user nginx; worker_processes 1; error_log /var/log/nginx/error.log warn; pid /var/run/nginx.pid; events { worker_connections 1024; } http { include /etc/nginx/mime.types; default_type application/octet-stream; log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; access_log /var/log/nginx/access.log main; sendfile on; #tcp_nopush on; keepalive_timeout 65; #gzip on; proxy_cache_path /tmp/funkwhale-transcode levels=1:2 keys_zone=transcode:10m max_size=1g inactive=24h use_temp_path=off; map $http_upgrade $connection_upgrade { default upgrade; '' close; } server { listen 6001; charset utf-8; client_max_body_size 20M; include /etc/nginx/funkwhale_proxy.conf; location /_protected/media { internal; alias /protected/media; } location = /transcode-auth { # needed so we can authenticate transcode requests, but still # cache the result internal; set $query ''; # ensure we actually pass the jwt to the underlytin auth url if ($request_uri ~* "[^\?]+\?(.*)$") { set $query $1; } include /etc/nginx/funkwhale_proxy.conf; proxy_pass http://api:12081/api/v1/trackfiles/viewable/?$query; proxy_pass_request_body off; proxy_set_header Content-Length ""; } location /api/v1/trackfiles/transcode/ { # this block deals with authenticating and caching transcoding # requests. Caching is heavily recommended as transcoding # is a CPU intensive process. auth_request /transcode-auth; if ($args ~ (.*)jwt=[^&]*(.*)) { set $cleaned_args $1$2; } include /etc/nginx/funkwhale_proxy.conf; proxy_cache_key "$scheme$request_method$host$uri$is_args$cleaned_args"; proxy_cache transcode; proxy_cache_valid 200 7d; proxy_ignore_headers "Set-Cookie"; proxy_hide_header "Set-Cookie"; add_header X-Cache-Status $upstream_cache_status; proxy_pass http://api:12081; } location / { include /etc/nginx/funkwhale_proxy.conf; proxy_pass http://api:12081/; } } }