mirsal
0c4a90b78d
Send webseed data from the peertube_data docker volume using sendfile by default The proxy and CDN backends require that videos are uploaded to the backend (through fuse mounting for example)
244 lines
8.9 KiB
Cheetah
244 lines
8.9 KiB
Cheetah
upstream backend {
|
|
server {{ env "STACK_NAME" }}_app:9000;
|
|
}
|
|
|
|
proxy_cache_path /var/cache/nginx/peertube-media-cache levels=1:2 keys_zone=peertube_media_cache:5m max_size=40g inactive=72h use_temp_path=off;
|
|
|
|
server {
|
|
listen 80;
|
|
server_name _;
|
|
|
|
##
|
|
# Application
|
|
##
|
|
|
|
location @api {
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header Host $host;
|
|
|
|
client_max_body_size 100k; # default is 1M
|
|
|
|
proxy_connect_timeout 10m;
|
|
proxy_send_timeout 10m;
|
|
proxy_read_timeout 10m;
|
|
send_timeout 10m;
|
|
|
|
proxy_pass http://backend;
|
|
}
|
|
|
|
location / {
|
|
try_files /dev/null @api;
|
|
}
|
|
|
|
location = /api/v1/videos/upload {
|
|
limit_except POST HEAD { deny all; }
|
|
|
|
# This is the maximum upload size, which roughly matches the maximum size of a video file.
|
|
# Note that temporary space is needed equal to the total size of all concurrent uploads.
|
|
# This data gets stored in /var/lib/nginx by default, so you may want to put this directory
|
|
# on a dedicated filesystem.
|
|
client_max_body_size 12G; # default is 1M
|
|
add_header X-File-Maximum-Size 8G always; # inform backend of the set value in bytes before mime-encoding (x * 1.4 >= client_max_body_size)
|
|
|
|
try_files /dev/null @api;
|
|
}
|
|
|
|
location ~ ^/api/v1/(videos|video-playlists|video-channels|users/me) {
|
|
client_max_body_size 3M; # default is 1M
|
|
add_header X-File-Maximum-Size 2M always; # inform backend of the set value in bytes before mime-encoding (x * 1.4 >= client_max_body_size)
|
|
|
|
try_files /dev/null @api;
|
|
}
|
|
|
|
##
|
|
# Websocket
|
|
##
|
|
|
|
location @api_websocket {
|
|
proxy_http_version 1.1;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header Upgrade $http_upgrade;
|
|
proxy_set_header Connection "upgrade";
|
|
|
|
proxy_pass http://backend;
|
|
}
|
|
|
|
location /socket.io {
|
|
try_files /dev/null @api_websocket;
|
|
}
|
|
|
|
location /tracker/socket {
|
|
# Peers send a message to the tracker every 15 minutes
|
|
# Don't close the websocket before then
|
|
proxy_read_timeout 15m; # default is 60s
|
|
|
|
try_files /dev/null @api_websocket;
|
|
}
|
|
|
|
##
|
|
# Performance optimizations
|
|
# For extra performance please refer to https://github.com/denji/nginx-tuning
|
|
##
|
|
|
|
root /var/www/peertube/storage;
|
|
|
|
# Enable compression for JS/CSS/HTML, for improved client load times.
|
|
# It might be nice to compress JSON/XML as returned by the API, but
|
|
# leaving that out to protect against potential BREACH attack.
|
|
gzip on;
|
|
gzip_vary on;
|
|
gzip_types # text/html is always compressed by HttpGzipModule
|
|
text/css
|
|
application/javascript
|
|
font/truetype
|
|
font/opentype
|
|
application/vnd.ms-fontobject
|
|
image/svg+xml;
|
|
gzip_min_length 1000; # default is 20 bytes
|
|
gzip_buffers 16 8k;
|
|
gzip_comp_level 2; # default is 1
|
|
|
|
client_body_timeout 30s; # default is 60
|
|
client_header_timeout 10s; # default is 60
|
|
send_timeout 10s; # default is 60
|
|
keepalive_timeout 10s; # default is 75
|
|
resolver_timeout 10s; # default is 30
|
|
reset_timedout_connection on;
|
|
proxy_ignore_client_abort on;
|
|
|
|
tcp_nopush on; # send headers in one piece
|
|
tcp_nodelay on; # don't buffer data sent, good for small data bursts in real time
|
|
|
|
# If you have a small /var/lib partition, it could be interesting to store temp nginx uploads in a different place
|
|
# See https://nginx.org/en/docs/http/ngx_http_core_module.html#client_body_temp_path
|
|
client_body_temp_path /var/lib/nginx/client-tmp;
|
|
|
|
# Bypass PeerTube for performance reasons. Optional.
|
|
# Should be consistent with client-overrides assets list in /server/controllers/client.ts
|
|
location ~ ^/client/(assets/images/(icons/icon-36x36\.png|icons/icon-48x48\.png|icons/icon-72x72\.png|icons/icon-96x96\.png|icons/icon-144x144\.png|icons/icon-192x192\.png|icons/icon-512x512\.png|logo\.svg|favicon\.png))$ {
|
|
add_header Cache-Control "public, max-age=31536000, immutable"; # Cache 1 year
|
|
|
|
root /var/www/peertube;
|
|
|
|
try_files /storage/client-overrides/$1 /peertube-latest/client/dist/$1 @api;
|
|
}
|
|
|
|
# Bypass PeerTube for performance reasons. Optional.
|
|
location ~ ^/client/(.*\.(js|css|png|svg|woff2|otf|ttf|woff|eot))$ {
|
|
add_header Cache-Control "public, max-age=31536000, immutable"; # Cache 1 year
|
|
|
|
alias /var/www/peertube/peertube-latest/client/dist/$1;
|
|
}
|
|
|
|
# Bypass PeerTube for performance reasons. Optional.
|
|
location ~ ^/static/(thumbnails|avatars)/ {
|
|
if ($request_method = 'OPTIONS') {
|
|
add_header Access-Control-Allow-Origin '*';
|
|
add_header Access-Control-Allow-Methods 'GET, OPTIONS';
|
|
add_header Access-Control-Allow-Headers 'Range,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
|
|
add_header Access-Control-Max-Age 1728000; # Preflight request can be cached 20 days
|
|
add_header Content-Type 'text/plain charset=UTF-8';
|
|
add_header Content-Length 0;
|
|
return 204;
|
|
}
|
|
|
|
add_header Access-Control-Allow-Origin '*';
|
|
add_header Access-Control-Allow-Methods 'GET, OPTIONS';
|
|
add_header Access-Control-Allow-Headers 'Range,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
|
|
add_header Cache-Control "public, max-age=7200"; # Cache response 2 hours
|
|
|
|
rewrite ^/static/(.*)$ /$1 break;
|
|
|
|
try_files $uri @api;
|
|
}
|
|
|
|
# Bypass PeerTube for performance reasons. Optional.
|
|
location ~ ^/static/(webseed|redundancy|streaming-playlists)/ {
|
|
limit_rate_after 5M;
|
|
|
|
# Clients usually have 4 simultaneous webseed connections, so the real limit is 3MB/s per client
|
|
set $peertube_limit_rate 800k;
|
|
|
|
# Increase rate limit in HLS mode, because we don't have multiple simultaneous connections
|
|
if ($request_uri ~ -fragmented.mp4$) {
|
|
set $peertube_limit_rate 5M;
|
|
}
|
|
|
|
# Use this line with nginx >= 1.17.0
|
|
limit_rate $peertube_limit_rate;
|
|
# Or this line if your nginx < 1.17.0
|
|
#set $limit_rate $peertube_limit_rate;
|
|
|
|
if ($request_method = 'OPTIONS') {
|
|
add_header Access-Control-Allow-Origin '*';
|
|
add_header Access-Control-Allow-Methods 'GET, OPTIONS';
|
|
add_header Access-Control-Allow-Headers 'Range,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
|
|
add_header Access-Control-Max-Age 1728000; # Preflight request can be cached 20 days
|
|
add_header Content-Type 'text/plain charset=UTF-8';
|
|
add_header Content-Length 0;
|
|
return 204;
|
|
}
|
|
|
|
if ($request_method = 'GET') {
|
|
add_header Access-Control-Allow-Origin '*';
|
|
add_header Access-Control-Allow-Methods 'GET, OPTIONS';
|
|
add_header Access-Control-Allow-Headers 'Range,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
|
|
add_header X-Cache-Status $upstream_cache_status;
|
|
add_header X-Cache-Range $slice_range;
|
|
add_header X-Fuuu ok;
|
|
|
|
add_header X-Accel-Expires 604800;
|
|
|
|
# Don't spam access log file with byte range requests
|
|
access_log off;
|
|
}
|
|
|
|
aio threads;
|
|
|
|
# Enabling the sendfile directive eliminates the step of copying the data into the buffer
|
|
# and enables direct copying data from one file descriptor to another.
|
|
sendfile on;
|
|
sendfile_max_chunk 1M; # prevent one fast connection from entirely occupying the worker process.
|
|
# should be > 800k.
|
|
|
|
{{ if (env "NGINX_WEBSEED_PROXY_ENABLE") }}
|
|
proxy_connect_timeout 70;
|
|
proxy_read_timeout 1200;
|
|
proxy_send_timeout 1200;
|
|
|
|
proxy_buffering on;
|
|
proxy_buffers 8 128k;
|
|
proxy_cache peertube_media_cache;
|
|
|
|
slice 64k;
|
|
proxy_cache_key $host$uri$is_args$args$slice_range;
|
|
proxy_set_header Range $slice_range;
|
|
proxy_cache_valid 200 206 1h;
|
|
proxy_cache_revalidate on;
|
|
|
|
proxy_http_version 1.1;
|
|
proxy_redirect off;
|
|
|
|
proxy_pass {{ env "NGINX_WEBSEED_PROXY_URI" }};
|
|
{{ else }}
|
|
|
|
{{ if (env "NGINX_WEBSEED_CDN_ENABLE") }}
|
|
# Use this in tandem with fuse-mounting i.e. https://docs.joinpeertube.org/admin-remote-storage
|
|
# to serve files directly from a public bucket without proxying.
|
|
# Assumes you have buckets named after the storage subdirectories, i.e. 'videos', 'redundancy', etc.
|
|
set $cdn {{ env "NGINX_WEBSEED_CDN_URI" }};
|
|
rewrite ^/static/webseed/(.*)$ $cdn/videos/$1 redirect;
|
|
rewrite ^/static/(.*)$ $cdn/$1 redirect;
|
|
|
|
{{ else }}
|
|
rewrite ^/static/webseed/(.*)$ /videos/$1 break;
|
|
rewrite ^/static/(.*)$ /$1 break;
|
|
try_files $uri @api;
|
|
{{ end }}
|
|
|
|
{{ end }}
|
|
}
|
|
}
|