fuck Lemmy

.deprecated/lemmy/nginx_internal.conf

@@ -0,0 +1,85 @@
+worker_processes auto;
+
+events {
+    worker_connections 1024;
+}
+
+http {
+    # Docker internal DNS IP so we always get the newer containers without having to
+    # restart/reload the docker container / nginx configuration
+    resolver 127.0.0.11 valid=5s;
+
+    # set the real_ip when from docker internal ranges. Ensuring our internal nginx
+    # container can always see the correct ips in the logs
+    set_real_ip_from 10.0.0.0/8;
+    set_real_ip_from 172.16.0.0/12;
+    set_real_ip_from 192.168.0.0/16;
+
+    # We construct a string consistent of the "request method" and "http accept header"
+    # and then apply soem ~simply regexp matches to that combination to decide on the
+    # HTTP upstream we should proxy the request to.
+    #
+    # Example strings:
+    #
+    #   "GET:application/activity+json"
+    #   "GET:text/html"
+    #   "POST:application/activity+json"
+    #
+    # You can see some basic match tests in this regex101 matching this configuration
+    # https://regex101.com/r/vwMJNc/1
+    #
+    # Learn more about nginx maps here http://nginx.org/en/docs/http/ngx_http_map_module.html
+    map "$request_method:$http_accept" $proxpass {
+        # If no explicit matches exists below, send traffic to lemmy-ui
+        default "http://lemmy-ui:1234";
+
+        # GET/HEAD requests that accepts ActivityPub or Linked Data JSON should go to lemmy.
+        #
+        # These requests are used by Mastodon and other fediverse instances to look up profile information,
+        # discover site information and so on.
+        "~^(?:GET|HEAD):.*?application\/(?:activity|ld)\+json" "http://lemmy:8536";
+
+        # All non-GET/HEAD requests should go to lemmy
+        #
+        # Rather than calling out POST, PUT, DELETE, PATCH, CONNECT and all the verbs manually
+        # we simply negate the GET|HEAD pattern from above and accept all possibly $http_accept values
+        "~^(?!(GET|HEAD)).*:" "http://lemmy:8536";
+    }
+
+    server {
+        set $lemmy_ui "lemmy-ui:1234";
+        set $lemmy "lemmy:8536";
+        # this is the port inside docker, not the public one yet
+        listen 1236;
+        listen 8536;
+
+        # change if needed, this is facing the public web
+        server_name localhost;
+        server_tokens off;
+
+        # Upload limit, relevant for pictrs
+        client_max_body_size 20M;
+
+        # Send actual client IP upstream
+        include proxy_params;
+
+        # frontend general requests
+        location / {
+            proxy_pass $proxpass;
+            rewrite ^(.+)/+$ $1 permanent;
+        }
+
+        # security.txt
+        location = /.well-known/security.txt {
+            proxy_pass "http://$lemmy_ui";
+        }
+
+        # backend
+        location ~ ^/(api|pictrs|feeds|nodeinfo|.well-known|version|sitemap.xml) {
+            proxy_pass "http://$lemmy";
+
+            # Send actual client IP upstream
+            include proxy_params;
+        }
+    }
+}