Fix support for X-Accel-Redirect

2026-02-04 01:50:39 +01:00 · 2026-01-05 14:39:45 +01:00
parent 9a469378df
commit 4ec7b8fc18
5 changed files with 68 additions and 2 deletions
--- a/docs/nginx/nginx.conf
+++ b/docs/nginx/nginx.conf
@@ -0,0 +1,43 @@
+server {
+    listen       [::]:443 ssl;
+    listen       443 ssl;
+    server_name  myhost;
+
+    # ssl_certificate ...;
+
+    add_header X-Xss-Protection "1; mode=block";
+    add_header Strict-Transport-Security "max-age=15768000";
+    add_header Permissions-Policy "geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()";
+    add_header Content-Security-Policy "child-src 'none'; object-src 'none'";
+
+    client_max_body_size 250M;
+    error_page  403 404 https://$server_name/404;
+
+    location / {
+        proxy_pass               http://127.0.0.1:8000;
+        proxy_set_header         Host              $host;
+        proxy_set_header         X-Real-IP         $remote_addr;
+        proxy_set_header         X-Forwarded-For   $proxy_add_x_forwarded_for;
+        proxy_set_header         X-Forwarded-Proto $scheme;
+        proxy_redirect           http:// https://;
+        proxy_connect_timeout    1800;
+        proxy_read_timeout       1800;
+        proxy_max_temp_file_size 8192m;
+    }
+
+    # static files
+    location /static {
+        root /myroot/ram/storage;
+    }
+
+    # media files
+    location ~ ^/media/(images|uploads) {
+        root /myroot/ram/storage;
+    }
+
+    # protected filed to be served via X-Accel-Redirect
+    location /private {
+    	internal;
+        alias /myroot/ram/storage/media;
+    }
+}