Use /var/tmp for media cache path #776

Merged
floatingghost merged 3 commits from norm/akkoma:nginx-var-tmp into develop 2024-05-28 02:05:18 +00:00
Showing only changes of commit bc46f3da4c - Show all commits

View file

@ -6,37 +6,17 @@ With the `mediaproxy` function you can use nginx to cache this content, so users
## Activate it ## Activate it
* Edit your nginx config and add the following location to your main server block:
```
location /proxy {
return 404;
}
```
* Set up a subdomain for the proxy with its nginx config on the same machine * Set up a subdomain for the proxy with its nginx config on the same machine
*(the latter is not strictly required, but for simplicity well assume so)* * Edit the nginx config for the upload/MediaProxy subdomain to point to the subdomain that has been set up
* In this subdomains server block add
```
location /proxy {
proxy_cache akkoma_media_cache;
proxy_cache_lock on;
proxy_pass http://localhost:4000;
}
```
Also add the following on top of the configuration, outside of the `server` block:
```
proxy_cache_path /tmp/akkoma-media-cache levels=1:2 keys_zone=akkoma_media_cache:10m max_size=10g inactive=720m use_temp_path=off;
```
If you came here from one of the installation guides, take a look at the example configuration `/installation/nginx/akkoma.nginx`, where this part is already included.
* Append the following to your `prod.secret.exs` or `dev.secret.exs` (depends on which mode your instance is running): * Append the following to your `prod.secret.exs` or `dev.secret.exs` (depends on which mode your instance is running):
``` ```elixir
# Replace media.example.td with the subdomain you set up earlier
config :pleroma, :media_proxy, config :pleroma, :media_proxy,
enabled: true, enabled: true,
proxy_opts: [ proxy_opts: [
redirect_on_failure: true redirect_on_failure: true
], ],
base_url: "https://cache.akkoma.social" base_url: "https://media.example.tld"
``` ```
You **really** should use a subdomain to serve proxied files; while we will fix bugs resulting from this, serving arbitrary remote content on your main domain namespace is a significant attack surface. You **really** should use a subdomain to serve proxied files; while we will fix bugs resulting from this, serving arbitrary remote content on your main domain namespace is a significant attack surface.