Loading nixos/modules/services/web-apps/peertube.nix +60 −70 Original line number Diff line number Diff line Loading @@ -522,6 +522,21 @@ in { ''; }; locations."~ ^/api/v1/runners/jobs/[^/]+/(update|success)$" = { tryFiles = "/dev/null @api"; root = cfg.settings.storage.tmp; priority = 1135; extraConfig = '' client_max_body_size 12G; add_header X-File-Maximum-Size 8G always; '' + lib.optionalString cfg.enableWebHttps '' add_header Strict-Transport-Security 'max-age=63072000; includeSubDomains'; '' + lib.optionalString config.services.nginx.virtualHosts.${cfg.localDomain}.http3 '' add_header Alt-Svc 'h3=":443"; ma=86400'; ''; }; locations."~ ^/api/v1/(videos|video-playlists|video-channels|users/me)" = { tryFiles = "/dev/null @api"; priority = 1140; Loading Loading @@ -608,72 +623,33 @@ in { ''; }; locations."^~ /lazy-static/avatars/" = { tryFiles = "$uri @api"; root = cfg.settings.storage.avatars; priority = 1330; extraConfig = '' if ($request_method = 'OPTIONS') { ${nginxCommonHeaders} add_header Access-Control-Max-Age 1728000; add_header Cache-Control 'no-cache'; add_header Content-Type 'text/plain charset=UTF-8'; add_header Content-Length 0; return 204; } ${nginxCommonHeaders} add_header Cache-Control 'public, max-age=7200'; rewrite ^/lazy-static/avatars/(.*)$ /$1 break; ''; }; locations."^~ /lazy-static/banners/" = { tryFiles = "$uri @api"; root = cfg.settings.storage.avatars; priority = 1340; locations."^~ /download/" = { proxyPass = "http://127.0.0.1:${toString cfg.listenHttp}"; priority = 1410; extraConfig = '' if ($request_method = 'OPTIONS') { ${nginxCommonHeaders} add_header Access-Control-Max-Age 1728000; add_header Cache-Control 'no-cache'; add_header Content-Type 'text/plain charset=UTF-8'; add_header Content-Length 0; return 204; } ${nginxCommonHeaders} add_header Cache-Control 'public, max-age=7200'; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; rewrite ^/lazy-static/banners/(.*)$ /$1 break; proxy_limit_rate 5M; ''; }; locations."^~ /lazy-static/previews/" = { tryFiles = "$uri @api"; root = cfg.settings.storage.previews; priority = 1350; locations."^~ /static/streaming-playlists/private/" = { proxyPass = "http://127.0.0.1:${toString cfg.listenHttp}"; priority = 1420; extraConfig = '' if ($request_method = 'OPTIONS') { ${nginxCommonHeaders} add_header Access-Control-Max-Age 1728000; add_header Cache-Control 'no-cache'; add_header Content-Type 'text/plain charset=UTF-8'; add_header Content-Length 0; return 204; } ${nginxCommonHeaders} add_header Cache-Control 'public, max-age=7200'; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; rewrite ^/lazy-static/previews/(.*)$ /$1 break; proxy_limit_rate 5M; ''; }; locations."^~ /static/streaming-playlists/private/" = { locations."^~ /static/web-videos/private/" = { proxyPass = "http://127.0.0.1:${toString cfg.listenHttp}"; priority = 1410; priority = 1430; extraConfig = '' proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $host; Loading @@ -685,7 +661,7 @@ in { locations."^~ /static/webseed/private/" = { proxyPass = "http://127.0.0.1:${toString cfg.listenHttp}"; priority = 1420; priority = 1440; extraConfig = '' proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $host; Loading @@ -695,31 +671,45 @@ in { ''; }; locations."^~ /static/thumbnails/" = { locations."^~ /static/redundancy/" = { tryFiles = "$uri @api"; root = cfg.settings.storage.thumbnails; priority = 1430; root = cfg.settings.storage.redundancy; priority = 1450; extraConfig = '' set $peertube_limit_rate 800k; if ($request_uri ~ -fragmented.mp4$) { set $peertube_limit_rate 5M; } if ($request_method = 'OPTIONS') { ${nginxCommonHeaders} add_header Access-Control-Max-Age 1728000; add_header Cache-Control 'no-cache'; add_header Content-Type 'text/plain charset=UTF-8'; add_header Content-Length 0; return 204; } if ($request_method = 'GET') { ${nginxCommonHeaders} add_header Cache-Control 'public, max-age=7200'; rewrite ^/static/thumbnails/(.*)$ /$1 break; access_log off; } aio threads; sendfile on; sendfile_max_chunk 1M; limit_rate $peertube_limit_rate; limit_rate_after 5M; rewrite ^/static/redundancy/(.*)$ /$1 break; ''; }; locations."^~ /static/redundancy/" = { locations."^~ /static/streaming-playlists/" = { tryFiles = "$uri @api"; root = cfg.settings.storage.redundancy; priority = 1440; root = cfg.settings.storage.streaming_playlists; priority = 1460; extraConfig = '' set $peertube_limit_rate 800k; Loading Loading @@ -747,14 +737,14 @@ in { limit_rate $peertube_limit_rate; limit_rate_after 5M; rewrite ^/static/redundancy/(.*)$ /$1 break; rewrite ^/static/streaming-playlists/(.*)$ /$1 break; ''; }; locations."^~ /static/streaming-playlists/" = { locations."^~ /static/web-videos/" = { tryFiles = "$uri @api"; root = cfg.settings.storage.streaming_playlists; priority = 1450; priority = 1470; extraConfig = '' set $peertube_limit_rate 800k; Loading Loading @@ -789,7 +779,7 @@ in { locations."^~ /static/webseed/" = { tryFiles = "$uri @api"; root = cfg.settings.storage.videos; priority = 1460; priority = 1480; extraConfig = '' set $peertube_limit_rate 800k; Loading Loading
nixos/modules/services/web-apps/peertube.nix +60 −70 Original line number Diff line number Diff line Loading @@ -522,6 +522,21 @@ in { ''; }; locations."~ ^/api/v1/runners/jobs/[^/]+/(update|success)$" = { tryFiles = "/dev/null @api"; root = cfg.settings.storage.tmp; priority = 1135; extraConfig = '' client_max_body_size 12G; add_header X-File-Maximum-Size 8G always; '' + lib.optionalString cfg.enableWebHttps '' add_header Strict-Transport-Security 'max-age=63072000; includeSubDomains'; '' + lib.optionalString config.services.nginx.virtualHosts.${cfg.localDomain}.http3 '' add_header Alt-Svc 'h3=":443"; ma=86400'; ''; }; locations."~ ^/api/v1/(videos|video-playlists|video-channels|users/me)" = { tryFiles = "/dev/null @api"; priority = 1140; Loading Loading @@ -608,72 +623,33 @@ in { ''; }; locations."^~ /lazy-static/avatars/" = { tryFiles = "$uri @api"; root = cfg.settings.storage.avatars; priority = 1330; extraConfig = '' if ($request_method = 'OPTIONS') { ${nginxCommonHeaders} add_header Access-Control-Max-Age 1728000; add_header Cache-Control 'no-cache'; add_header Content-Type 'text/plain charset=UTF-8'; add_header Content-Length 0; return 204; } ${nginxCommonHeaders} add_header Cache-Control 'public, max-age=7200'; rewrite ^/lazy-static/avatars/(.*)$ /$1 break; ''; }; locations."^~ /lazy-static/banners/" = { tryFiles = "$uri @api"; root = cfg.settings.storage.avatars; priority = 1340; locations."^~ /download/" = { proxyPass = "http://127.0.0.1:${toString cfg.listenHttp}"; priority = 1410; extraConfig = '' if ($request_method = 'OPTIONS') { ${nginxCommonHeaders} add_header Access-Control-Max-Age 1728000; add_header Cache-Control 'no-cache'; add_header Content-Type 'text/plain charset=UTF-8'; add_header Content-Length 0; return 204; } ${nginxCommonHeaders} add_header Cache-Control 'public, max-age=7200'; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; rewrite ^/lazy-static/banners/(.*)$ /$1 break; proxy_limit_rate 5M; ''; }; locations."^~ /lazy-static/previews/" = { tryFiles = "$uri @api"; root = cfg.settings.storage.previews; priority = 1350; locations."^~ /static/streaming-playlists/private/" = { proxyPass = "http://127.0.0.1:${toString cfg.listenHttp}"; priority = 1420; extraConfig = '' if ($request_method = 'OPTIONS') { ${nginxCommonHeaders} add_header Access-Control-Max-Age 1728000; add_header Cache-Control 'no-cache'; add_header Content-Type 'text/plain charset=UTF-8'; add_header Content-Length 0; return 204; } ${nginxCommonHeaders} add_header Cache-Control 'public, max-age=7200'; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; rewrite ^/lazy-static/previews/(.*)$ /$1 break; proxy_limit_rate 5M; ''; }; locations."^~ /static/streaming-playlists/private/" = { locations."^~ /static/web-videos/private/" = { proxyPass = "http://127.0.0.1:${toString cfg.listenHttp}"; priority = 1410; priority = 1430; extraConfig = '' proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $host; Loading @@ -685,7 +661,7 @@ in { locations."^~ /static/webseed/private/" = { proxyPass = "http://127.0.0.1:${toString cfg.listenHttp}"; priority = 1420; priority = 1440; extraConfig = '' proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $host; Loading @@ -695,31 +671,45 @@ in { ''; }; locations."^~ /static/thumbnails/" = { locations."^~ /static/redundancy/" = { tryFiles = "$uri @api"; root = cfg.settings.storage.thumbnails; priority = 1430; root = cfg.settings.storage.redundancy; priority = 1450; extraConfig = '' set $peertube_limit_rate 800k; if ($request_uri ~ -fragmented.mp4$) { set $peertube_limit_rate 5M; } if ($request_method = 'OPTIONS') { ${nginxCommonHeaders} add_header Access-Control-Max-Age 1728000; add_header Cache-Control 'no-cache'; add_header Content-Type 'text/plain charset=UTF-8'; add_header Content-Length 0; return 204; } if ($request_method = 'GET') { ${nginxCommonHeaders} add_header Cache-Control 'public, max-age=7200'; rewrite ^/static/thumbnails/(.*)$ /$1 break; access_log off; } aio threads; sendfile on; sendfile_max_chunk 1M; limit_rate $peertube_limit_rate; limit_rate_after 5M; rewrite ^/static/redundancy/(.*)$ /$1 break; ''; }; locations."^~ /static/redundancy/" = { locations."^~ /static/streaming-playlists/" = { tryFiles = "$uri @api"; root = cfg.settings.storage.redundancy; priority = 1440; root = cfg.settings.storage.streaming_playlists; priority = 1460; extraConfig = '' set $peertube_limit_rate 800k; Loading Loading @@ -747,14 +737,14 @@ in { limit_rate $peertube_limit_rate; limit_rate_after 5M; rewrite ^/static/redundancy/(.*)$ /$1 break; rewrite ^/static/streaming-playlists/(.*)$ /$1 break; ''; }; locations."^~ /static/streaming-playlists/" = { locations."^~ /static/web-videos/" = { tryFiles = "$uri @api"; root = cfg.settings.storage.streaming_playlists; priority = 1450; priority = 1470; extraConfig = '' set $peertube_limit_rate 800k; Loading Loading @@ -789,7 +779,7 @@ in { locations."^~ /static/webseed/" = { tryFiles = "$uri @api"; root = cfg.settings.storage.videos; priority = 1460; priority = 1480; extraConfig = '' set $peertube_limit_rate 800k; Loading
