diff --git a/nginx/s3img.stpl b/nginx/s3img.stpl new file mode 100644 index 0000000..fbb562e --- /dev/null +++ b/nginx/s3img.stpl @@ -0,0 +1,70 @@ +#=========================================================================# +# Default Web Domain Template # +# DO NOT MODIFY THIS FILE! CHANGES WILL BE LOST WHEN REBUILDING DOMAINS # +# https://docs.hestiacp.com/admin_docs/web.html#how-do-web-templates-work # +#=========================================================================# +proxy_cache_path /tmp/nginx-cache-instance-media levels=1:2 keys_zone=s3_cache:10m max_size=10g inactive=48h use_temp_path=off; + + +server { + listen %ip%:%proxy_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + ssl_stapling on; + ssl_stapling_verify on; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + include %home%/%user%/conf/web/%domain%/nginx.hsts.conf*; + + root /home/mastodon/public/system; + + set $s3_backend 'https://img-s.184.im.s3.nl-ams.scw.cloud'; + + keepalive_timeout 30; + + location = / { + index index.html; + } + location / { + try_files $uri @s3; + } + + location @s3 { + limit_except GET { + deny all; + } + + #resolver 9.9.9.9; + proxy_set_header Host 'img-s.184.im.s3.nl-ams.scw.cloud'; + proxy_set_header Connection ''; + proxy_set_header Authorization ''; + proxy_hide_header Set-Cookie; + proxy_hide_header 'Access-Control-Allow-Origin'; + proxy_hide_header 'Access-Control-Allow-Methods'; + proxy_hide_header 'Access-Control-Allow-Headers'; + proxy_hide_header x-amz-id-2; + proxy_hide_header x-amz-request-id; + proxy_hide_header x-amz-meta-server-side-encryption; + proxy_hide_header x-amz-server-side-encryption; + proxy_hide_header x-amz-bucket-region; + proxy_hide_header x-amzn-requestid; + proxy_ignore_headers Set-Cookie; + proxy_pass $s3_backend$uri; + proxy_intercept_errors off; + + proxy_cache s3_cache; + proxy_cache_valid 200 304 48h; + proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504; + proxy_cache_lock on; + proxy_cache_revalidate on; + + expires 1y; + add_header Cache-Control public; + add_header 'Access-Control-Allow-Origin' '*'; + add_header X-Cache-Status $upstream_cache_status; + } + + include %home%/%user%/conf/web/%domain%/nginx.ssl.conf_*; +} + diff --git a/nginx/s3img.tpl b/nginx/s3img.tpl new file mode 100644 index 0000000..d657828 --- /dev/null +++ b/nginx/s3img.tpl @@ -0,0 +1,39 @@ +#=========================================================================# +# Default Web Domain Template # +# DO NOT MODIFY THIS FILE! CHANGES WILL BE LOST WHEN REBUILDING DOMAINS # +# https://docs.hestiacp.com/admin_docs/web.html#how-do-web-templates-work # +#=========================================================================# + +server { + listen %ip%:%proxy_port%; + server_name %domain_idn% %alias_idn%; + + include %home%/%user%/conf/web/%domain%/nginx.forcessl.conf*; + + location / { + proxy_pass http://%ip%:%web_port%; + location ~* ^.+\.(%proxy_extensions%)$ { + root %docroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass http://%ip%:%web_port%; + } + + location ~ /\.(?!well-known\/|file) { + deny all; + return 404; + } + + include %home%/%user%/conf/web/%domain%/nginx.conf_*; +} +