require access through CDN

This commit is contained in:
Charlotte 🦝 Delenk 2023-05-26 12:50:41 +01:00
parent 2785ff0197
commit 25d3e23a3f
Signed by: darkkirb
GPG key ID: AB2BD8DAF2E37122
2 changed files with 10 additions and 45 deletions

View file

@ -261,9 +261,6 @@
":web_push_encryption".":vapid_details".subject = "lotte@chir.rs";
});
in {
imports = [
./mediaproxy.nix
];
services.pleroma = {
enable = true;
package = nix-packages.packages.${pkgs.system}.akkoma;
@ -290,10 +287,16 @@ in {
handle /media_attachments/* {
redir https://mastodon-assets.chir.rs{uri} permanent
}
handle /proxy/* {
reverse_proxy {
to http://127.0.0.1:24154
}
@isbunny {
header Via BunnyCDN
}
route /media/* {
reverse_proxy @isbunny http://127.0.0.1:4000
respond "Use the cdn" 403
}
route /proxy/* {
reverse_proxy @isbunny http://127.0.0.1:4000
respond "Use the cdn" 403
}
handle {
reverse_proxy {

View file

@ -1,38 +0,0 @@
{
services.nginx = {
enable = true;
commonHttpConfig = "proxy_cache_path /var/cache/mediacache levels=2:2:2 keys_zone=akkoma_media_cache:25m inactive=1y use_temp_path=off min_free=10G;";
virtualHosts."mail.chir.rs".listen = [
{
addr = "127.0.0.1";
port = 24153;
}
];
virtualHosts."mediaproxy.int.chir.rs" = {
listen = [
{
addr = "127.0.0.1";
port = 24154;
}
];
extraConfig = ''
location ~ ^/(media|proxy) {
proxy_cache akkoma_media_cache;
proxy_cache_key $host$uri$is_args$args;
proxy_http_version 1.1;
proxy_cache_valid 206 301 302 304 1h;
proxy_cache_valid 200 1y;
proxy_cache_use_stale error timeout invalid_header updating;
proxy_ignore_client_abort on;
proxy_buffering on;
proxy_cache_lock on;
proxy_pass http://127.0.0.1:4000;
}
'';
};
};
systemd.tmpfiles.rules = [
"d '/var/cache/mediacache' 0750 nginx nginx - -"
];
systemd.services.nginx.serviceConfig.ReadWritePaths = ["/var/cache/mediacache"];
}