1
0
Fork 0
forked from pub-solar/infra

Merge pull request 'mastodon: host media files on pub.solar garage cluster' (#239) from mastodon-media-on-garage into main

Reviewed-on: pub-solar/infra#239
Reviewed-by: b12f <b12f@noreply.git.pub.solar>
Reviewed-by: hensoko <hensoko@noreply.git.pub.solar>
This commit is contained in:
teutat3s 2024-10-23 15:24:28 +00:00
commit 0ae6bc637b
Signed by: pub.solar gitea
GPG key ID: F0332B04B7054873
5 changed files with 19 additions and 8 deletions

View file

@ -99,7 +99,7 @@
s3_api = { s3_api = {
s3_region = "eu-central"; s3_region = "eu-central";
api_bind_addr = "[::]:3900"; api_bind_addr = "[::]:3900";
root_domain = ".s3.${config.pub-solar-os.networking.domain}"; root_domain = ".buckets.${config.pub-solar-os.networking.domain}";
}; };
s3_web = { s3_web = {
bind_addr = "[::]:3902"; bind_addr = "[::]:3902";

View file

@ -96,9 +96,9 @@
# S3 File storage (optional) # S3 File storage (optional)
# ----------------------- # -----------------------
S3_ENABLED = "true"; S3_ENABLED = "true";
S3_BUCKET = "pub-solar-mastodon"; S3_BUCKET = "mastodon";
S3_REGION = "europe-west-1"; S3_REGION = "eu-central";
S3_ENDPOINT = "https://gateway.tardigradeshare.io"; S3_ENDPOINT = "https://buckets.pub.solar";
S3_ALIAS_HOST = "files.${config.pub-solar-os.networking.domain}"; S3_ALIAS_HOST = "files.${config.pub-solar-os.networking.domain}";
# Translation (optional) # Translation (optional)
# ----------------------- # -----------------------

View file

@ -1,8 +1,7 @@
{ config, ... }: { config, ... }:
let let
objStorHost = "link.tardigradeshare.io"; objStorHost = "mastodon.web.pub.solar";
objStorBucket = "s/jw24ad6l4a6zxsnd32cmf5hp5nsq/pub-solar-mastodon";
in in
{ {
services.nginx.virtualHosts = { services.nginx.virtualHosts = {
@ -10,6 +9,12 @@ in
enableACME = true; enableACME = true;
forceSSL = true; forceSSL = true;
# Use variable to force nginx to perform a DNS resolution on its value,
# the IP of the object storage provider may not always remain the same.
extraConfig = ''
set $s3_backend 'https://${objStorHost}';
'';
locations = { locations = {
"= /" = { "= /" = {
index = "index.html"; index = "index.html";
@ -25,7 +30,6 @@ in
deny all; deny all;
} }
resolver 8.8.8.8;
proxy_set_header Host ${objStorHost}; proxy_set_header Host ${objStorHost};
proxy_set_header Connection \'\'; proxy_set_header Connection \'\';
proxy_set_header Authorization \'\'; proxy_set_header Authorization \'\';
@ -40,7 +44,7 @@ in
proxy_hide_header x-amz-bucket-region; proxy_hide_header x-amz-bucket-region;
proxy_hide_header x-amzn-requestid; proxy_hide_header x-amzn-requestid;
proxy_ignore_headers Set-Cookie; proxy_ignore_headers Set-Cookie;
proxy_pass https://${objStorHost}/${objStorBucket}$request_uri?download; proxy_pass $s3_backend$request_uri;
proxy_intercept_errors off; proxy_intercept_errors off;
proxy_ssl_protocols TLSv1.2 TLSv1.3; proxy_ssl_protocols TLSv1.2 TLSv1.3;
proxy_ssl_server_name on; proxy_ssl_server_name on;

View file

@ -22,6 +22,13 @@ in
recommendedOptimisation = true; recommendedOptimisation = true;
recommendedProxySettings = true; recommendedProxySettings = true;
recommendedTlsSettings = true; recommendedTlsSettings = true;
resolver.addresses = [
# quad9.net
"9.9.9.9"
"149.112.112.112"
"[2620:fe::fe]"
"[2620:fe::9]"
];
appendHttpConfig = '' appendHttpConfig = ''
# https://my.f5.com/manage/s/article/K51798430 # https://my.f5.com/manage/s/article/K51798430
proxy_headers_hash_bucket_size 128; proxy_headers_hash_bucket_size 128;