dessalines · June 11, 2020 15:19
diff --git a/nginx.conf b/nginx.conf
 #user html;
 worker_processes  1;

 #error_log  logs/error.log;
 #error_log  logs/error.log  notice;
 #error_log  logs/error.log  info;

 #pid        logs/nginx.pid;


 events {
    worker_connections  1024;
 }


 http {
  proxy_cache_path /var/cache/lemmy_frontend levels=1:2 keys_zone=lemmy_frontend_cache:10m max_size=100m                 use_temp_path=off;
    include       mime.types;
    default_type  application/octet-stream;

    #log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
    #                  '$status $body_bytes_sent "$http_referer" '
    #                  '"$http_user_agent" "$http_x_forwarded_for"';

    #access_log  logs/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    #keepalive_timeout  0;
    keepalive_timeout  65;

    #gzip  on;

    server {
        listen       80;
        server_name  localhost;

        #charset koi8-r;

        #access_log  logs/host.access.log  main;

        location / {
            root   /usr/share/nginx/html;
            index  index.html index.htm;
        }

        #error_page  404              /404.html;

        # redirect server error pages to the static page /50x.html
        #
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   /usr/share/nginx/html;
        }

        # proxy the PHP scripts to Apache listening on 127.0.0.1:80
        #
        #location ~ \.php$ {
        #    proxy_pass   http://127.0.0.1;
        #}

        # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
        #
        #location ~ \.php$ {
        #    root           html;
        #    fastcgi_pass   127.0.0.1:9000;
        #    fastcgi_index  index.php;
        #    fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
        #    include        fastcgi_params;
        #}

        # deny access to .htaccess files, if Apache's document root
        # concurs with nginx's one
        #
        #location ~ /\.ht {
        #    deny  all;
        #}
    }

 server {
        listen       8535;
        server_name  localhost;



    # Enable compression for JS/CSS/HTML bundle, for improved client load times.
    # It might be nice to compress JSON, but leaving that out to protect against potential
    # compression+encryption information leak attacks like BREACH.
    gzip on;
    gzip_types text/css application/javascript;
    gzip_vary on;

    # Only connect to this site via HTTPS for the two years
    add_header Strict-Transport-Security "max-age=63072000";

    # Various content security headers
    add_header Referrer-Policy "same-origin";
    add_header X-Content-Type-Options "nosniff";
    add_header X-Frame-Options "DENY";
    add_header X-XSS-Protection "1; mode=block";

    # Upload limit for pictshare
    client_max_body_size 50M;

    location / {
        proxy_pass http://0.0.0.0:8536;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

        # WebSocket support
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";

        # Proxy Cache
        # proxy_cache             lemmy_frontend_cache;
        # proxy_cache_use_stale   error timeout http_500 http_502 http_503 http_504;
        # proxy_cache_revalidate  on;
        # proxy_cache_lock        on;
        # proxy_cache_min_uses    5;
    }    

    location /pictshare/ { 
    # location /pictrs/ {
      proxy_pass http://0.0.0.0:8537/;
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header Host $host;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

      # if ($request_uri ~ \.(?:ico|gif|jpe?g|png|webp|bmp|mp4)$) {
      #   add_header Cache-Control "public";
      #   add_header age "18349";
      #   add_header etag "18349";
      #   add_header content-type "image/jpeg";
      #   add_header content-length "2045";
      #   add_header last-modified "Wed, 01 Jan 2020 21:44:24 GMT";
      #   expires 5d;
      # }   
    }
    location /iframely/ {
      proxy_pass http://0.0.0.0:8061/;
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header Host $host;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }
 }

    # another virtual host using mix of IP-, name-, and port-based configuration
    #
    #server {
    #    listen       8000;
    #    listen       somename:8080;
    #    server_name  somename  alias  another.alias;

    #    location / {
    #        root   html;
    #        index  index.html index.htm;
    #    }
    #}


    # HTTPS server
    #
    #server {
    #    listen       443 ssl;
    #    server_name  localhost;

    #    ssl_certificate      cert.pem;
    #    ssl_certificate_key  cert.key;

    #    ssl_session_cache    shared:SSL:1m;
    #    ssl_session_timeout  5m;

    #    ssl_ciphers  HIGH:!aNULL:!MD5;
    #    ssl_prefer_server_ciphers  on;

    #    location / {
    #        root   html;
    #        index  index.html index.htm;
    #    }
    #}

 }
	#user html;
	worker_processes 1;

	#error_log logs/error.log;
	#error_log logs/error.log notice;
	#error_log logs/error.log info;

	#pid logs/nginx.pid;


	events {
	worker_connections 1024;
	}


	http {
	proxy_cache_path /var/cache/lemmy_frontend levels=1:2 keys_zone=lemmy_frontend_cache:10m max_size=100m use_temp_path=off;
	include mime.types;
	default_type application/octet-stream;

	#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
	# '$status $body_bytes_sent "$http_referer" '
	# '"$http_user_agent" "$http_x_forwarded_for"';

	#access_log logs/access.log main;

	sendfile on;
	#tcp_nopush on;

	#keepalive_timeout 0;
	keepalive_timeout 65;

	#gzip on;

	server {
	listen 80;
	server_name localhost;

	#charset koi8-r;

	#access_log logs/host.access.log main;

	location / {
	root /usr/share/nginx/html;
	index index.html index.htm;
	}

	#error_page 404 /404.html;

	# redirect server error pages to the static page /50x.html
	#
	error_page 500 502 503 504 /50x.html;
	location = /50x.html {
	root /usr/share/nginx/html;
	}

	# proxy the PHP scripts to Apache listening on 127.0.0.1:80
	#
	#location ~ \.php$ {
	# proxy_pass http://127.0.0.1;
	#}

	# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
	#
	#location ~ \.php$ {
	# root html;
	# fastcgi_pass 127.0.0.1:9000;
	# fastcgi_index index.php;
	# fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
	# include fastcgi_params;
	#}

	# deny access to .htaccess files, if Apache's document root
	# concurs with nginx's one
	#
	#location ~ /\.ht {
	# deny all;
	#}
	}

	server {
	listen 8535;
	server_name localhost;



	# Enable compression for JS/CSS/HTML bundle, for improved client load times.
	# It might be nice to compress JSON, but leaving that out to protect against potential
	# compression+encryption information leak attacks like BREACH.
	gzip on;
	gzip_types text/css application/javascript;
	gzip_vary on;

	# Only connect to this site via HTTPS for the two years
	add_header Strict-Transport-Security "max-age=63072000";

	# Various content security headers
	add_header Referrer-Policy "same-origin";
	add_header X-Content-Type-Options "nosniff";
	add_header X-Frame-Options "DENY";
	add_header X-XSS-Protection "1; mode=block";

	# Upload limit for pictshare
	client_max_body_size 50M;

	location / {
	proxy_pass http://0.0.0.0:8536;
	proxy_set_header X-Real-IP $remote_addr;
	proxy_set_header Host $host;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

	# WebSocket support
	proxy_http_version 1.1;
	proxy_set_header Upgrade $http_upgrade;
	proxy_set_header Connection "upgrade";

	# Proxy Cache
	# proxy_cache lemmy_frontend_cache;
	# proxy_cache_use_stale error timeout http_500 http_502 http_503 http_504;
	# proxy_cache_revalidate on;
	# proxy_cache_lock on;
	# proxy_cache_min_uses 5;
	}

	location /pictshare/ {
	# location /pictrs/ {
	proxy_pass http://0.0.0.0:8537/;
	proxy_set_header X-Real-IP $remote_addr;
	proxy_set_header Host $host;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

	# if ($request_uri ~ \.(?:ico\|gif\|jpe?g\|png\|webp\|bmp\|mp4)$) {
	# add_header Cache-Control "public";
	# add_header age "18349";
	# add_header etag "18349";
	# add_header content-type "image/jpeg";
	# add_header content-length "2045";
	# add_header last-modified "Wed, 01 Jan 2020 21:44:24 GMT";
	# expires 5d;
	# }
	}
	location /iframely/ {
	proxy_pass http://0.0.0.0:8061/;
	proxy_set_header X-Real-IP $remote_addr;
	proxy_set_header Host $host;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	}
	}

	# another virtual host using mix of IP-, name-, and port-based configuration
	#
	#server {
	# listen 8000;
	# listen somename:8080;
	# server_name somename alias another.alias;

	# location / {
	# root html;
	# index index.html index.htm;
	# }
	#}


	# HTTPS server
	#
	#server {
	# listen 443 ssl;
	# server_name localhost;

	# ssl_certificate cert.pem;
	# ssl_certificate_key cert.key;

	# ssl_session_cache shared:SSL:1m;
	# ssl_session_timeout 5m;

	# ssl_ciphers HIGH:!aNULL:!MD5;
	# ssl_prefer_server_ciphers on;

	# location / {
	# root html;
	# index index.html index.htm;
	# }
	#}

	}