lib.itmens/misc/nginx.conf.d/neodb.conf

proxy_cache_path /www/cache levels=1:2 keys_zone=takahe:20m inactive=14d max_size=1g;

upstream neodb {
    server ${NEODB_WEB_SERVER};
}

upstream neodb-api {
    server ${NEODB_API_SERVER};
}

upstream takahe {
    server ${TAKAHE_WEB_SERVER};
}

server {
    listen         8000;

    charset utf-8;
    ignore_invalid_headers on;
    client_max_body_size 100M;
    client_body_buffer_size 128k;
    proxy_connect_timeout 900;
    proxy_set_header Host $http_host;
    proxy_set_header X-Forwarded-Proto https;
    proxy_http_version 1.1;
    proxy_hide_header X-Takahe-User;
    proxy_hide_header X-Takahe-Identity;

    # make jsdelivr available locally
    location /jsdelivr/ {
        rewrite /jsdelivr/(.*) /$1;
        set $takahe_realuri https://cdn.jsdelivr.net$uri;
        rewrite ^/(.+) /__takahe_accel__/real/;
    }
    # allow admin to serv their own robots.txt/favicon.ico/...
    location ~ ^/\w+\.\w+$ {
        root /www/root;
        access_log off;
        log_not_found off;
    }
    location /static/ {
        alias /takahe/static-collected/;
        add_header Cache-Control "public, max-age=604800, immutable";
    }
    location /s/ {
        alias /neodb/static/;
        add_header Cache-Control "public, max-age=604800, immutable";
    }
    location /m/ {
        alias /www/m/;
        add_header Cache-Control "public, max-age=604800, immutable";
    }
    # backwards compatibility with versions before 2023.11
    location ~* ^/media/(album|book|game|item|movie)/(.+)$ {
        return 302 https://$host/m/$1/$2;
    }
    # Proxies media and remote media with caching
    location ~* ^/(media|proxy) {
        # Cache media and proxied resources
        proxy_cache takahe;
        proxy_cache_key $host$uri;
        proxy_cache_valid 200 304 4h;
        proxy_cache_valid 301 307 4h;
        proxy_cache_valid 500 502 503 504 0s;
        proxy_cache_valid any 1h;
        add_header X-Cache $upstream_cache_status;

        # Signal to Takahē that we support full URI accel proxying
        proxy_set_header X-Takahe-Accel true;
        proxy_pass http://takahe;
    }
    # Internal target for X-Accel redirects that stashes the URI in a var
    location /__takahe_accel__/ {
        internal;
        set $takahe_realuri $upstream_http_x_takahe_realuri;
        rewrite ^/(.+) /__takahe_accel__/real/;
    }
    # Real internal-only target for X-Accel redirects
    location /__takahe_accel__/real/ {
        # Only allow internal redirects
        internal;

        # Reconstruct the remote URL
        resolver 9.9.9.9 8.8.8.8 valid=300s;

        # Unset Authorization and Cookie for security reasons.
        proxy_set_header Authorization '';
        proxy_set_header Cookie '';
        proxy_set_header User-Agent 'takahe/nginx';
        proxy_set_header Host $proxy_host;
        proxy_set_header X-Forwarded-For '';
        proxy_set_header X-Forwarded-Host '';
        proxy_set_header X-Forwarded-Server '';
        proxy_set_header X-Real-Ip '';

        # Stops the local disk from being written to (just forwards data through)
        proxy_max_temp_file_size 0;

        # Proxy the remote file through to the client
        proxy_pass $takahe_realuri;
        proxy_ssl_server_name on;
        add_header X-Takahe-Accel "HIT";

        # Cache these responses too
        proxy_cache takahe;
        # Cache after a single request
        proxy_cache_min_uses 1;
        proxy_cache_key $takahe_realuri;
        proxy_cache_valid 200 304 720h;
        proxy_cache_valid 301 307 12h;
        proxy_cache_valid 500 502 503 504 0s;
        proxy_cache_valid any 72h;
        add_header X-Cache $upstream_cache_status;
    }
    location ~* ^/(@|\.well-known|actor|inbox|api/v1|api/v2|oauth|tags|settings|media|proxy|admin|djadmin|pages|about|impressum) {
        proxy_pass  http://takahe;
    }
    location /api/ {
        proxy_pass  http://neodb-api;
    }
    location / {
        proxy_pass  http://neodb;
    }
}
add takahe as submodule 2023-08-17 18:54:00 -04:00			`proxy_cache_path /www/cache levels=1:2 keys_zone=takahe:20m inactive=14d max_size=1g;`

			`upstream neodb {`
add init command to ensure settings post migration 2023-08-20 04:27:23 +00:00			`server ${NEODB_WEB_SERVER};`
add takahe as submodule 2023-08-17 18:54:00 -04:00			`}`

fix api host for production 2024-01-29 00:34:36 -05:00			`upstream neodb-api {`
			`server ${NEODB_API_SERVER};`
			`}`

add takahe as submodule 2023-08-17 18:54:00 -04:00			`upstream takahe {`
add init command to ensure settings post migration 2023-08-20 04:27:23 +00:00			`server ${TAKAHE_WEB_SERVER};`
add takahe as submodule 2023-08-17 18:54:00 -04:00			`}`

update docker configuration; pin pyright to a working version for now 2023-08-17 02:09:36 -04:00			`server {`
			`listen 8000;`
add takahe as submodule 2023-08-17 18:54:00 -04:00
			`charset utf-8;`
			`ignore_invalid_headers on;`
			`client_max_body_size 100M;`
			`client_body_buffer_size 128k;`
			`proxy_connect_timeout 900;`
			`proxy_set_header Host $http_host;`
			`proxy_set_header X-Forwarded-Proto https;`
			`proxy_http_version 1.1;`
			`proxy_hide_header X-Takahe-User;`
			`proxy_hide_header X-Takahe-Identity;`

make jsdelivr available locally 2024-04-07 00:01:11 -04:00			`# make jsdelivr available locally`
			`location /jsdelivr/ {`
			`rewrite /jsdelivr/(.*) /$1;`
			`set $takahe_realuri https://cdn.jsdelivr.net$uri;`
			`rewrite ^/(.+) /__takahe_accel__/real/;`
			`}`
add takahe as submodule 2023-08-17 18:54:00 -04:00			`# allow admin to serv their own robots.txt/favicon.ico/...`
			`location ~ ^/\w+\.\w+$ {`
			`root /www/root;`
			`access_log off;`
			`log_not_found off;`
update docker configuration; pin pyright to a working version for now 2023-08-17 02:09:36 -04:00			`}`
add takahe as submodule 2023-08-17 18:54:00 -04:00			`location /static/ {`
			`alias /takahe/static-collected/;`
			`add_header Cache-Control "public, max-age=604800, immutable";`
update docker configuration; pin pyright to a working version for now 2023-08-17 02:09:36 -04:00			`}`
support createsuperuser command 2023-08-14 08:15:55 -04:00			`location /s/ {`
add takahe as submodule 2023-08-17 18:54:00 -04:00			`alias /neodb/static/;`
			`add_header Cache-Control "public, max-age=604800, immutable";`
update docker configuration; pin pyright to a working version for now 2023-08-17 02:09:36 -04:00			`}`
support createsuperuser command 2023-08-14 08:15:55 -04:00			`location /m/ {`
add takahe as submodule 2023-08-17 18:54:00 -04:00			`alias /www/m/;`
			`add_header Cache-Control "public, max-age=604800, immutable";`
			`}`
backword compatiblity for media urls 2023-12-10 20:28:30 -05:00			`# backwards compatibility with versions before 2023.11`
			`location ~* ^/media/(album\|book\|game\|item\|movie)/(.+)$ {`
			`return 302 https://$host/m/$1/$2;`
			`}`
add takahe as submodule 2023-08-17 18:54:00 -04:00			`# Proxies media and remote media with caching`
			`location ~* ^/(media\|proxy) {`
			`# Cache media and proxied resources`
			`proxy_cache takahe;`
			`proxy_cache_key $host$uri;`
			`proxy_cache_valid 200 304 4h;`
			`proxy_cache_valid 301 307 4h;`
			`proxy_cache_valid 500 502 503 504 0s;`
			`proxy_cache_valid any 1h;`
			`add_header X-Cache $upstream_cache_status;`

			`# Signal to Takahē that we support full URI accel proxying`
			`proxy_set_header X-Takahe-Accel true;`
			`proxy_pass http://takahe;`
			`}`
			`# Internal target for X-Accel redirects that stashes the URI in a var`
			`location /__takahe_accel__/ {`
			`internal;`
			`set $takahe_realuri $upstream_http_x_takahe_realuri;`
			`rewrite ^/(.+) /__takahe_accel__/real/;`
			`}`
			`# Real internal-only target for X-Accel redirects`
			`location /__takahe_accel__/real/ {`
			`# Only allow internal redirects`
			`internal;`

make jsdelivr available locally 2024-04-07 00:01:11 -04:00			`# Reconstruct the remote URL`
add takahe as submodule 2023-08-17 18:54:00 -04:00			`resolver 9.9.9.9 8.8.8.8 valid=300s;`

			`# Unset Authorization and Cookie for security reasons.`
			`proxy_set_header Authorization '';`
			`proxy_set_header Cookie '';`
			`proxy_set_header User-Agent 'takahe/nginx';`
			`proxy_set_header Host $proxy_host;`
			`proxy_set_header X-Forwarded-For '';`
			`proxy_set_header X-Forwarded-Host '';`
			`proxy_set_header X-Forwarded-Server '';`
			`proxy_set_header X-Real-Ip '';`

			`# Stops the local disk from being written to (just forwards data through)`
			`proxy_max_temp_file_size 0;`

			`# Proxy the remote file through to the client`
			`proxy_pass $takahe_realuri;`
			`proxy_ssl_server_name on;`
			`add_header X-Takahe-Accel "HIT";`

			`# Cache these responses too`
			`proxy_cache takahe;`
			`# Cache after a single request`
			`proxy_cache_min_uses 1;`
			`proxy_cache_key $takahe_realuri;`
			`proxy_cache_valid 200 304 720h;`
			`proxy_cache_valid 301 307 12h;`
			`proxy_cache_valid 500 502 503 504 0s;`
			`proxy_cache_valid any 72h;`
			`add_header X-Cache $upstream_cache_status;`
			`}`
sync takahe 2025-02-23 12:30:01 -05:00			`location ~* ^/(@\|\.well-known\|actor\|inbox\|api/v1\|api/v2\|oauth\|tags\|settings\|media\|proxy\|admin\|djadmin\|pages\|about\|impressum) {`
add takahe as submodule 2023-08-17 18:54:00 -04:00			`proxy_pass http://takahe;`
			`}`
fix api host for production 2024-01-29 00:34:36 -05:00			`location /api/ {`
			`proxy_pass http://neodb-api;`
			`}`
add takahe as submodule 2023-08-17 18:54:00 -04:00			`location / {`
			`proxy_pass http://neodb;`
update docker configuration; pin pyright to a working version for now 2023-08-17 02:09:36 -04:00			`}`
			`}`