fix(mastodon): use working unix sockets for streaming api #98
|
|
@ -3,40 +3,53 @@ let
|
|||
cfg = config.services.mastodon;
|
||||
in
|
||||
{
|
||||
services.nginx.virtualHosts = {
|
||||
"mastodon.pub.solar" = {
|
||||
root = "${cfg.package}/public/";
|
||||
# mastodon only supports https, but you can override this if you offload tls elsewhere.
|
||||
forceSSL = lib.mkDefault true;
|
||||
enableACME = lib.mkDefault true;
|
||||
services.nginx = {
|
||||
virtualHosts = {
|
||||
"mastodon.pub.solar" = {
|
||||
root = "${cfg.package}/public/";
|
||||
# mastodon only supports https, but you can override this if you offload tls elsewhere.
|
||||
forceSSL = lib.mkDefault true;
|
||||
enableACME = lib.mkDefault true;
|
||||
|
||||
locations."/system/".alias = "/var/lib/mastodon/public-system/";
|
||||
locations."/auth/sign_up".extraConfig = ''
|
||||
return 302 /auth/sign_in;
|
||||
'';
|
||||
|
||||
locations."/" = {
|
||||
tryFiles = "$uri @proxy";
|
||||
locations."/auth/confirmation/new".extraConfig = ''
|
||||
return 302 https://auth.pub.solar/realms/pub.solar/login-actions/reset-credentials?client_id=mastodon;
|
||||
'';
|
||||
|
||||
locations."/auth/password/new".extraConfig = ''
|
||||
return 302 https://auth.pub.solar/realms/pub.solar/login-actions/reset-credentials?client_id=mastodon;
|
||||
'';
|
||||
|
||||
locations."/system/".alias = "/var/lib/mastodon/public-system/";
|
||||
|
||||
locations."/" = {
|
||||
tryFiles = "$uri @proxy";
|
||||
};
|
||||
|
||||
locations."@proxy" = {
|
||||
proxyPass = (if cfg.enableUnixSocket then "http://unix:/run/mastodon-web/web.socket" else "http://127.0.0.1:${toString(cfg.webPort)}");
|
||||
proxyWebsockets = true;
|
||||
};
|
||||
|
||||
locations."/api/v1/streaming/" = {
|
||||
proxyPass = "http://mastodon-streaming";
|
||||
proxyWebsockets = true;
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
locations."/auth/sign_up".extraConfig = ''
|
||||
return 302 /auth/sign_in;
|
||||
upstreams.mastodon-streaming = {
|
||||
extraConfig = ''
|
||||
least_conn;
|
||||
'';
|
||||
|
||||
locations."/auth/confirmation/new".extraConfig = ''
|
||||
return 302 https://auth.pub.solar/realms/pub.solar/login-actions/reset-credentials?client_id=mastodon;
|
||||
'';
|
||||
|
||||
locations."/auth/password/new".extraConfig = ''
|
||||
return 302 https://auth.pub.solar/realms/pub.solar/login-actions/reset-credentials?client_id=mastodon;
|
||||
'';
|
||||
|
||||
locations."@proxy" = {
|
||||
proxyPass = (if cfg.enableUnixSocket then "http://unix:/run/mastodon-web/web.socket" else "http://127.0.0.1:${toString(cfg.webPort)}");
|
||||
proxyWebsockets = true;
|
||||
};
|
||||
|
||||
locations."/api/v1/streaming/" = {
|
||||
proxyPass = (if cfg.enableUnixSocket then "http://unix:/run/mastodon-streaming/streaming.socket" else "http://127.0.0.1:${toString(cfg.streamingPort)}/");
|
||||
proxyWebsockets = true;
|
||||
};
|
||||
servers = builtins.listToAttrs
|
||||
(map (i: {
|
||||
name = "unix:/run/mastodon-streaming/streaming-${toString i}.socket";
|
||||
value = { };
|
||||
}) (lib.range 1 cfg.streamingProcesses));
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
|||
|
|
@ -20,8 +20,8 @@ in {
|
|||
recommendedProxySettings = true;
|
||||
recommendedTlsSettings = true;
|
||||
appendHttpConfig = ''
|
||||
# https://nginx.org/en/docs/hash.html
|
||||
proxy_headers_hash_max_size 1024;
|
||||
# https://my.f5.com/manage/s/article/K51798430
|
||||
proxy_headers_hash_bucket_size 128;
|
||||
'';
|
||||
};
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue