From b398a76564624c93124c93f5a12bbe2136324d58 Mon Sep 17 00:00:00 2001 From: Bobby Wibowo Date: Wed, 22 Jun 2022 15:40:52 +0700 Subject: [PATCH] feat: adapt docker config from upstream --- .dockerignore | 44 +++++++++++++- .editorconfig | 2 +- .env.example | 2 - .gitignore | 4 ++ Dockerfile | 24 -------- config.sample.js | 7 +-- docker-compose.yaml | 63 ------------------- docker/README..md | 25 ++++++++ docker/docker-compose.config.example.yml | 8 +++ docker/docker-compose.local.yml | 19 ++++++ docker/docker-compose.prod.yml | 11 ++++ docker/docker-compose.yml | 30 +++++++++ docker/lolisafe.ps1 | 3 + docker/lolisafe.sh | 2 + docker/lolisafe/Dockerfile | 24 ++++++++ docker/nginx/Dockerfile | 6 ++ docker/nginx/lolisafe.tld.http.example.conf | 28 +++++++++ docker/nginx/lolisafe.tld.https.example.conf | 39 ++++++++++++ docker/nginx/nginx.conf | 56 +++++++++++++++++ docker/nginx/nginxconfig.io/general.conf | 18 ++++++ docker/nginx/nginxconfig.io/proxy.conf | 18 ++++++ docker/nginx/nginxconfig.io/security.conf | 13 ++++ docker/nginx/ssl/.gitkeep | 0 nginx-ssl.sample.conf | 64 -------------------- nginx.docker.conf | 49 --------------- nginx.sample.conf | 53 ---------------- real-ip-from-cf | 30 --------- 27 files changed, 350 insertions(+), 292 deletions(-) delete mode 100644 .env.example delete mode 100644 Dockerfile delete mode 100644 docker-compose.yaml create mode 100644 docker/README..md create mode 100644 docker/docker-compose.config.example.yml create mode 100644 docker/docker-compose.local.yml create mode 100644 docker/docker-compose.prod.yml create mode 100644 docker/docker-compose.yml create mode 100644 docker/lolisafe.ps1 create mode 100755 docker/lolisafe.sh create mode 100644 docker/lolisafe/Dockerfile create mode 100644 docker/nginx/Dockerfile create mode 100644 docker/nginx/lolisafe.tld.http.example.conf create mode 100644 docker/nginx/lolisafe.tld.https.example.conf create mode 100644 docker/nginx/nginx.conf create mode 100644 docker/nginx/nginxconfig.io/general.conf create mode 100644 docker/nginx/nginxconfig.io/proxy.conf create mode 100644 docker/nginx/nginxconfig.io/security.conf create mode 100644 docker/nginx/ssl/.gitkeep delete mode 100644 nginx-ssl.sample.conf delete mode 100644 nginx.docker.conf delete mode 100644 nginx.sample.conf delete mode 100644 real-ip-from-cf diff --git a/.dockerignore b/.dockerignore index 9b3407c..549d849 100644 --- a/.dockerignore +++ b/.dockerignore @@ -1,3 +1,45 @@ -# git directories +# Packages +node_modules +**/node_modules + +# Log files +logs +*.log +npm-debug.log* + +# Runtime data +pids +*.pid +*.seed + +# IDE +.vscode + +# Docker (experimental) +docker/ +Dockerfile +.dockerignore +docker-compose.yml +docker-compose.config.yml +docker-compose.config.example.yml + +# Linting +.browserslistrc +.eslingignore +.eslintrc.js +.stylelintignore +.stylelintrc.json + +# Miscellaneous +.tmp .git +.gitattributes .github +.gitignore +.vscode +database +dist-dev +uploads +gulpfile.js +README.md +renovate.json diff --git a/.editorconfig b/.editorconfig index ce41ae1..9c50c72 100644 --- a/.editorconfig +++ b/.editorconfig @@ -11,7 +11,7 @@ indent_style = tab indent_size = 4 trim_trailing_whitespace = false -[*.conf] +[*.{conf,yml}] indent_size = 4 [LICENSE] diff --git a/.env.example b/.env.example deleted file mode 100644 index ea3bec0..0000000 --- a/.env.example +++ /dev/null @@ -1,2 +0,0 @@ -EMAIL=email@example.org -DOMAIN=MY-DOMAIN.com diff --git a/.gitignore b/.gitignore index 50f0d69..ff0922f 100644 --- a/.gitignore +++ b/.gitignore @@ -36,6 +36,10 @@ node_modules/ # npm's package-lock (if npm is accidentally used) package-lock.json +# Docker +docker/nginx/lolisafe.tld.conf +docker-compose.config.yml + # vscode's workspace settings /.vscode *.code-workspace diff --git a/Dockerfile b/Dockerfile deleted file mode 100644 index c7d015a..0000000 --- a/Dockerfile +++ /dev/null @@ -1,24 +0,0 @@ -FROM node:lts-alpine - -LABEL name "lolisafe-bobbywibowo" -LABEL version "3.0.0" -LABEL maintainer "evanmn " - -WORKDIR /usr/src/lolisafe - -COPY package.json yarn.lock ./ - -RUN apk --no-cache update \ -&& apk add --no-cache --virtual build-dependencies python make g++ \ -&& apk add --no-cache ffmpeg \ -&& apk del build-dependencies \ -&& yarn install --production \ -&& yarn cache clean - -ADD config.sample.js config.js - -COPY . . - -EXPOSE 9999 - -CMD ["node", "lolisafe.js"] diff --git a/config.sample.js b/config.sample.js index 9fcd01f..46f9310 100644 --- a/config.sample.js +++ b/config.sample.js @@ -32,11 +32,9 @@ module.exports = { Both cases require you to type the domain where the files will be served on the `domain` key below. Which one you use is ultimately up to you. - - NOTE: Set to falsy value if using Docker. */ serveFilesWithNode: false, - domain: 'https://lolisafe.moe', + domain: null, /* If you serve files with node, you can optionally choose to set Content-Disposition header @@ -63,7 +61,6 @@ module.exports = { /* Port on which to run the server. - NOTE: Change port in .env file if using Docker. */ port: 9999, @@ -601,7 +598,7 @@ module.exports = { */ generateThumbs: { image: true, - video: false, + video: true, // Placeholder defaults to 'public/images/unavailable.png'. placeholder: null, size: 200 diff --git a/docker-compose.yaml b/docker-compose.yaml deleted file mode 100644 index 0434742..0000000 --- a/docker-compose.yaml +++ /dev/null @@ -1,63 +0,0 @@ -version: '3.8' - -networks: - net: - driver: bridge - -services: - safe: - image: lolisafe/lolisafe - volumes: - - ./config.js:/usr/src/lolisafe/config.js:ro - - ./uploads:/usr/src/lolisafe/uploads - restart: unless-stopped - networks: - - net - - nginx: - image: nginx - volumes: - - ./nginx.docker.conf:/etc/nginx/conf.d/default.conf:ro - - ./uploads:/uploads - expose: - - 80 - restart: unless-stopped - depends_on: - - safe - networks: - - net - labels: - - 'traefik.enable=true' - - 'traefik.http.routers.safe.rule=Host(`${DOMAIN}`)' - - 'traefik.http.routers.safe.entrypoints=https' - - 'traefik.http.routers.safe.tls=true' - - 'traefik.http.routers.safe.tls.certresolver=letsencrypt' - - traefik: - image: traefik:latest - container_name: traefik - volumes: - - ./traefik/acme.json:/acme.json - - /var/run/docker.sock:/var/run/docker.sock - networks: - - net - ports: - - 80:80 - - 443:443 - command: - - '--log.level=INFO' - - '--providers.docker=true' - - '--providers.docker.exposedByDefault=false' - - '--entrypoints.http=true' - - '--entrypoints.http.address=:80' - - '--certificatesresolvers.letsencrypt.acme.email=${EMAIL}' - - '--certificatesresolvers.letsencrypt.acme.storage=acme.json' - - '--certificatesresolvers.letsencrypt.acme.httpchallenge.entrypoint=http' - - '--entrypoints.http.http.redirections.entrypoint.to=https' - - '--entrypoints.http.http.redirections.entrypoint.scheme=https' - - '--entrypoints.https=true' - - '--entrypoints.https.address=:443' - restart: unless-stopped - depends_on: - - nginx - diff --git a/docker/README..md b/docker/README..md new file mode 100644 index 0000000..da0b597 --- /dev/null +++ b/docker/README..md @@ -0,0 +1,25 @@ +# Docker + +If you want to avoid all the hassle of installing the dependencies, configuring nginx and so on you can try our docker image which makes things a bit simpler. + +First make sure you have docker and docker composer installed, so please follow the install instructions for your OS/Distro: +- https://docs.docker.com/engine/install/debian/ +- https://docs.docker.com/compose/install/ + +After that: +- Copy the config file called `docker-compose.config.example.yml` and name it `docker-compose.config.yml` with the values you want. Those that are left commented will use the default values. +- Copy either `lolisafe.tld.http.example.conf` or `lolisafe.tld.https.example.conf` and name it `lolisafe.tld.conf` for either HTTP or HTTPS +- - If using HTTPS make sure to put your certificates into the `ssl` folder and name them accordingly: +- - - `lolisafe.tld.crt` for the certificate +- - - `lolisafe.tld.key` for the certificate key + +Once you are done run the following commands: + +- `cd docker` +- `./lolisafe.sh prod pull` +- `./lolisafe.sh prod build` +- `./lolisafe.sh prod up -d` + +Use `./lolisafe.ps1` instead if you are on a Windows host. + +Congrats, your lolisafe instance is now running. diff --git a/docker/docker-compose.config.example.yml b/docker/docker-compose.config.example.yml new file mode 100644 index 0000000..56586f2 --- /dev/null +++ b/docker/docker-compose.config.example.yml @@ -0,0 +1,8 @@ +version: "3.7" + +services: + lolisafe: + environment: + PORT: 9999 + # DOMAIN: '' + # HOME_DOMAIN: '' diff --git a/docker/docker-compose.local.yml b/docker/docker-compose.local.yml new file mode 100644 index 0000000..72531b4 --- /dev/null +++ b/docker/docker-compose.local.yml @@ -0,0 +1,19 @@ +version: "3.7" + +services: + nginx: + volumes: + - lolisafe-data:/usr/lolisafe/uploads + + lolisafe: + volumes: + - lolisafe-data:/usr/lolisafe/uploads + - lolisafe-database:/usr/lolisafe/database + +volumes: + nginx-data: + name: "nginx-data" + lolisafe-data: + name: "lolisafe-data" + lolisafe-database: + name: "lolisafe-database" diff --git a/docker/docker-compose.prod.yml b/docker/docker-compose.prod.yml new file mode 100644 index 0000000..022b647 --- /dev/null +++ b/docker/docker-compose.prod.yml @@ -0,0 +1,11 @@ +version: "3.7" + +services: + nginx: + volumes: + - ./lolisafe-data:/usr/lolisafe/uploads + + lolisafe: + volumes: + - ./lolisafe-data:/usr/lolisafe/uploads + - ./lolisafe-database:/usr/lolisafe/database diff --git a/docker/docker-compose.yml b/docker/docker-compose.yml new file mode 100644 index 0000000..6adfd9d --- /dev/null +++ b/docker/docker-compose.yml @@ -0,0 +1,30 @@ +version: "3.7" + +services: + nginx: + build: + context: ./nginx + dockerfile: Dockerfile + expose: + - "80" + - "443" + ports: + - "80:80" + - "443:443" + restart: unless-stopped + healthcheck: + test: ["CMD", "service", "nginx", "status"] + interval: 60s + timeout: 5s + + lolisafe: + build: + context: ../ + dockerfile: ./docker/lolisafe/Dockerfile + expose: + - "9999" + restart: unless-stopped + environment: + PORT: 9999 + DOMAIN: '' + HOME_DOMAIN: '' diff --git a/docker/lolisafe.ps1 b/docker/lolisafe.ps1 new file mode 100644 index 0000000..17570a3 --- /dev/null +++ b/docker/lolisafe.ps1 @@ -0,0 +1,3 @@ +$env = $args[0] +$cmd = $args | Select-Object -Skip 1 +docker compose -f docker-compose.yml -f docker-compose.$env.yml -f docker-compose.config.yml $cmd diff --git a/docker/lolisafe.sh b/docker/lolisafe.sh new file mode 100755 index 0000000..27ed413 --- /dev/null +++ b/docker/lolisafe.sh @@ -0,0 +1,2 @@ +#!/bin/bash +docker compose -f docker-compose.yml -f docker-compose.$1.yml -f docker-compose.config.yml ${@%$1} diff --git a/docker/lolisafe/Dockerfile b/docker/lolisafe/Dockerfile new file mode 100644 index 0000000..c61208e --- /dev/null +++ b/docker/lolisafe/Dockerfile @@ -0,0 +1,24 @@ +FROM jrottenberg/ffmpeg:5-alpine as ffmpeg + +FROM node:16-alpine + +WORKDIR /usr/lolisafe +COPY package.json yarn.lock ./ + +RUN apk add --update \ +&& apk add --no-cache ca-certificates expat \ +&& apk add --no-cache vidstab-dev --repository=http://dl-cdn.alpinelinux.org/alpine/edge/community \ +&& apk add --no-cache --virtual .build-deps git curl build-base python3 g++ make \ +&& yarn install --production \ +&& yarn cache clean \ +&& apk del .build-deps + +COPY --from=ffmpeg /usr/local /usr/local + +ADD config.sample.js config.js +ADD views/_globals.sample.njk views/_globals.njk + +COPY . . +RUN mkdir uploads && mkdir database + +CMD ["sh", "-c", "yarn migrate && yarn start"] diff --git a/docker/nginx/Dockerfile b/docker/nginx/Dockerfile new file mode 100644 index 0000000..5b13804 --- /dev/null +++ b/docker/nginx/Dockerfile @@ -0,0 +1,6 @@ +FROM nginx + +COPY nginxconfig.io /etc/nginx/nginxconfig.io +COPY nginx.conf /etc/nginx/nginx.conf +COPY lolisafe.tld.conf /etc/nginx/conf.d/lolisafe.tld.conf +COPY ssl /etc/nginx/ssl diff --git a/docker/nginx/lolisafe.tld.http.example.conf b/docker/nginx/lolisafe.tld.http.example.conf new file mode 100644 index 0000000..e9cba60 --- /dev/null +++ b/docker/nginx/lolisafe.tld.http.example.conf @@ -0,0 +1,28 @@ +server { + listen 80; + listen [::]:80; + server_name lolisafe.tld; + + # security + include nginxconfig.io/security.conf; + + # logging + access_log /var/log/nginx/lolisafe.tld.access.log; + error_log /var/log/nginx/lolisafe.tld.error.log warn; + + # uploaded files + location / { + add_header Access-Control-Allow-Origin *; + root /usr/lolisafe/uploads; + try_files $uri @proxy; + } + + # reverse proxy + location @proxy { + proxy_pass http://lolisafe:9999; + include nginxconfig.io/proxy.conf; + } + + # additional config + include nginxconfig.io/general.conf; +} diff --git a/docker/nginx/lolisafe.tld.https.example.conf b/docker/nginx/lolisafe.tld.https.example.conf new file mode 100644 index 0000000..177b747 --- /dev/null +++ b/docker/nginx/lolisafe.tld.https.example.conf @@ -0,0 +1,39 @@ +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name lolisafe.tld; + + # SSL + ssl_certificate /etc/nginx/ssl/lolisafe.tld.crt; + ssl_certificate_key /etc/nginx/ssl/lolisafe.tld.key; + + # security + include nginxconfig.io/security.conf; + + # logging + access_log /var/log/nginx/lolisafe.tld.access.log; + error_log /var/log/nginx/lolisafe.tld.error.log warn; + + # uploaded files + location / { + add_header Access-Control-Allow-Origin *; + root /usr/lolisafe/uploads; + try_files $uri @proxy; + } + + # reverse proxy + location @proxy { + proxy_pass http://lolisafe:9999; + include nginxconfig.io/proxy.conf; + } + + # additional config + include nginxconfig.io/general.conf; +} + +# HTTP redirect +server { + listen 80; + listen [::]:80; + return 301 https://$server_name$request_uri; +} diff --git a/docker/nginx/nginx.conf b/docker/nginx/nginx.conf new file mode 100644 index 0000000..2e1569f --- /dev/null +++ b/docker/nginx/nginx.conf @@ -0,0 +1,56 @@ +# Generated by nginxconfig.io +# https://www.digitalocean.com/community/tools/nginx?domains.0.server.domain=tourneys.naval-base.com&domains.0.server.documentRoot=&domains.0.https.certType=custom&domains.0.php.php=false&domains.0.reverseProxy.reverseProxy=true&domains.0.reverseProxy.proxyPass=http%3A%2F%2F127.0.0.1%3A3001&domains.0.routing.root=false&domains.0.logging.accessLog=true&domains.0.logging.errorLog=true + +user www-data; +pid /run/nginx.pid; +worker_processes auto; +worker_rlimit_nofile 65535; + +events { + multi_accept on; + worker_connections 65535; +} + +http { + charset utf-8; + sendfile on; + tcp_nopush on; + tcp_nodelay on; + server_tokens off; + log_not_found off; + types_hash_max_size 2048; + + # MIME + include mime.types; + default_type application/octet-stream; + + # Logging + access_log /var/log/nginx/access.log; + error_log /var/log/nginx/error.log warn; + + # SSL + ssl_session_timeout 1d; + ssl_session_cache shared:SSL:10m; + ssl_session_tickets off; + + # Diffie-Hellman parameter for DHE ciphersuites + # ssl_dhparam /etc/nginx/dhparam.pem; + + # Mozilla Intermediate configuration + ssl_protocols TLSv1.2 TLSv1.3; + ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384; + + # OCSP Stapling + ssl_stapling off; + ssl_stapling_verify off; + resolver 1.1.1.1 1.0.0.1 8.8.8.8 8.8.4.4 208.67.222.222 208.67.220.220 valid=60s; + resolver_timeout 2s; + + # Upload size limit + client_max_body_size 100M; + client_body_timeout 600s; + + # Load configs + include /etc/nginx/conf.d/*.conf; + # include /etc/nginx/sites-enabled/*; +} diff --git a/docker/nginx/nginxconfig.io/general.conf b/docker/nginx/nginxconfig.io/general.conf new file mode 100644 index 0000000..a9df8d6 --- /dev/null +++ b/docker/nginx/nginxconfig.io/general.conf @@ -0,0 +1,18 @@ +# favicon.ico +location = /favicon.ico { + log_not_found off; + access_log off; +} + +# robots.txt +location = /robots.txt { + log_not_found off; + access_log off; +} + +# gzip +gzip on; +gzip_vary on; +gzip_proxied any; +gzip_comp_level 6; +gzip_types text/plain text/css text/xml application/json application/javascript application/rss+xml application/atom+xml image/svg+xml; diff --git a/docker/nginx/nginxconfig.io/proxy.conf b/docker/nginx/nginxconfig.io/proxy.conf new file mode 100644 index 0000000..874b041 --- /dev/null +++ b/docker/nginx/nginxconfig.io/proxy.conf @@ -0,0 +1,18 @@ +proxy_http_version 1.1; +proxy_cache_bypass $http_upgrade; + +# Proxy headers +proxy_set_header Upgrade $http_upgrade; +proxy_set_header Connection "upgrade"; +proxy_set_header Host $host; +proxy_set_header X-Real-IP $remote_addr; +proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; +proxy_set_header X-Forwarded-Proto $scheme; +proxy_set_header X-Forwarded-Host $host; +proxy_set_header X-Forwarded-Port $server_port; +proxy_set_header X-NginX-Proxy true; + +# Proxy timeouts +proxy_connect_timeout 60s; +proxy_send_timeout 60s; +proxy_read_timeout 60s; diff --git a/docker/nginx/nginxconfig.io/security.conf b/docker/nginx/nginxconfig.io/security.conf new file mode 100644 index 0000000..6414db3 --- /dev/null +++ b/docker/nginx/nginxconfig.io/security.conf @@ -0,0 +1,13 @@ +# security headers + +# Consider configuring "helmet" option in config.js instead, if applicable. +# Said options will limit the header tags only to pages served by lolisafe service, +# and not the uploaded files that will instead be directly served by nginx. + +#add_header Content-Security-Policy "default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self'; media-src 'self'; connect-src 'self'; font-src 'self' data: https://fonts.gstatic.com; worker-src 'self' blob:"; +add_header Permissions-Policy "accelerometer=(), autoplay=(self), camera=(self), fullscreen=(self), gyroscope=(), magnetometer=(), microphone=(self), midi=(), payment=(), picture-in-picture=(self), sync-xhr=(self), usb=(self)"; + +# . files +location ~ /\.(?!well-known) { + deny all; +} diff --git a/docker/nginx/ssl/.gitkeep b/docker/nginx/ssl/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/nginx-ssl.sample.conf b/nginx-ssl.sample.conf deleted file mode 100644 index f2330f2..0000000 --- a/nginx-ssl.sample.conf +++ /dev/null @@ -1,64 +0,0 @@ -upstream backend { - server 127.0.0.1:9999; # Change to the port you specified on lolisafe -} - -map $sent_http_content_type $charset { - ~^text/ utf-8; -} - -server { - listen 80; - listen [::]:80; - server_name lolisafe.moe; - return 301 https://$server_name$request_uri; -} - -server { - listen 443 ssl http2; - listen [::]:443 ssl http2; - - server_name lolisafe.moe; - server_tokens off; - - ssl_certificate /path/to/your/fullchain.pem; - ssl_certificate_key /path/to/your/privkey.pem; - ssl_trusted_certificate /path/to/your/fullchain.pem; - - client_max_body_size 100M; # Change this to the max file size you want to allow - - charset $charset; - charset_types *; - - # Uncomment if you are running lolisafe behind CloudFlare. - # This requires NGINX compiled from source with: - # --with-http_realip_module - #include /path/to/lolisafe/real-ip-from-cf; - - location / { - add_header Access-Control-Allow-Origin *; - root /path/to/your/uploads/folder; - try_files $uri @proxy; - } - - location @proxy { - proxy_pass http://backend; - proxy_redirect off; - proxy_http_version 1.1; - - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $remote_addr; - proxy_set_header X-Forwarded-Host $host; - proxy_set_header X-Forwarded-Port $server_port; - proxy_set_header X-Forwarded-Protocol $scheme; - proxy_set_header X-NginX-Proxy true; - - # Enabling these may help with clients with slow upload speeds. - #proxy_connect_timeout 300s; - #proxy_send_timeout 300s; - #proxy_read_timeout 600s; - #send_timeout 300s; - } -} diff --git a/nginx.docker.conf b/nginx.docker.conf deleted file mode 100644 index 6303994..0000000 --- a/nginx.docker.conf +++ /dev/null @@ -1,49 +0,0 @@ -upstream backend { - server safe:9999; # Change to the port you specified on lolisafe -} - -map $sent_http_content_type $charset { - ~^text/ utf-8; -} - -server { - listen 80; - - client_max_body_size 10000M; # Change this to the max file size you want to allow - - charset $charset; - charset_types *; - - # Uncomment if you are running lolisafe behind CloudFlare. - # This requires NGINX compiled from source with: - # --with-http_realip_module - #include /path/to/lolisafe/real-ip-from-cf; - - location / { - add_header Access-Control-Allow-Origin *; - root /uploads; - try_files $uri @proxy; - } - - location @proxy { - proxy_pass http://backend; - proxy_redirect off; - proxy_http_version 1.1; - - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $remote_addr; - proxy_set_header X-Forwarded-Host $host; - proxy_set_header X-Forwarded-Port $server_port; - proxy_set_header X-Forwarded-Protocol $scheme; - proxy_set_header X-NginX-Proxy true; - - # Enabling these may help with clients with slow upload speeds. - #proxy_connect_timeout 300s; - #proxy_send_timeout 300s; - #proxy_read_timeout 600s; - #send_timeout 300s; - } -} diff --git a/nginx.sample.conf b/nginx.sample.conf deleted file mode 100644 index 2875d29..0000000 --- a/nginx.sample.conf +++ /dev/null @@ -1,53 +0,0 @@ -upstream backend { - server 127.0.0.1:9999; # Change to the port you specified on lolisafe -} - -map $sent_http_content_type $charset { - ~^text/ utf-8; -} - -server { - listen 80; - listen [::]:80; - - server_name lolisafe.moe; - server_tokens off; - - client_max_body_size 100M; # Change this to the max file size you want to allow - - charset $charset; - charset_types *; - - # Uncomment if you are running lolisafe behind CloudFlare. - # This requires NGINX compiled from source with: - # --with-http_realip_module - #include /path/to/lolisafe/real-ip-from-cf; - - location / { - add_header Access-Control-Allow-Origin *; - root /path/to/your/uploads/folder; - try_files $uri @proxy; - } - - location @proxy { - proxy_pass http://backend; - proxy_redirect off; - proxy_http_version 1.1; - - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $remote_addr; - proxy_set_header X-Forwarded-Host $host; - proxy_set_header X-Forwarded-Port $server_port; - proxy_set_header X-Forwarded-Protocol $scheme; - proxy_set_header X-NginX-Proxy true; - - # Enabling these may help with clients with slow upload speeds. - #proxy_connect_timeout 300s; - #proxy_send_timeout 300s; - #proxy_read_timeout 600s; - #send_timeout 300s; - } -} diff --git a/real-ip-from-cf b/real-ip-from-cf deleted file mode 100644 index 8ded5df..0000000 --- a/real-ip-from-cf +++ /dev/null @@ -1,30 +0,0 @@ -# https://www.cloudflare.com/ips/ - -# IPv4 Ranges -# https://www.cloudflare.com/ips-v4/ -set_real_ip_from 173.245.48.0/20; -set_real_ip_from 103.21.244.0/22; -set_real_ip_from 103.22.200.0/22; -set_real_ip_from 103.31.4.0/22; -set_real_ip_from 141.101.64.0/18; -set_real_ip_from 108.162.192.0/18; -set_real_ip_from 190.93.240.0/20; -set_real_ip_from 188.114.96.0/20; -set_real_ip_from 197.234.240.0/22; -set_real_ip_from 198.41.128.0/17; -set_real_ip_from 162.158.0.0/15; -set_real_ip_from 104.16.0.0/12; -set_real_ip_from 172.64.0.0/13; -set_real_ip_from 131.0.72.0/22; - -# IPv6 Ranges -# https://www.cloudflare.com/ips-v6/ -set_real_ip_from 2400:cb00::/32; -set_real_ip_from 2606:4700::/32; -set_real_ip_from 2803:f800::/32; -set_real_ip_from 2405:b500::/32; -set_real_ip_from 2405:8100::/32; -set_real_ip_from 2a06:98c0::/29; -set_real_ip_from 2c0f:f248::/32; - -real_ip_header CF-Connecting-IP;