mirror of
https://github.com/BobbyWibowo/lolisafe.git
synced 2024-12-12 23:46:22 +00:00
feat: adapt docker config from upstream
This commit is contained in:
parent
f37313a84c
commit
b398a76564
@ -1,3 +1,45 @@
|
||||
# git directories
|
||||
# Packages
|
||||
node_modules
|
||||
**/node_modules
|
||||
|
||||
# Log files
|
||||
logs
|
||||
*.log
|
||||
npm-debug.log*
|
||||
|
||||
# Runtime data
|
||||
pids
|
||||
*.pid
|
||||
*.seed
|
||||
|
||||
# IDE
|
||||
.vscode
|
||||
|
||||
# Docker (experimental)
|
||||
docker/
|
||||
Dockerfile
|
||||
.dockerignore
|
||||
docker-compose.yml
|
||||
docker-compose.config.yml
|
||||
docker-compose.config.example.yml
|
||||
|
||||
# Linting
|
||||
.browserslistrc
|
||||
.eslingignore
|
||||
.eslintrc.js
|
||||
.stylelintignore
|
||||
.stylelintrc.json
|
||||
|
||||
# Miscellaneous
|
||||
.tmp
|
||||
.git
|
||||
.gitattributes
|
||||
.github
|
||||
.gitignore
|
||||
.vscode
|
||||
database
|
||||
dist-dev
|
||||
uploads
|
||||
gulpfile.js
|
||||
README.md
|
||||
renovate.json
|
||||
|
@ -11,7 +11,7 @@ indent_style = tab
|
||||
indent_size = 4
|
||||
trim_trailing_whitespace = false
|
||||
|
||||
[*.conf]
|
||||
[*.{conf,yml}]
|
||||
indent_size = 4
|
||||
|
||||
[LICENSE]
|
||||
|
@ -1,2 +0,0 @@
|
||||
EMAIL=email@example.org
|
||||
DOMAIN=MY-DOMAIN.com
|
4
.gitignore
vendored
4
.gitignore
vendored
@ -36,6 +36,10 @@ node_modules/
|
||||
# npm's package-lock (if npm is accidentally used)
|
||||
package-lock.json
|
||||
|
||||
# Docker
|
||||
docker/nginx/lolisafe.tld.conf
|
||||
docker-compose.config.yml
|
||||
|
||||
# vscode's workspace settings
|
||||
/.vscode
|
||||
*.code-workspace
|
||||
|
24
Dockerfile
24
Dockerfile
@ -1,24 +0,0 @@
|
||||
FROM node:lts-alpine
|
||||
|
||||
LABEL name "lolisafe-bobbywibowo"
|
||||
LABEL version "3.0.0"
|
||||
LABEL maintainer "evanmn <docker@evan.mn>"
|
||||
|
||||
WORKDIR /usr/src/lolisafe
|
||||
|
||||
COPY package.json yarn.lock ./
|
||||
|
||||
RUN apk --no-cache update \
|
||||
&& apk add --no-cache --virtual build-dependencies python make g++ \
|
||||
&& apk add --no-cache ffmpeg \
|
||||
&& apk del build-dependencies \
|
||||
&& yarn install --production \
|
||||
&& yarn cache clean
|
||||
|
||||
ADD config.sample.js config.js
|
||||
|
||||
COPY . .
|
||||
|
||||
EXPOSE 9999
|
||||
|
||||
CMD ["node", "lolisafe.js"]
|
@ -32,11 +32,9 @@ module.exports = {
|
||||
|
||||
Both cases require you to type the domain where the files will be served on the `domain` key below.
|
||||
Which one you use is ultimately up to you.
|
||||
|
||||
NOTE: Set to falsy value if using Docker.
|
||||
*/
|
||||
serveFilesWithNode: false,
|
||||
domain: 'https://lolisafe.moe',
|
||||
domain: null,
|
||||
|
||||
/*
|
||||
If you serve files with node, you can optionally choose to set Content-Disposition header
|
||||
@ -63,7 +61,6 @@ module.exports = {
|
||||
|
||||
/*
|
||||
Port on which to run the server.
|
||||
NOTE: Change port in .env file if using Docker.
|
||||
*/
|
||||
port: 9999,
|
||||
|
||||
@ -601,7 +598,7 @@ module.exports = {
|
||||
*/
|
||||
generateThumbs: {
|
||||
image: true,
|
||||
video: false,
|
||||
video: true,
|
||||
// Placeholder defaults to 'public/images/unavailable.png'.
|
||||
placeholder: null,
|
||||
size: 200
|
||||
|
@ -1,63 +0,0 @@
|
||||
version: '3.8'
|
||||
|
||||
networks:
|
||||
net:
|
||||
driver: bridge
|
||||
|
||||
services:
|
||||
safe:
|
||||
image: lolisafe/lolisafe
|
||||
volumes:
|
||||
- ./config.js:/usr/src/lolisafe/config.js:ro
|
||||
- ./uploads:/usr/src/lolisafe/uploads
|
||||
restart: unless-stopped
|
||||
networks:
|
||||
- net
|
||||
|
||||
nginx:
|
||||
image: nginx
|
||||
volumes:
|
||||
- ./nginx.docker.conf:/etc/nginx/conf.d/default.conf:ro
|
||||
- ./uploads:/uploads
|
||||
expose:
|
||||
- 80
|
||||
restart: unless-stopped
|
||||
depends_on:
|
||||
- safe
|
||||
networks:
|
||||
- net
|
||||
labels:
|
||||
- 'traefik.enable=true'
|
||||
- 'traefik.http.routers.safe.rule=Host(`${DOMAIN}`)'
|
||||
- 'traefik.http.routers.safe.entrypoints=https'
|
||||
- 'traefik.http.routers.safe.tls=true'
|
||||
- 'traefik.http.routers.safe.tls.certresolver=letsencrypt'
|
||||
|
||||
traefik:
|
||||
image: traefik:latest
|
||||
container_name: traefik
|
||||
volumes:
|
||||
- ./traefik/acme.json:/acme.json
|
||||
- /var/run/docker.sock:/var/run/docker.sock
|
||||
networks:
|
||||
- net
|
||||
ports:
|
||||
- 80:80
|
||||
- 443:443
|
||||
command:
|
||||
- '--log.level=INFO'
|
||||
- '--providers.docker=true'
|
||||
- '--providers.docker.exposedByDefault=false'
|
||||
- '--entrypoints.http=true'
|
||||
- '--entrypoints.http.address=:80'
|
||||
- '--certificatesresolvers.letsencrypt.acme.email=${EMAIL}'
|
||||
- '--certificatesresolvers.letsencrypt.acme.storage=acme.json'
|
||||
- '--certificatesresolvers.letsencrypt.acme.httpchallenge.entrypoint=http'
|
||||
- '--entrypoints.http.http.redirections.entrypoint.to=https'
|
||||
- '--entrypoints.http.http.redirections.entrypoint.scheme=https'
|
||||
- '--entrypoints.https=true'
|
||||
- '--entrypoints.https.address=:443'
|
||||
restart: unless-stopped
|
||||
depends_on:
|
||||
- nginx
|
||||
|
25
docker/README..md
Normal file
25
docker/README..md
Normal file
@ -0,0 +1,25 @@
|
||||
# Docker
|
||||
|
||||
If you want to avoid all the hassle of installing the dependencies, configuring nginx and so on you can try our docker image which makes things a bit simpler.
|
||||
|
||||
First make sure you have docker and docker composer installed, so please follow the install instructions for your OS/Distro:
|
||||
- https://docs.docker.com/engine/install/debian/
|
||||
- https://docs.docker.com/compose/install/
|
||||
|
||||
After that:
|
||||
- Copy the config file called `docker-compose.config.example.yml` and name it `docker-compose.config.yml` with the values you want. Those that are left commented will use the default values.
|
||||
- Copy either `lolisafe.tld.http.example.conf` or `lolisafe.tld.https.example.conf` and name it `lolisafe.tld.conf` for either HTTP or HTTPS
|
||||
- - If using HTTPS make sure to put your certificates into the `ssl` folder and name them accordingly:
|
||||
- - - `lolisafe.tld.crt` for the certificate
|
||||
- - - `lolisafe.tld.key` for the certificate key
|
||||
|
||||
Once you are done run the following commands:
|
||||
|
||||
- `cd docker`
|
||||
- `./lolisafe.sh prod pull`
|
||||
- `./lolisafe.sh prod build`
|
||||
- `./lolisafe.sh prod up -d`
|
||||
|
||||
Use `./lolisafe.ps1` instead if you are on a Windows host.
|
||||
|
||||
Congrats, your lolisafe instance is now running.
|
8
docker/docker-compose.config.example.yml
Normal file
8
docker/docker-compose.config.example.yml
Normal file
@ -0,0 +1,8 @@
|
||||
version: "3.7"
|
||||
|
||||
services:
|
||||
lolisafe:
|
||||
environment:
|
||||
PORT: 9999
|
||||
# DOMAIN: ''
|
||||
# HOME_DOMAIN: ''
|
19
docker/docker-compose.local.yml
Normal file
19
docker/docker-compose.local.yml
Normal file
@ -0,0 +1,19 @@
|
||||
version: "3.7"
|
||||
|
||||
services:
|
||||
nginx:
|
||||
volumes:
|
||||
- lolisafe-data:/usr/lolisafe/uploads
|
||||
|
||||
lolisafe:
|
||||
volumes:
|
||||
- lolisafe-data:/usr/lolisafe/uploads
|
||||
- lolisafe-database:/usr/lolisafe/database
|
||||
|
||||
volumes:
|
||||
nginx-data:
|
||||
name: "nginx-data"
|
||||
lolisafe-data:
|
||||
name: "lolisafe-data"
|
||||
lolisafe-database:
|
||||
name: "lolisafe-database"
|
11
docker/docker-compose.prod.yml
Normal file
11
docker/docker-compose.prod.yml
Normal file
@ -0,0 +1,11 @@
|
||||
version: "3.7"
|
||||
|
||||
services:
|
||||
nginx:
|
||||
volumes:
|
||||
- ./lolisafe-data:/usr/lolisafe/uploads
|
||||
|
||||
lolisafe:
|
||||
volumes:
|
||||
- ./lolisafe-data:/usr/lolisafe/uploads
|
||||
- ./lolisafe-database:/usr/lolisafe/database
|
30
docker/docker-compose.yml
Normal file
30
docker/docker-compose.yml
Normal file
@ -0,0 +1,30 @@
|
||||
version: "3.7"
|
||||
|
||||
services:
|
||||
nginx:
|
||||
build:
|
||||
context: ./nginx
|
||||
dockerfile: Dockerfile
|
||||
expose:
|
||||
- "80"
|
||||
- "443"
|
||||
ports:
|
||||
- "80:80"
|
||||
- "443:443"
|
||||
restart: unless-stopped
|
||||
healthcheck:
|
||||
test: ["CMD", "service", "nginx", "status"]
|
||||
interval: 60s
|
||||
timeout: 5s
|
||||
|
||||
lolisafe:
|
||||
build:
|
||||
context: ../
|
||||
dockerfile: ./docker/lolisafe/Dockerfile
|
||||
expose:
|
||||
- "9999"
|
||||
restart: unless-stopped
|
||||
environment:
|
||||
PORT: 9999
|
||||
DOMAIN: ''
|
||||
HOME_DOMAIN: ''
|
3
docker/lolisafe.ps1
Normal file
3
docker/lolisafe.ps1
Normal file
@ -0,0 +1,3 @@
|
||||
$env = $args[0]
|
||||
$cmd = $args | Select-Object -Skip 1
|
||||
docker compose -f docker-compose.yml -f docker-compose.$env.yml -f docker-compose.config.yml $cmd
|
2
docker/lolisafe.sh
Executable file
2
docker/lolisafe.sh
Executable file
@ -0,0 +1,2 @@
|
||||
#!/bin/bash
|
||||
docker compose -f docker-compose.yml -f docker-compose.$1.yml -f docker-compose.config.yml ${@%$1}
|
24
docker/lolisafe/Dockerfile
Normal file
24
docker/lolisafe/Dockerfile
Normal file
@ -0,0 +1,24 @@
|
||||
FROM jrottenberg/ffmpeg:5-alpine as ffmpeg
|
||||
|
||||
FROM node:16-alpine
|
||||
|
||||
WORKDIR /usr/lolisafe
|
||||
COPY package.json yarn.lock ./
|
||||
|
||||
RUN apk add --update \
|
||||
&& apk add --no-cache ca-certificates expat \
|
||||
&& apk add --no-cache vidstab-dev --repository=http://dl-cdn.alpinelinux.org/alpine/edge/community \
|
||||
&& apk add --no-cache --virtual .build-deps git curl build-base python3 g++ make \
|
||||
&& yarn install --production \
|
||||
&& yarn cache clean \
|
||||
&& apk del .build-deps
|
||||
|
||||
COPY --from=ffmpeg /usr/local /usr/local
|
||||
|
||||
ADD config.sample.js config.js
|
||||
ADD views/_globals.sample.njk views/_globals.njk
|
||||
|
||||
COPY . .
|
||||
RUN mkdir uploads && mkdir database
|
||||
|
||||
CMD ["sh", "-c", "yarn migrate && yarn start"]
|
6
docker/nginx/Dockerfile
Normal file
6
docker/nginx/Dockerfile
Normal file
@ -0,0 +1,6 @@
|
||||
FROM nginx
|
||||
|
||||
COPY nginxconfig.io /etc/nginx/nginxconfig.io
|
||||
COPY nginx.conf /etc/nginx/nginx.conf
|
||||
COPY lolisafe.tld.conf /etc/nginx/conf.d/lolisafe.tld.conf
|
||||
COPY ssl /etc/nginx/ssl
|
28
docker/nginx/lolisafe.tld.http.example.conf
Normal file
28
docker/nginx/lolisafe.tld.http.example.conf
Normal file
@ -0,0 +1,28 @@
|
||||
server {
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
server_name lolisafe.tld;
|
||||
|
||||
# security
|
||||
include nginxconfig.io/security.conf;
|
||||
|
||||
# logging
|
||||
access_log /var/log/nginx/lolisafe.tld.access.log;
|
||||
error_log /var/log/nginx/lolisafe.tld.error.log warn;
|
||||
|
||||
# uploaded files
|
||||
location / {
|
||||
add_header Access-Control-Allow-Origin *;
|
||||
root /usr/lolisafe/uploads;
|
||||
try_files $uri @proxy;
|
||||
}
|
||||
|
||||
# reverse proxy
|
||||
location @proxy {
|
||||
proxy_pass http://lolisafe:9999;
|
||||
include nginxconfig.io/proxy.conf;
|
||||
}
|
||||
|
||||
# additional config
|
||||
include nginxconfig.io/general.conf;
|
||||
}
|
39
docker/nginx/lolisafe.tld.https.example.conf
Normal file
39
docker/nginx/lolisafe.tld.https.example.conf
Normal file
@ -0,0 +1,39 @@
|
||||
server {
|
||||
listen 443 ssl http2;
|
||||
listen [::]:443 ssl http2;
|
||||
server_name lolisafe.tld;
|
||||
|
||||
# SSL
|
||||
ssl_certificate /etc/nginx/ssl/lolisafe.tld.crt;
|
||||
ssl_certificate_key /etc/nginx/ssl/lolisafe.tld.key;
|
||||
|
||||
# security
|
||||
include nginxconfig.io/security.conf;
|
||||
|
||||
# logging
|
||||
access_log /var/log/nginx/lolisafe.tld.access.log;
|
||||
error_log /var/log/nginx/lolisafe.tld.error.log warn;
|
||||
|
||||
# uploaded files
|
||||
location / {
|
||||
add_header Access-Control-Allow-Origin *;
|
||||
root /usr/lolisafe/uploads;
|
||||
try_files $uri @proxy;
|
||||
}
|
||||
|
||||
# reverse proxy
|
||||
location @proxy {
|
||||
proxy_pass http://lolisafe:9999;
|
||||
include nginxconfig.io/proxy.conf;
|
||||
}
|
||||
|
||||
# additional config
|
||||
include nginxconfig.io/general.conf;
|
||||
}
|
||||
|
||||
# HTTP redirect
|
||||
server {
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
return 301 https://$server_name$request_uri;
|
||||
}
|
56
docker/nginx/nginx.conf
Normal file
56
docker/nginx/nginx.conf
Normal file
@ -0,0 +1,56 @@
|
||||
# Generated by nginxconfig.io
|
||||
# https://www.digitalocean.com/community/tools/nginx?domains.0.server.domain=tourneys.naval-base.com&domains.0.server.documentRoot=&domains.0.https.certType=custom&domains.0.php.php=false&domains.0.reverseProxy.reverseProxy=true&domains.0.reverseProxy.proxyPass=http%3A%2F%2F127.0.0.1%3A3001&domains.0.routing.root=false&domains.0.logging.accessLog=true&domains.0.logging.errorLog=true
|
||||
|
||||
user www-data;
|
||||
pid /run/nginx.pid;
|
||||
worker_processes auto;
|
||||
worker_rlimit_nofile 65535;
|
||||
|
||||
events {
|
||||
multi_accept on;
|
||||
worker_connections 65535;
|
||||
}
|
||||
|
||||
http {
|
||||
charset utf-8;
|
||||
sendfile on;
|
||||
tcp_nopush on;
|
||||
tcp_nodelay on;
|
||||
server_tokens off;
|
||||
log_not_found off;
|
||||
types_hash_max_size 2048;
|
||||
|
||||
# MIME
|
||||
include mime.types;
|
||||
default_type application/octet-stream;
|
||||
|
||||
# Logging
|
||||
access_log /var/log/nginx/access.log;
|
||||
error_log /var/log/nginx/error.log warn;
|
||||
|
||||
# SSL
|
||||
ssl_session_timeout 1d;
|
||||
ssl_session_cache shared:SSL:10m;
|
||||
ssl_session_tickets off;
|
||||
|
||||
# Diffie-Hellman parameter for DHE ciphersuites
|
||||
# ssl_dhparam /etc/nginx/dhparam.pem;
|
||||
|
||||
# Mozilla Intermediate configuration
|
||||
ssl_protocols TLSv1.2 TLSv1.3;
|
||||
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
|
||||
|
||||
# OCSP Stapling
|
||||
ssl_stapling off;
|
||||
ssl_stapling_verify off;
|
||||
resolver 1.1.1.1 1.0.0.1 8.8.8.8 8.8.4.4 208.67.222.222 208.67.220.220 valid=60s;
|
||||
resolver_timeout 2s;
|
||||
|
||||
# Upload size limit
|
||||
client_max_body_size 100M;
|
||||
client_body_timeout 600s;
|
||||
|
||||
# Load configs
|
||||
include /etc/nginx/conf.d/*.conf;
|
||||
# include /etc/nginx/sites-enabled/*;
|
||||
}
|
18
docker/nginx/nginxconfig.io/general.conf
Normal file
18
docker/nginx/nginxconfig.io/general.conf
Normal file
@ -0,0 +1,18 @@
|
||||
# favicon.ico
|
||||
location = /favicon.ico {
|
||||
log_not_found off;
|
||||
access_log off;
|
||||
}
|
||||
|
||||
# robots.txt
|
||||
location = /robots.txt {
|
||||
log_not_found off;
|
||||
access_log off;
|
||||
}
|
||||
|
||||
# gzip
|
||||
gzip on;
|
||||
gzip_vary on;
|
||||
gzip_proxied any;
|
||||
gzip_comp_level 6;
|
||||
gzip_types text/plain text/css text/xml application/json application/javascript application/rss+xml application/atom+xml image/svg+xml;
|
18
docker/nginx/nginxconfig.io/proxy.conf
Normal file
18
docker/nginx/nginxconfig.io/proxy.conf
Normal file
@ -0,0 +1,18 @@
|
||||
proxy_http_version 1.1;
|
||||
proxy_cache_bypass $http_upgrade;
|
||||
|
||||
# Proxy headers
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection "upgrade";
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
proxy_set_header X-Forwarded-Host $host;
|
||||
proxy_set_header X-Forwarded-Port $server_port;
|
||||
proxy_set_header X-NginX-Proxy true;
|
||||
|
||||
# Proxy timeouts
|
||||
proxy_connect_timeout 60s;
|
||||
proxy_send_timeout 60s;
|
||||
proxy_read_timeout 60s;
|
13
docker/nginx/nginxconfig.io/security.conf
Normal file
13
docker/nginx/nginxconfig.io/security.conf
Normal file
@ -0,0 +1,13 @@
|
||||
# security headers
|
||||
|
||||
# Consider configuring "helmet" option in config.js instead, if applicable.
|
||||
# Said options will limit the header tags only to pages served by lolisafe service,
|
||||
# and not the uploaded files that will instead be directly served by nginx.
|
||||
|
||||
#add_header Content-Security-Policy "default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self'; media-src 'self'; connect-src 'self'; font-src 'self' data: https://fonts.gstatic.com; worker-src 'self' blob:";
|
||||
add_header Permissions-Policy "accelerometer=(), autoplay=(self), camera=(self), fullscreen=(self), gyroscope=(), magnetometer=(), microphone=(self), midi=(), payment=(), picture-in-picture=(self), sync-xhr=(self), usb=(self)";
|
||||
|
||||
# . files
|
||||
location ~ /\.(?!well-known) {
|
||||
deny all;
|
||||
}
|
0
docker/nginx/ssl/.gitkeep
Normal file
0
docker/nginx/ssl/.gitkeep
Normal file
@ -1,64 +0,0 @@
|
||||
upstream backend {
|
||||
server 127.0.0.1:9999; # Change to the port you specified on lolisafe
|
||||
}
|
||||
|
||||
map $sent_http_content_type $charset {
|
||||
~^text/ utf-8;
|
||||
}
|
||||
|
||||
server {
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
server_name lolisafe.moe;
|
||||
return 301 https://$server_name$request_uri;
|
||||
}
|
||||
|
||||
server {
|
||||
listen 443 ssl http2;
|
||||
listen [::]:443 ssl http2;
|
||||
|
||||
server_name lolisafe.moe;
|
||||
server_tokens off;
|
||||
|
||||
ssl_certificate /path/to/your/fullchain.pem;
|
||||
ssl_certificate_key /path/to/your/privkey.pem;
|
||||
ssl_trusted_certificate /path/to/your/fullchain.pem;
|
||||
|
||||
client_max_body_size 100M; # Change this to the max file size you want to allow
|
||||
|
||||
charset $charset;
|
||||
charset_types *;
|
||||
|
||||
# Uncomment if you are running lolisafe behind CloudFlare.
|
||||
# This requires NGINX compiled from source with:
|
||||
# --with-http_realip_module
|
||||
#include /path/to/lolisafe/real-ip-from-cf;
|
||||
|
||||
location / {
|
||||
add_header Access-Control-Allow-Origin *;
|
||||
root /path/to/your/uploads/folder;
|
||||
try_files $uri @proxy;
|
||||
}
|
||||
|
||||
location @proxy {
|
||||
proxy_pass http://backend;
|
||||
proxy_redirect off;
|
||||
proxy_http_version 1.1;
|
||||
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection "upgrade";
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header X-Forwarded-Host $host;
|
||||
proxy_set_header X-Forwarded-Port $server_port;
|
||||
proxy_set_header X-Forwarded-Protocol $scheme;
|
||||
proxy_set_header X-NginX-Proxy true;
|
||||
|
||||
# Enabling these may help with clients with slow upload speeds.
|
||||
#proxy_connect_timeout 300s;
|
||||
#proxy_send_timeout 300s;
|
||||
#proxy_read_timeout 600s;
|
||||
#send_timeout 300s;
|
||||
}
|
||||
}
|
@ -1,49 +0,0 @@
|
||||
upstream backend {
|
||||
server safe:9999; # Change to the port you specified on lolisafe
|
||||
}
|
||||
|
||||
map $sent_http_content_type $charset {
|
||||
~^text/ utf-8;
|
||||
}
|
||||
|
||||
server {
|
||||
listen 80;
|
||||
|
||||
client_max_body_size 10000M; # Change this to the max file size you want to allow
|
||||
|
||||
charset $charset;
|
||||
charset_types *;
|
||||
|
||||
# Uncomment if you are running lolisafe behind CloudFlare.
|
||||
# This requires NGINX compiled from source with:
|
||||
# --with-http_realip_module
|
||||
#include /path/to/lolisafe/real-ip-from-cf;
|
||||
|
||||
location / {
|
||||
add_header Access-Control-Allow-Origin *;
|
||||
root /uploads;
|
||||
try_files $uri @proxy;
|
||||
}
|
||||
|
||||
location @proxy {
|
||||
proxy_pass http://backend;
|
||||
proxy_redirect off;
|
||||
proxy_http_version 1.1;
|
||||
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection "upgrade";
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header X-Forwarded-Host $host;
|
||||
proxy_set_header X-Forwarded-Port $server_port;
|
||||
proxy_set_header X-Forwarded-Protocol $scheme;
|
||||
proxy_set_header X-NginX-Proxy true;
|
||||
|
||||
# Enabling these may help with clients with slow upload speeds.
|
||||
#proxy_connect_timeout 300s;
|
||||
#proxy_send_timeout 300s;
|
||||
#proxy_read_timeout 600s;
|
||||
#send_timeout 300s;
|
||||
}
|
||||
}
|
@ -1,53 +0,0 @@
|
||||
upstream backend {
|
||||
server 127.0.0.1:9999; # Change to the port you specified on lolisafe
|
||||
}
|
||||
|
||||
map $sent_http_content_type $charset {
|
||||
~^text/ utf-8;
|
||||
}
|
||||
|
||||
server {
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
|
||||
server_name lolisafe.moe;
|
||||
server_tokens off;
|
||||
|
||||
client_max_body_size 100M; # Change this to the max file size you want to allow
|
||||
|
||||
charset $charset;
|
||||
charset_types *;
|
||||
|
||||
# Uncomment if you are running lolisafe behind CloudFlare.
|
||||
# This requires NGINX compiled from source with:
|
||||
# --with-http_realip_module
|
||||
#include /path/to/lolisafe/real-ip-from-cf;
|
||||
|
||||
location / {
|
||||
add_header Access-Control-Allow-Origin *;
|
||||
root /path/to/your/uploads/folder;
|
||||
try_files $uri @proxy;
|
||||
}
|
||||
|
||||
location @proxy {
|
||||
proxy_pass http://backend;
|
||||
proxy_redirect off;
|
||||
proxy_http_version 1.1;
|
||||
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection "upgrade";
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header X-Forwarded-Host $host;
|
||||
proxy_set_header X-Forwarded-Port $server_port;
|
||||
proxy_set_header X-Forwarded-Protocol $scheme;
|
||||
proxy_set_header X-NginX-Proxy true;
|
||||
|
||||
# Enabling these may help with clients with slow upload speeds.
|
||||
#proxy_connect_timeout 300s;
|
||||
#proxy_send_timeout 300s;
|
||||
#proxy_read_timeout 600s;
|
||||
#send_timeout 300s;
|
||||
}
|
||||
}
|
@ -1,30 +0,0 @@
|
||||
# https://www.cloudflare.com/ips/
|
||||
|
||||
# IPv4 Ranges
|
||||
# https://www.cloudflare.com/ips-v4/
|
||||
set_real_ip_from 173.245.48.0/20;
|
||||
set_real_ip_from 103.21.244.0/22;
|
||||
set_real_ip_from 103.22.200.0/22;
|
||||
set_real_ip_from 103.31.4.0/22;
|
||||
set_real_ip_from 141.101.64.0/18;
|
||||
set_real_ip_from 108.162.192.0/18;
|
||||
set_real_ip_from 190.93.240.0/20;
|
||||
set_real_ip_from 188.114.96.0/20;
|
||||
set_real_ip_from 197.234.240.0/22;
|
||||
set_real_ip_from 198.41.128.0/17;
|
||||
set_real_ip_from 162.158.0.0/15;
|
||||
set_real_ip_from 104.16.0.0/12;
|
||||
set_real_ip_from 172.64.0.0/13;
|
||||
set_real_ip_from 131.0.72.0/22;
|
||||
|
||||
# IPv6 Ranges
|
||||
# https://www.cloudflare.com/ips-v6/
|
||||
set_real_ip_from 2400:cb00::/32;
|
||||
set_real_ip_from 2606:4700::/32;
|
||||
set_real_ip_from 2803:f800::/32;
|
||||
set_real_ip_from 2405:b500::/32;
|
||||
set_real_ip_from 2405:8100::/32;
|
||||
set_real_ip_from 2a06:98c0::/29;
|
||||
set_real_ip_from 2c0f:f248::/32;
|
||||
|
||||
real_ip_header CF-Connecting-IP;
|
Loading…
Reference in New Issue
Block a user