lemmy: split the nginx config out into something that can be upstreamed later
(waiting for the nixosTests to pass before upstreaming)
This commit is contained in:
parent
95635be1d5
commit
e0c2e8c149
|
@ -1,3 +1,8 @@
|
||||||
|
# docs:
|
||||||
|
# - <repo:LemmyNet/lemmy:docker/federation/nginx.conf>
|
||||||
|
# - <repo:LemmyNet/lemmy:docker/nginx.conf>
|
||||||
|
# - <repo:LemmyNet/lemmy-ansible:templates/nginx.conf>
|
||||||
|
|
||||||
{ config, lib, ... }:
|
{ config, lib, ... }:
|
||||||
let
|
let
|
||||||
inherit (builtins) toString;
|
inherit (builtins) toString;
|
||||||
|
@ -15,6 +20,7 @@ in {
|
||||||
settings.port = backendPort;
|
settings.port = backendPort;
|
||||||
ui.port = uiPort;
|
ui.port = uiPort;
|
||||||
database.createLocally = true;
|
database.createLocally = true;
|
||||||
|
nginx.enable = true;
|
||||||
};
|
};
|
||||||
|
|
||||||
systemd.services.lemmy.serviceConfig = {
|
systemd.services.lemmy.serviceConfig = {
|
||||||
|
@ -46,53 +52,6 @@ in {
|
||||||
services.nginx.virtualHosts."lemmy.uninsane.org" = {
|
services.nginx.virtualHosts."lemmy.uninsane.org" = {
|
||||||
forceSSL = true;
|
forceSSL = true;
|
||||||
enableACME = true;
|
enableACME = true;
|
||||||
locations = let
|
|
||||||
ui = "http://127.0.0.1:${toString uiPort}";
|
|
||||||
backend = "http://127.0.0.1:${toString backendPort}";
|
|
||||||
in {
|
|
||||||
# see <LemmyNet/lemmy:docker/federation/nginx.conf>
|
|
||||||
# see <LemmyNet/lemmy:docker/nginx.conf>
|
|
||||||
# see <LemmyNet/lemmy-ansible:templates/nginx.conf>
|
|
||||||
"/" = {
|
|
||||||
# "frontend general requests"
|
|
||||||
proxyPass = "$proxpass";
|
|
||||||
extraConfig = ''
|
|
||||||
set $proxpass "${ui}";
|
|
||||||
if ($http_accept = "application/activity+json") {
|
|
||||||
set $proxpass "${backend}";
|
|
||||||
}
|
|
||||||
if ($http_accept = "application/ld+json; profile=\"https://www.w3.org/ns/activitystreams\"") {
|
|
||||||
set $proxpass "${backend}";
|
|
||||||
}
|
|
||||||
|
|
||||||
# XXX: lemmy-ansible nginx uses this maximally broad redirection
|
|
||||||
# if ($http_accept ~ "^application/.*$") {
|
|
||||||
# set $proxpass "${backend}";
|
|
||||||
# }
|
|
||||||
# XXX: POST redirection occurs in lemmy-ansible and docker/nginx.conf but not docker/federation/nginx.conf
|
|
||||||
if ($request_method = POST) {
|
|
||||||
set $proxpass "${backend}";
|
|
||||||
}
|
|
||||||
|
|
||||||
# Cuts off the trailing slash on URLs to make them valid
|
|
||||||
rewrite ^(.+)/+$ $1 permanent;
|
|
||||||
|
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
|
||||||
proxy_set_header Host $host;
|
|
||||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
"~ ^/(api|pictrs|feeds|nodeinfo|.well-known)" = {
|
|
||||||
# "backend"
|
|
||||||
proxyPass = backend;
|
|
||||||
proxyWebsockets = true;
|
|
||||||
extraConfig = ''
|
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
|
||||||
proxy_set_header Host $host;
|
|
||||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
};
|
||||||
|
|
||||||
sane.services.trust-dns.zones."uninsane.org".inet.CNAME."lemmy" = "native";
|
sane.services.trust-dns.zones."uninsane.org".inet.CNAME."lemmy" = "native";
|
||||||
|
|
|
@ -75,6 +75,12 @@ in [
|
||||||
hash = "sha256-Tqr8Ri8X2dDljDmWmjAQDRJGNenSFhrY/wr24h2JAh0=";
|
hash = "sha256-Tqr8Ri8X2dDljDmWmjAQDRJGNenSFhrY/wr24h2JAh0=";
|
||||||
})
|
})
|
||||||
|
|
||||||
|
(fetchpatch' {
|
||||||
|
# nixos/lemmy: support nginx
|
||||||
|
saneCommit = "4c86db6dcb78795ac9bb514d9c779fd591070b23";
|
||||||
|
hash = "sha256-G7jGhSPUp9BMxh2yTzo0KUUVabMJeZ28YTA+0iPldRI=";
|
||||||
|
})
|
||||||
|
|
||||||
(fetchpatch' {
|
(fetchpatch' {
|
||||||
# feedbackd: 0.1.0 -> 0.2.0
|
# feedbackd: 0.1.0 -> 0.2.0
|
||||||
saneCommit = "a0186a5782708a640cd6eaad6e9742b9cccebe9d";
|
saneCommit = "a0186a5782708a640cd6eaad6e9742b9cccebe9d";
|
||||||
|
|
Loading…
Reference in New Issue
Block a user