From 5f38e10981ac4978f854b6909bde5763af955784 Mon Sep 17 00:00:00 2001 From: Alex Gleason Date: Tue, 10 May 2022 14:48:30 -0500 Subject: [PATCH] Mastodon nginx: make it mostly work --- installation/mastodon.conf | 57 ++++++++++++++++++++++++++++++++------ 1 file changed, 48 insertions(+), 9 deletions(-) diff --git a/installation/mastodon.conf b/installation/mastodon.conf index 7e0334368..8b5324184 100644 --- a/installation/mastodon.conf +++ b/installation/mastodon.conf @@ -1,14 +1,19 @@ +# Nginx configuration for Soapbox on Mastodon. +# Adapted from: https://github.com/mastodon/mastodon/blob/b4d373a3df2752d9f8bdc0d7f02350528f3789b2/dist/nginx.conf +# +# Edit this file to change occurences of "example.com" to your own domain. + map $http_upgrade $connection_upgrade { default upgrade; '' close; } upstream backend { - server 127.0.0.1:3000 fail_timeout=0; + server 127.0.0.1:3000 fail_timeout=0; } upstream streaming { - server 127.0.0.1:4000 fail_timeout=0; + server 127.0.0.1:4000 fail_timeout=0; } proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=CACHE:10m inactive=7d max_size=1g; @@ -17,7 +22,7 @@ server { listen 80; listen [::]:80; server_name example.com; - root /home/mastodon/live/public; + root /opt/soapbox/static; location /.well-known/acme-challenge/ { allow all; } location / { return 301 https://$host$request_uri; } } @@ -41,7 +46,7 @@ server { sendfile on; client_max_body_size 80m; - root /home/mastodon/live/public; + root /opt/soapbox/static; gzip on; gzip_disable "msie6"; @@ -54,22 +59,55 @@ server { add_header Strict-Transport-Security "max-age=31536000" always; + # Fallback route. + # Everything not routed should fall back to the SPA. location / { - try_files $uri @proxy; + try_files /index.html /dev/null; } - location ~ ^/(emoji|packs|system/accounts/avatars|system/media_attachments/files) { + # Mastodon backend routes. + # These are routes to Mastodon's API and important rendered pages. + location ~ ^/(api|oauth|auth|admin|.well-known/webfinger) { + try_files /dev/null @proxy; + } + + # # Mastodon ActivityPub routes. + # # Conditionally send to Mastodon by Accept header. + # if ($http_accept = "application/activity+json" || $http_accept = "application/ld+json; profile=\"https://www.w3.org/ns/activitystreams\"") { + # location ~ ^/(inbox|outbox|users|@) { + # try_files /dev/null @proxy; + # } + # } + + # Mastodon public files. + # https://github.com/mastodon/mastodon/tree/main/public + # Take only what we need for Soapbox. + location ~ ^/(favicon.ico|browserconfig.xml|embed.js|android-chrome-192x192.png|apple-touch-icon.png|avatars/original/missing.png|headers/original/missing.png) { + root /home/mastodon/live/public; add_header Cache-Control "public, max-age=31536000, immutable"; add_header Strict-Transport-Security "max-age=31536000" always; - try_files $uri @proxy; } - location /sw.js { + # Soapbox build files. + # New builds produce hashed filenames, so these should be cached heavily. + location ~ ^/(packs|emoji) { + add_header Cache-Control "public, max-age=31536000, immutable"; + add_header Strict-Transport-Security "max-age=31536000" always; + } + + # Soapbox configuration files. + # Enable CORS so we can fetch them. + location /instance { + add_header Access-Control-Allow-Origin "*"; + } + + # Soapbox ServiceWorker. + location = /sw.js { add_header Cache-Control "public, max-age=0"; add_header Strict-Transport-Security "max-age=31536000" always; - try_files $uri @proxy; } + # Proxy to Mastodon's Ruby on Rails backend. location @proxy { proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; @@ -95,6 +133,7 @@ server { tcp_nodelay on; } + # Mastodon's Node.js streaming server. location /api/v1/streaming { proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr;