Merge pull request 'fix(mastodon): use working unix sockets for streaming api' (#98) from fix/mastodon-streaming-api into main

Reviewed-on: pub-solar/infra#98
Reviewed-by: b12f <b12f@noreply.git.pub.solar>
This commit is contained in:
b12f 2024-01-18 15:08:25 +00:00
commit 3ab82b814c
Signed by: pub.solar gitea
GPG key ID: F0332B04B7054873
2 changed files with 44 additions and 31 deletions

View file

@ -3,19 +3,14 @@ let
cfg = config.services.mastodon; cfg = config.services.mastodon;
in in
{ {
services.nginx.virtualHosts = { services.nginx = {
virtualHosts = {
"mastodon.pub.solar" = { "mastodon.pub.solar" = {
root = "${cfg.package}/public/"; root = "${cfg.package}/public/";
# mastodon only supports https, but you can override this if you offload tls elsewhere. # mastodon only supports https, but you can override this if you offload tls elsewhere.
forceSSL = lib.mkDefault true; forceSSL = lib.mkDefault true;
enableACME = lib.mkDefault true; enableACME = lib.mkDefault true;
locations."/system/".alias = "/var/lib/mastodon/public-system/";
locations."/" = {
tryFiles = "$uri @proxy";
};
locations."/auth/sign_up".extraConfig = '' locations."/auth/sign_up".extraConfig = ''
return 302 /auth/sign_in; return 302 /auth/sign_in;
''; '';
@ -28,15 +23,33 @@ in
return 302 https://auth.pub.solar/realms/pub.solar/login-actions/reset-credentials?client_id=mastodon; return 302 https://auth.pub.solar/realms/pub.solar/login-actions/reset-credentials?client_id=mastodon;
''; '';
locations."/system/".alias = "/var/lib/mastodon/public-system/";
locations."/" = {
tryFiles = "$uri @proxy";
};
locations."@proxy" = { locations."@proxy" = {
proxyPass = (if cfg.enableUnixSocket then "http://unix:/run/mastodon-web/web.socket" else "http://127.0.0.1:${toString(cfg.webPort)}"); proxyPass = (if cfg.enableUnixSocket then "http://unix:/run/mastodon-web/web.socket" else "http://127.0.0.1:${toString(cfg.webPort)}");
proxyWebsockets = true; proxyWebsockets = true;
}; };
locations."/api/v1/streaming/" = { locations."/api/v1/streaming/" = {
proxyPass = (if cfg.enableUnixSocket then "http://unix:/run/mastodon-streaming/streaming.socket" else "http://127.0.0.1:${toString(cfg.streamingPort)}/"); proxyPass = "http://mastodon-streaming";
proxyWebsockets = true; proxyWebsockets = true;
}; };
}; };
}; };
upstreams.mastodon-streaming = {
extraConfig = ''
least_conn;
'';
servers = builtins.listToAttrs
(map (i: {
name = "unix:/run/mastodon-streaming/streaming-${toString i}.socket";
value = { };
}) (lib.range 1 cfg.streamingProcesses));
};
};
} }

View file

@ -20,8 +20,8 @@ in {
recommendedProxySettings = true; recommendedProxySettings = true;
recommendedTlsSettings = true; recommendedTlsSettings = true;
appendHttpConfig = '' appendHttpConfig = ''
# https://nginx.org/en/docs/hash.html # https://my.f5.com/manage/s/article/K51798430
proxy_headers_hash_max_size 1024; proxy_headers_hash_bucket_size 128;
''; '';
}; };