|
|
| Line 47: |
Line 47: |
| The linode docs are also incorrect in their spec of the <code>proxy_set_header Host</code> directive. So our full config is below: | | The linode docs are also incorrect in their spec of the <code>proxy_set_header Host</code> directive. So our full config is below: |
|
| |
|
| <syntaxhighlight lang="nginx">
| | {{:Nginx/Object Storage}} |
| proxy_cache_path /var/cache/nginx-object-storage keys_zone=CACHEOBJECT:10m inactive=7d max_size=10g;
| |
| | |
| server {
| |
| listen 443 ssl http2;
| |
| listen [::]:443 ssl http2;
| |
| server_name media.neuromatch.social;
| |
| root /var/www/html;
| |
| ssl_certificate /etc/letsencrypt/live/media.neuromatch.social/fullchain.pem; # managed by Certbot
| |
| ssl_certificate_key /etc/letsencrypt/live/media.neuromatch.social/privkey.pem; # managed by Certbot
| |
| | |
| keepalive_timeout 30;
| |
| | |
| location = / {
| |
| index index.html;
| |
| }
| |
| | |
| location / {
| |
| try_files $uri @s3;
| |
| }
| |
| | |
| set $s3_backend 'https://neuromatchstodon.us-east-1.linodeobjects.com';
| |
| | |
| location @s3 {
| |
| limit_except GET {
| |
| deny all;
| |
| }
| |
| | |
| resolver 8.8.8.8;
| |
| proxy_set_header Host neuromatchstodon.us-east-1.linodeobjects.com;
| |
| proxy_set_header Connection '';
| |
| proxy_set_header Authorization '';
| |
| proxy_hide_header Set-Cookie;
| |
| proxy_hide_header 'Access-Control-Allow-Origin';
| |
| proxy_hide_header 'Access-Control-Allow-Methods';
| |
| proxy_hide_header 'Access-Control-Allow-Headers';
| |
| proxy_hide_header x-amz-id-2;
| |
| proxy_hide_header x-amz-request-id;
| |
| proxy_hide_header x-amz-meta-server-side-encryption;
| |
| proxy_hide_header x-amz-server-side-encryption;
| |
| proxy_hide_header x-amz-bucket-region;
| |
| proxy_hide_header x-amzn-requestid;
| |
| proxy_ignore_headers Set-Cookie;
| |
| proxy_pass $s3_backend$uri;
| |
| proxy_intercept_errors off;
| |
| | |
| proxy_cache CACHEOBJECT;
| |
| proxy_cache_valid 200 48h;
| |
| proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
| |
| proxy_cache_lock on;
| |
| | |
| expires 1y;
| |
| add_header Cache-Control public;
| |
| add_header 'Access-Control-Allow-Origin' '*';
| |
| add_header X-Cache-Status $upstream_cache_status;
| |
| add_header X-Content-Type-Options nosniff;
| |
| add_header Content-Security-Policy "default-src 'none'; form-action 'none'";
| |
| }
| |
| | |
| }
| |
| </syntaxhighlight>
| |
|
| |
|
| === Configuration === | | === Configuration === |
