Implement media proxy

This commit is contained in:
jaina heartles 2024-02-27 15:13:56 -08:00
parent de617d19e4
commit 65fd4c7579

View file

@ -50,19 +50,17 @@ in {
credentialsFile = "/etc/nixos-secrets/namecheap-acme"; credentialsFile = "/etc/nixos-secrets/namecheap-acme";
group = "nginx"; group = "nginx";
}; };
certs."STAR.egirls.gay" = {
domain = "*.egirls.gay";
dnsProvider = "namecheap";
credentialsFile = "/etc/nixos-secrets/namecheap-acme";
group = "nginx";
};
}; };
networking.firewall.allowedTCPPorts = [ 80 443 ]; networking.firewall.allowedTCPPorts = [ 80 443 ];
services.nginx = { services.nginx = let
enable = true;
recommendedProxySettings = true;
upstreams."misskey".extraConfig = ''
server unix:/var/run/misskey/misskey.sock;
'';
virtualHosts."egirls.gay" = {
listen = [ listen = [
{ {
port = 443; port = 443;
@ -74,6 +72,49 @@ in {
addr = "0.0.0.0"; addr = "0.0.0.0";
} }
]; ];
in {
enable = true;
recommendedProxySettings = true;
upstreams."misskey".extraConfig = ''
server unix:/var/run/misskey/misskey.sock;
'';
virtualHosts."media.egirls.gay" = {
inherit listen;
forceSSL = true;
useACMEHost = "STAR.egirls.gay";
extraConfig = ''
client_max_body_size 1m;
'';
locations."/".extraConfig = ''
set $bucket rub-um5oh2ac4yi9c2mf.misskey.egirls.gay;
set $region us-east-1;
proxy_pass https://storage.us-east-1.linodeobjects.com;
proxy_set_header Host $bucket.us-east-1.linodeobjects.com;
proxy_http_version 1.1;
proxy_redirect off;
proxy_intercept_errors on;
error_page 400 401 403 404 406 409 410 /404;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_cache off;
'';
locations."/404".extraConfig = ''
return 404 "not found";
'';
};
virtualHosts."egirls.gay" = {
inherit listen;
forceSSL = true; forceSSL = true;
useACMEHost = "egirls.gay"; useACMEHost = "egirls.gay";