58 lines
1.8 KiB
Plaintext
58 lines
1.8 KiB
Plaintext
set_real_ip_from 10.0.0.0/8;
|
|
set_real_ip_from 172.16.0.0/12;
|
|
set_real_ip_from 192.168.0.0/16;
|
|
|
|
resolver 127.0.0.11 ipv6=off;
|
|
|
|
map "$request_method:$http_accept" $proxpass {
|
|
# If no explicit matches exists below, send traffic to lemmy-ui
|
|
default "http://lemmy-ui:1234";
|
|
|
|
# GET/HEAD requests that accepts ActivityPub or Linked Data JSON should go to lemmy.
|
|
#
|
|
# These requests are used by Mastodon and other fediverse instances to look up profile information,
|
|
# discover site information and so on.
|
|
"~^(?:GET|HEAD):.*?application\/(?:activity|ld)\+json" "http://lemmy:8536";
|
|
|
|
# All non-GET/HEAD requests should go to lemmy
|
|
#
|
|
# Rather than calling out POST, PUT, DELETE, PATCH, CONNECT and all the verbs manually
|
|
# we simply negate the GET|HEAD pattern from above and accept all possibly $http_accept values
|
|
"~^(?!(GET|HEAD)).*:" "http://lemmy:8536";
|
|
}
|
|
|
|
server {
|
|
set $lemmy_ui "lemmy-ui:1234";
|
|
set $lemmy "lemmy:8536";
|
|
# this is the port inside docker, not the public one yet
|
|
listen 3000;
|
|
|
|
# change if needed, this is facing the public web
|
|
server_name localhost;
|
|
server_tokens off;
|
|
|
|
# Upload limit, relevant for pictrs
|
|
client_max_body_size 20M;
|
|
|
|
# Send actual client IP upstream
|
|
proxy_set_header Host $http_host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
|
|
# frontend general requests
|
|
location / {
|
|
proxy_pass $proxpass;
|
|
rewrite ^(.+)/+$ $1 permanent;
|
|
}
|
|
|
|
# security.txt
|
|
location = /.well-known/security.txt {
|
|
proxy_pass "http://$lemmy_ui";
|
|
}
|
|
|
|
# backend
|
|
location ~ ^/(api|pictrs|feeds|nodeinfo|.well-known|version|sitemap.xml) {
|
|
proxy_pass "http://$lemmy";
|
|
}
|
|
} |