; 138 proxy_set_header Host $host; 139 proxy_set_header X-Real-IP $remote_addr; 140 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 141 proxy_set_header X-Forwarded-Proto $scheme; 142 proxy_set_header Proxy ""; 143 proxy_pass_header Server; 144 proxy_buffering on; 145 tcp_nodelay on; 146 proxy_pass http://snac; 147 } 148 # optional (Mastodon-like link share entrypoint) 149 location /share { 150 proxy_http_version 1.1; 151 proxy_set_header Upgrade $http_upgrade; 152 proxy_set_header Connection "upgrade"; 153 proxy_redirect off; 154 proxy_connect_timeout 90; 155 proxy_send_timeout 90; 156 proxy_read_timeout 90; 157 proxy_set_header Host $host; 158 proxy_set_header X-Real-IP $remote_addr; 159 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 160 proxy_set_header X-Forwarded-Proto $scheme; 161 proxy_set_header Proxy ""; 162 proxy_pass_header Server; 163 proxy_buffering on; 164 tcp_nodelay on; 165 proxy_pass http://snac; 166 } 167 # optional (Mastodon-like "authorize interaction" entrypoint) 168 location /authorize_interaction { 169 proxy_http_version 1.1; 170 proxy_set_header Upgrade $http_upgrade; 171 proxy_set_header Connection "upgrade"; 172 proxy_redirect off; 173 proxy_connect_timeout 90; 174 proxy_send_timeout 90; 175 proxy_read_timeout 90; 176 proxy_set_header Host $host; 177 proxy_set_header X-Real-IP $remote_addr; 178 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 179 proxy_set_header X-Forwarded-Proto $scheme; 180 proxy_set_header Proxy ""; 181 proxy_pass_header Server; 182 proxy_buffering on; 183 tcp_nodelay on; 184 proxy_pass http://snac; 185 } 186 }