diff --git a/templates/etc/nginx/sites-available/lemmy.j2 b/templates/etc/nginx/sites-available/lemmy.j2 index 2ff163f..8f828ff 100644 --- a/templates/etc/nginx/sites-available/lemmy.j2 +++ b/templates/etc/nginx/sites-available/lemmy.j2 @@ -2,20 +2,6 @@ limit_req_zone $binary_remote_addr zone={{ item.name }}_ratelimit:10m rate=1r/s; {% extends "core.j2" %} -{%block root %} - -# Enable compression for JS/CSS/HTML bundle, for improved client load times. -# It might be nice to compress JSON, but leaving that out to protect against potential -# compression+encryption information leak attacks like BREACH. -gzip on; -gzip_types text/css application/javascript image/svg+xml; -gzip_vary on; - -# Upload limit for pictrs -client_max_body_size 20M; - -{% endblock %} - {% block location %} # frontend location / { @@ -23,15 +9,15 @@ location / { # lemmy_ui_port: 1235 # lemmy_port: 8536 - set $proxpass "http://0.0.0.0:{{ lemmy_ui_port }}"; + set $proxpass {{ item.upstream_proto }}://{{ item.upstream_name }}:{{ lemmy_ui_port }}; if ($http_accept = "application/activity+json") { - set $proxpass "http://0.0.0.0:{{ lemmy_port }}"; + set $proxpass {{ item.upstream_proto }}://{{ item.upstream_name }}:{{ lemmy_port }}; } if ($http_accept = "application/ld+json; profile=\"https://www.w3.org/ns/activitystreams\"") { - set $proxpass "http://0.0.0.0:{{ lemmy_port }}"; + set $proxpass {{ item.upstream_proto }}://{{ item.upstream_name }}:{{ lemmy_port }}; } if ($request_method = POST) { - set $proxpass "http://0.0.0.0:{{ lemmy_port }}"; + set $proxpass {{ item.upstream_proto }}://{{ item.upstream_name }}:{{ lemmy_port }}; } proxy_pass $proxpass; rewrite ^(.+)/+$ $1 permanent; @@ -44,7 +30,7 @@ location / { # backend location ~ ^/(api|feeds|nodeinfo|.well-known) { - proxy_pass http://0.0.0.0:{{ lemmy_port }}; + proxy_pass {{ item.upstream_proto }}://{{ item.upstream_name }}:{{ lemmy_port }}; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; @@ -57,7 +43,7 @@ location ~ ^/(api|feeds|nodeinfo|.well-known) { proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } -{? if lemmy_pictrs_deploy == true ?} +{% if lemmy_pictrs_deploy == true %} # pictrs only - for adding browser cache control. location ~ ^/(pictrs) { # allow browser cache, images never update, we can apply long term cache @@ -65,7 +51,7 @@ location ~ ^/(api|feeds|nodeinfo|.well-known) { add_header Pragma "public"; add_header Cache-Control "public"; - proxy_pass http://0.0.0.0:{{ lemmy_port }}; + proxy_pass {{ item.upstream_proto }}://{{ item.upstream_name }}:{{ lemmy_port }}; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; @@ -94,6 +80,6 @@ map $remote_addr $remote_addr_anon { ~(?P[^:]+:[^:]+): $ip::; 127.0.0.1 $remote_addr; ::1 $remote_addr; - default 0.0.0.0; + default {{ item.upstream_name }}; } -access_log /var/log/nginx/access.log combined; \ No newline at end of file +