forked from AkkomaGang/akkoma
Update mediaproxy howto
Since the configuration options on the nginx side already exist in the sample config, there's no need to tell users to copy-paste those settings in again.
This commit is contained in:
parent
7e709768c3
commit
bc46f3da4c
1 changed files with 4 additions and 24 deletions
|
@ -6,37 +6,17 @@ With the `mediaproxy` function you can use nginx to cache this content, so users
|
|||
|
||||
## Activate it
|
||||
|
||||
* Edit your nginx config and add the following location to your main server block:
|
||||
```
|
||||
location /proxy {
|
||||
return 404;
|
||||
}
|
||||
```
|
||||
|
||||
* Set up a subdomain for the proxy with its nginx config on the same machine
|
||||
*(the latter is not strictly required, but for simplicity we’ll assume so)*
|
||||
* In this subdomain’s server block add
|
||||
```
|
||||
location /proxy {
|
||||
proxy_cache akkoma_media_cache;
|
||||
proxy_cache_lock on;
|
||||
proxy_pass http://localhost:4000;
|
||||
}
|
||||
```
|
||||
Also add the following on top of the configuration, outside of the `server` block:
|
||||
```
|
||||
proxy_cache_path /tmp/akkoma-media-cache levels=1:2 keys_zone=akkoma_media_cache:10m max_size=10g inactive=720m use_temp_path=off;
|
||||
```
|
||||
If you came here from one of the installation guides, take a look at the example configuration `/installation/nginx/akkoma.nginx`, where this part is already included.
|
||||
|
||||
* Edit the nginx config for the upload/MediaProxy subdomain to point to the subdomain that has been set up
|
||||
* Append the following to your `prod.secret.exs` or `dev.secret.exs` (depends on which mode your instance is running):
|
||||
```
|
||||
```elixir
|
||||
# Replace media.example.td with the subdomain you set up earlier
|
||||
config :pleroma, :media_proxy,
|
||||
enabled: true,
|
||||
proxy_opts: [
|
||||
redirect_on_failure: true
|
||||
],
|
||||
base_url: "https://cache.akkoma.social"
|
||||
base_url: "https://media.example.tld"
|
||||
```
|
||||
You **really** should use a subdomain to serve proxied files; while we will fix bugs resulting from this, serving arbitrary remote content on your main domain namespace is a significant attack surface.
|
||||
|
||||
|
|
Loading…
Reference in a new issue