mirror of
https://git.kescher.at/CatCatNya/catstodon.git
synced 2024-11-23 00:38:07 +01:00
3e4b01b47d
Apparently I missed some things in earlier commits/releases that needed to be applied to the Nanobox setup. All minor things, nothing that breaks anything, but still best to get them in place. - Move cron jobs to their own component, so the Sidekiq component can be scaled up to multiple instances without causing issues with running the same cron job multiple times at once. - Update cron jobs to the latest requirements, removing extraneous ones - Add new variables to `.env.nanobox` - Update Nginx to use correct cache header directives
72 lines
2 KiB
Text
72 lines
2 KiB
Text
worker_processes 1;
|
|
daemon off;
|
|
|
|
events {
|
|
worker_connections 1024;
|
|
}
|
|
|
|
http {
|
|
include /data/etc/nginx/mime.types;
|
|
sendfile on;
|
|
|
|
gzip on;
|
|
gzip_http_version 1.0;
|
|
gzip_proxied any;
|
|
gzip_min_length 500;
|
|
gzip_disable "MSIE [1-6]\.";
|
|
gzip_types text/plain text/xml text/javascript text/css text/comma-separated-values application/xml+rss application/xml application/x-javascript application/json application/javascript application/atom+xml;
|
|
|
|
# Proxy upstream to the puma process
|
|
upstream rails {
|
|
server 127.0.0.1:3000;
|
|
}
|
|
|
|
map $http_upgrade $connection_upgrade {
|
|
default upgrade;
|
|
'' close;
|
|
}
|
|
|
|
# Configuration for Nginx
|
|
server {
|
|
# Listen on port 8080
|
|
listen 8080;
|
|
|
|
add_header Strict-Transport-Security "max-age=31536000";
|
|
add_header Content-Security-Policy "style-src 'self' 'unsafe-inline'; script-src 'self'; object-src 'self'; img-src data: https:; media-src data: https:; connect-src 'self' wss://<%= ENV["LOCAL_DOMAIN"] %>; upgrade-insecure-requests";
|
|
|
|
root /app/public;
|
|
|
|
client_max_body_size 8M;
|
|
|
|
location / {
|
|
try_files $uri @rails;
|
|
}
|
|
|
|
location /sw.js {
|
|
add_header Cache-Control "public, max-age=0";
|
|
try_files $uri @rails;
|
|
}
|
|
|
|
location ~ ^/(emoji|packs|system/media_attachments/files|system/accounts/avatars) {
|
|
add_header Cache-Control "public, max-age=31536000, immutable";
|
|
try_files $uri @rails;
|
|
}
|
|
|
|
# Proxy connections to rails
|
|
location @rails {
|
|
proxy_set_header Host $host;
|
|
proxy_pass_header Server;
|
|
|
|
proxy_pass http://rails;
|
|
proxy_buffering off;
|
|
proxy_redirect off;
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Upgrade $http_upgrade;
|
|
proxy_set_header Connection $connection_upgrade;
|
|
|
|
tcp_nodelay on;
|
|
}
|
|
}
|
|
|
|
error_page 500 501 502 503 504 /500.html;
|
|
}
|