diff --git a/templates/nginx.conf b/templates/nginx.conf index 9f727f9..fc84323 100644 --- a/templates/nginx.conf +++ b/templates/nginx.conf @@ -15,7 +15,8 @@ http { } } - proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=peertube_cache:10m max_size={{ cache_size_gb }}g use_temp_path=off; + proxy_cache_path /var/cache/peertube_frontend levels=1:2 keys_zone=peertube_frontend_cache:10m max_size=100m use_temp_path=off; + proxy_cache_path /var/cache/peertube_video levels=1:2 keys_zone=peertube_video_cache:10m max_size={{ cache_size_gb }}g use_temp_path=off; geo $bad_user { default 0; @@ -44,7 +45,7 @@ http { # Various TLS hardening settings # https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html ssl_protocols TLSv1.2 TLSv1.3; - ssl_prefer_server_ciphers on;; + ssl_prefer_server_ciphers on; ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:TLS_RSA_WITH_AES_256_CBC_SHA'; ssl_session_timeout 10m; ssl_session_cache shared:SSL:10m; @@ -82,7 +83,7 @@ ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECD send_timeout 600; # https://www.nginx.com/blog/nginx-caching-guide/ - proxy_cache peertube_cache; + proxy_cache peertube_frontend_cache; proxy_cache_use_stale error timeout http_500 http_502 http_503 http_504; proxy_cache_revalidate on; proxy_cache_lock on; @@ -98,7 +99,7 @@ ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECD # NOTE: Its not possible to use proxy_cache for files that are served from disk without complicated workarounds # Anyway caching is not a great idea because files are changed on disk after transcoding. #slice 1m; - #proxy_cache peertube_cache; + #proxy_cache peertube_video_cache; #proxy_cache_valid 206 1h; #proxy_cache_key $uri$is_args$args$slice_range; #proxy_set_header Range $slice_range;