LecygneNoir
/
peertube-helm
1
0
Fork 0
Code Issues 1 Pull Requests 0 Releases 15 Activity
Helm chart for deploying Peertube on kubernetes
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
18 Commits
2 Branches
211 KiB
Tree: f44353bb00
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'f44353bb00'
${ noResults }
peertube-helm/templates/nginx-proxyconf.yml

148 lines
6.1 KiB
Raw Normal View History

Add nginx sidecar in the Peertube pod to serve static filees and preserve optimisation from the official Peertube Nginx configuration. Sidecar is optionnal and can be disabled.
4 years ago
 
  1. apiVersion: v1

  2. kind: ConfigMap

  3. metadata:

  4.   name: nginx-proxyconf

  5. data:

  6.   peertubesite.conf: |-

  7.     server {

  8.       listen {{ .Values.nginxproxy.service.port }} default_server;

  9.       listen [::]:{{ .Values.nginxproxy.service.port }} default_server;

  10.       server_name _;

  11. 

  12.       error_log  /var/log/nginx/error.log warn;

  13.       access_log  /var/log/nginx/access.log  main;

  14. 

  15.       # Enable compression for JS/CSS/HTML bundle, for improved client load times.

  16.       # It might be nice to compress JSON, but leaving that out to protect against potential

  17.       # compression+encryption information leak attacks like BREACH.

  18.       gzip on;

  19.       gzip_types text/css application/javascript;

  20.       gzip_vary on;

  21. 

  22.       # If you have a small /var/lib partition, it could be interesting to store temp nginx uploads in a different place

  23.       # See https://nginx.org/en/docs/http/ngx_http_core_module.html#client_body_temp_path

  24.       client_body_temp_path /nginxtemp;

  25. 

  26.       # Bypass PeerTube for performance reasons. Could be removed

  27.       location ~ ^/client/(.*\.(js|css|png|svg|woff2|otf|ttf|woff|eot))$ {

  28.         add_header Cache-Control "public, max-age=31536000, immutable";

  29. 

  30.         alias /assets/$1;

  31.       }

  32. 

  33.       # Bypass PeerTube for performance reasons. Could be removed

  34.       location ~ ^/static/(thumbnails|avatars)/ {

  35.         if ($request_method = 'OPTIONS') {

  36.           add_header 'Access-Control-Allow-Origin' '*';

  37.           add_header 'Access-Control-Allow-Methods' 'GET, OPTIONS';

  38.           add_header 'Access-Control-Allow-Headers' 'Range,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';

  39.           add_header 'Access-Control-Max-Age' 1728000;

  40.           add_header 'Content-Type' 'text/plain charset=UTF-8';

  41.           add_header 'Content-Length' 0;

  42.           return 204;

  43.         }

  44. 

  45.         add_header 'Access-Control-Allow-Origin' '*';

  46.         add_header 'Access-Control-Allow-Methods' 'GET, OPTIONS';

  47.         add_header 'Access-Control-Allow-Headers' 'Range,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';

  48. 

  49.         # Cache 2 hours

  50.         add_header Cache-Control "public, max-age=7200";

  51. 

  52.         root /data;

  53. 

  54.         rewrite ^/static/(thumbnails|avatars)/(.*)$ /$1/$2 break;

  55.         try_files $uri /;

  56.       }

  57. 

  58.       location / {

  59.         proxy_pass http://127.0.0.1:{{ .Values.service.port }};

  60.         proxy_set_header X-Real-IP $remote_addr;

  61.         proxy_set_header Host $host;

  62.         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

  63. 

  64.         # This is the maximum upload size, which roughly matches the maximum size of a video file

  65.         # you can send via the API or the web interface. By default this is 8GB, but administrators

  66.         # can increase or decrease the limit. Currently there's no way to communicate this limit

  67.         # to users automatically, so you may want to leave a note in your instance 'about' page if

  68.         # you change this.

  69.         #

  70.         # Note that temporary space is needed equal to the total size of all concurrent uploads.

  71.         # This data gets stored in /var/lib/nginx by default, so you may want to put this directory

  72.         # on a dedicated filesystem.

  73.         #

  74.         client_max_body_size {{ .Values.nginxproxy.maxbodysize }};

  75. 

  76.         # Default timeout to 50m to allow large upload with slow connection

  77.         proxy_connect_timeout       3000;

  78.         proxy_send_timeout          3000;

  79.         proxy_read_timeout          3000;

  80.         send_timeout                3000;

  81.       }

  82. 

  83.       # Bypass PeerTube for performance reasons. Could be removed

  84.       location ~ ^/static/(webseed|redundancy|streaming-playlists)/ {

  85.         # Clients usually have 4 simultaneous webseed connections, so the real limit is 4MB/s per client

  86.         set $peertube_limit_rate 1000k;

  87. 

  88.         # Increase rate limit in HLS mode, because we don't have multiple simultaneous connections

  89.         if ($request_uri ~ -fragmented.mp4$) {

  90.           set $peertube_limit_rate 5000k;

  91.         }

  92. 

  93.         # Use this with nginx >= 1.17.0

  94.         limit_rate $peertube_limit_rate;

  95. 

  96.         if ($request_method = 'OPTIONS') {

  97.           add_header 'Access-Control-Allow-Origin' '*';

  98.           add_header 'Access-Control-Allow-Methods' 'GET, OPTIONS';

  99.           add_header 'Access-Control-Allow-Headers' 'Range,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';

  100.           add_header 'Access-Control-Max-Age' 1728000;

  101.           add_header 'Content-Type' 'text/plain charset=UTF-8';

  102.           add_header 'Content-Length' 0;

  103.           return 204;

  104.         }

  105. 

  106.         if ($request_method = 'GET') {

  107.           add_header 'Access-Control-Allow-Origin' '*';

  108.           add_header 'Access-Control-Allow-Methods' 'GET, OPTIONS';

  109.           add_header 'Access-Control-Allow-Headers' 'Range,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';

  110. 

  111.           # Don't spam access log file with byte range requests

  112.           access_log off;

  113.         }

  114. 

  115.         root /data;

  116. 

  117.         rewrite ^/static/webseed/(.*)$ /videos/$1 break;

  118.         rewrite ^/static/redundancy/(.*)$ /redundancy/$1 break;

  119.         rewrite ^/static/streaming-playlists/(.*)$ /streaming-playlists/$1 break;

  120. 

  121.         try_files $uri /;

  122.       }

  123. 

  124.       # Websocket tracker

  125.       location /tracker/socket {

  126.         # Peers send a message to the tracker every 15 minutes

  127.         # Don't close the websocket before this time

  128.         proxy_read_timeout 1200s;

  129.         proxy_set_header Upgrade $http_upgrade;

  130.         proxy_set_header Connection "upgrade";

  131.         proxy_http_version 1.1;

  132.         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

  133.         proxy_set_header Host $host;

  134.         proxy_pass http://127.0.0.1:{{ .Values.service.port }};

  135.       }

  136. 

  137.       location /socket.io {

  138.         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

  139.         proxy_set_header Host $host;

  140. 

  141.         proxy_pass http://127.0.0.1:{{ .Values.service.port }};

  142. 

  143.         # enable WebSockets

  144.         proxy_http_version 1.1;

  145.         proxy_set_header Upgrade $http_upgrade;

  146.         proxy_set_header Connection "upgrade";

  147.       }

  148.     }