Commit Graph

35 Commits

Author SHA1 Message Date
Chocobozzz
fd2ddcae8f
Fix nginx template on dual stack server
See https://framacolibri.org/t/listen-to-unix-socket-instead-of-localhost-9000/5348
2019-08-07 15:13:01 +02:00
Chocobozzz
c928e1364f
Improve nginx client images cache 2019-07-29 14:58:41 +02:00
Benjamin Bouvier
7eeb6a0ba4 Nginx config file: remove text/html from gzip_types
As stated by https://nginx.org/en/docs/http/ngx_http_gzip_module.html, text/html is always part of the gzip_types. This removes a warning when checking the Nginx configuration files.
2019-02-11 04:29:51 +01:00
Chocobozzz
4a57b65cc5
Support socket.io in nginx template 2019-01-29 09:10:24 +01:00
Micah Elizabeth Scott
4b49385892 Remove hard-coded 8GB upload limit in client (#1293)
* Remove hard-coded 8GB upload limit in client

Ideally we'd know what the specific server's configured upload limit
is before starting, but this 8GB limit is not useful if an administrator
has changed the nginx post limit on the server.

* Better docs for admins about client_max_body_size

Seems like some admins already tweak this value up or down to allow
for different maximum video upload sizes. The current codebase has no
other server-side limits that I'm aware of, and I've been routinely
uploading quite large videos to my instance.

This patch replaces the somewhat incorrect (or outdated?) 'hard limit'
comment with some advice about allocating enough space for nginx and
communicating the limit with your users.

Of course it would be better if this configuration could be unified with
PeerTube's config somehow. I'm not sure whether the best option there is
to turn off nginx's buffering here and let PeerTube handle the entire upload
(can we do this only for the video upload API endpoint?) or whether we want
PeerTube to generate nginx configs in a more automated way layer. In any case,
this patch is intended as an incremental improvement.
2018-12-07 14:58:17 +01:00
Chocobozzz
b9fffa297f
Create redundancy endpoint 2018-12-04 17:08:55 +01:00
Chocobozzz
415acc63cf
Add comments in nginx regarding blocks that can be safely removed 2018-09-17 17:45:54 +02:00
Felix Ableitner
5284d4028c Don't include preload flag in sample HSTS header
This goes against the recommendations (preloading should be opt-in). Putting it in the example makes it likely that people enable it without knowing what it means.

https://hstspreload.org/?domain=peertube.social#opt-in
2018-09-11 20:10:57 +02:00
Rigel Kent
6328da8c01
make HSTS opt-in and leave it to the reverse-proxy 2018-09-09 22:10:38 +02:00
Micah Elizabeth Scott
a18e02f358 Only enable gzip for HTML/CSS/JS
No compression on JSON endpoints, in order to protect
from potential compression+encryption data leak attacks (like BREACH)
2018-08-24 09:08:33 +02:00
Micah Elizabeth Scott
b9ad995605 Add gzip support to the sample nginx configuration
Without gzip explicitly enabled, load times suffer from transferring
over a megabyte of plaintext javascript. With gzip enabled, the bundle
is down to about 300K, and loads much faster.

This change does not enable gzip on files that are already compressed,
so images, fonts, and videos will be sent without the CPU overhead.
2018-08-24 09:08:33 +02:00
Chocobozzz
a8bf1d826e
404 on unknown thumbnail 2018-07-24 18:03:40 +02:00
Chocobozzz
7f8db30ccd
Add cors to static route in nginx template 2018-07-24 18:03:39 +02:00
Rigel Kent
828fdd08b7
(nginx) remove headers now dealt with helmet 2018-07-18 10:21:59 +02:00
Chocobozzz
57a81ff649
Fix static avatars/thumbnails cache 2018-07-17 19:04:41 +02:00
Chocobozzz
34b1919290
Increase upload limit to 8GB (test) 2018-06-29 17:10:53 +02:00
Chocobozzz
051bf3f773
Revert "Selective route permission to use embeds, fixes #322 in a better way (#364)" (#365)
This reverts commit d40cd86bf5.
2018-03-20 17:39:36 +01:00
Rigel Kent
d40cd86bf5 Selective route permission to use embeds, fixes #322 in a better way (#364) 2018-03-20 17:28:41 +01:00
Valvin
446f78d7b4 Remove X-Frame options in nginx config (#322)
`X-Frame-Options DENY;` doesn't permit sharing using iframe
2018-03-05 09:40:36 +01:00
Chocobozzz
4919b6304f
Fix nginx configuration that do not work with import-videos script 2018-03-01 17:14:57 +01:00
Chocobozzz
0b49571268
Try to improve production guide 2018-02-16 11:04:12 +01:00
Rigel Kent
e883399fa6 Precisions and security enhancements to the production guide (#287)
- added precisions and suggestions about how to generate Let's Encrypt certificates. Users have reported their installations didn't work when the problem came from missing certificates (false positives).
- security defaults of Nginx follow the basic robustness principle "be conservative in what you send, be liberal in what you accept", which isn't enough with modern security standards, so we should be picky with the cipher suites we use, among other things. Extra comments (especially for the TLS1.3 protocol support parameter) make the requirement of a recent Nginx installation obvious, and the downgrade alternative remains clear to the system administrator.

All in all, we should aknowledge users will most often copy and paste the configuration files. Making them secure by default may force a few users to read their configuration, but on the long run we are making the fediverse more secure.

Since I've come to modify a bit the Nginx config in `support/doc/production.md`, I've merged it with the template so that they stay consistent.
2018-02-14 11:11:49 +01:00
Chocobozzz
59c48d49c5
Peertube home in /var/www instead of /home 2018-01-23 09:00:23 +01:00
Chocobozzz
2e866cc75d
Don't serve previews with nginx
We need to maintain a cache in the node process
2018-01-18 18:45:27 +01:00
Chocobozzz
5668bf2e51
nginx optimizations 2018-01-18 17:45:49 +01:00
Chocobozzz
d2000ca6e7
Update production guide
Use release that already contains build files. It requires a specific
directories tree but I think it would be fine.
2018-01-15 18:07:08 +01:00
Chocobozzz
85cd9bde5a
Remove unused webserver configuration
And update nginx configuration with a rate limit
2018-01-11 10:46:49 +01:00
Fernandez, ReK2
99eff32c00 change nginx config to fix deprecation of a old module (#175) 2018-01-06 18:07:52 +01:00
Chocobozzz
7e9334c34d
Add ability to unfollow a server 2017-11-27 19:40:52 +01:00
Chocobozzz
b9a20e5947
Fix nginx https template 2017-10-19 17:42:39 +02:00
Chocobozzz
aa83bcce54
Increase client_max_body_size in NGinx template 2017-10-17 11:46:07 +02:00
Chocobozzz
c97eea23d7 Add peertube https nginx template 2016-11-25 14:21:41 +01:00
Chocobozzz
5e9acecaeb Update NGinx template (uploads -> videos) 2016-10-26 20:28:34 +02:00
Chocobozzz
1f0f84c27e Update NGinx that bypass /static/webseed (better performances) 2016-10-10 21:21:19 +02:00
Chocobozzz
5d4e941100 Add nginx example file 2016-06-03 15:56:40 +02:00