forked from pub-solar/infra
Merge pull request 'mastodon: host media files on pub.solar garage cluster' (#239) from mastodon-media-on-garage into main
Reviewed-on: pub-solar/infra#239 Reviewed-by: b12f <b12f@noreply.git.pub.solar> Reviewed-by: hensoko <hensoko@noreply.git.pub.solar>
This commit is contained in:
commit
0ae6bc637b
|
@ -99,7 +99,7 @@
|
||||||
s3_api = {
|
s3_api = {
|
||||||
s3_region = "eu-central";
|
s3_region = "eu-central";
|
||||||
api_bind_addr = "[::]:3900";
|
api_bind_addr = "[::]:3900";
|
||||||
root_domain = ".s3.${config.pub-solar-os.networking.domain}";
|
root_domain = ".buckets.${config.pub-solar-os.networking.domain}";
|
||||||
};
|
};
|
||||||
s3_web = {
|
s3_web = {
|
||||||
bind_addr = "[::]:3902";
|
bind_addr = "[::]:3902";
|
||||||
|
|
|
@ -96,9 +96,9 @@
|
||||||
# S3 File storage (optional)
|
# S3 File storage (optional)
|
||||||
# -----------------------
|
# -----------------------
|
||||||
S3_ENABLED = "true";
|
S3_ENABLED = "true";
|
||||||
S3_BUCKET = "pub-solar-mastodon";
|
S3_BUCKET = "mastodon";
|
||||||
S3_REGION = "europe-west-1";
|
S3_REGION = "eu-central";
|
||||||
S3_ENDPOINT = "https://gateway.tardigradeshare.io";
|
S3_ENDPOINT = "https://buckets.pub.solar";
|
||||||
S3_ALIAS_HOST = "files.${config.pub-solar-os.networking.domain}";
|
S3_ALIAS_HOST = "files.${config.pub-solar-os.networking.domain}";
|
||||||
# Translation (optional)
|
# Translation (optional)
|
||||||
# -----------------------
|
# -----------------------
|
||||||
|
|
|
@ -1,8 +1,7 @@
|
||||||
{ config, ... }:
|
{ config, ... }:
|
||||||
|
|
||||||
let
|
let
|
||||||
objStorHost = "link.tardigradeshare.io";
|
objStorHost = "mastodon.web.pub.solar";
|
||||||
objStorBucket = "s/jw24ad6l4a6zxsnd32cmf5hp5nsq/pub-solar-mastodon";
|
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
services.nginx.virtualHosts = {
|
services.nginx.virtualHosts = {
|
||||||
|
@ -10,6 +9,12 @@ in
|
||||||
enableACME = true;
|
enableACME = true;
|
||||||
forceSSL = true;
|
forceSSL = true;
|
||||||
|
|
||||||
|
# Use variable to force nginx to perform a DNS resolution on its value,
|
||||||
|
# the IP of the object storage provider may not always remain the same.
|
||||||
|
extraConfig = ''
|
||||||
|
set $s3_backend 'https://${objStorHost}';
|
||||||
|
'';
|
||||||
|
|
||||||
locations = {
|
locations = {
|
||||||
"= /" = {
|
"= /" = {
|
||||||
index = "index.html";
|
index = "index.html";
|
||||||
|
@ -25,7 +30,6 @@ in
|
||||||
deny all;
|
deny all;
|
||||||
}
|
}
|
||||||
|
|
||||||
resolver 8.8.8.8;
|
|
||||||
proxy_set_header Host ${objStorHost};
|
proxy_set_header Host ${objStorHost};
|
||||||
proxy_set_header Connection \'\';
|
proxy_set_header Connection \'\';
|
||||||
proxy_set_header Authorization \'\';
|
proxy_set_header Authorization \'\';
|
||||||
|
@ -40,7 +44,7 @@ in
|
||||||
proxy_hide_header x-amz-bucket-region;
|
proxy_hide_header x-amz-bucket-region;
|
||||||
proxy_hide_header x-amzn-requestid;
|
proxy_hide_header x-amzn-requestid;
|
||||||
proxy_ignore_headers Set-Cookie;
|
proxy_ignore_headers Set-Cookie;
|
||||||
proxy_pass https://${objStorHost}/${objStorBucket}$request_uri?download;
|
proxy_pass $s3_backend$request_uri;
|
||||||
proxy_intercept_errors off;
|
proxy_intercept_errors off;
|
||||||
proxy_ssl_protocols TLSv1.2 TLSv1.3;
|
proxy_ssl_protocols TLSv1.2 TLSv1.3;
|
||||||
proxy_ssl_server_name on;
|
proxy_ssl_server_name on;
|
||||||
|
|
|
@ -22,6 +22,13 @@ in
|
||||||
recommendedOptimisation = true;
|
recommendedOptimisation = true;
|
||||||
recommendedProxySettings = true;
|
recommendedProxySettings = true;
|
||||||
recommendedTlsSettings = true;
|
recommendedTlsSettings = true;
|
||||||
|
resolver.addresses = [
|
||||||
|
# quad9.net
|
||||||
|
"9.9.9.9"
|
||||||
|
"149.112.112.112"
|
||||||
|
"[2620:fe::fe]"
|
||||||
|
"[2620:fe::9]"
|
||||||
|
];
|
||||||
appendHttpConfig = ''
|
appendHttpConfig = ''
|
||||||
# https://my.f5.com/manage/s/article/K51798430
|
# https://my.f5.com/manage/s/article/K51798430
|
||||||
proxy_headers_hash_bucket_size 128;
|
proxy_headers_hash_bucket_size 128;
|
||||||
|
|
Binary file not shown.
Loading…
Reference in a new issue