b990ae6b23
* test(backend): add federation test * fix(ci): install pnpm * fix(ci): cd * fix(ci): build entire project * fix(ci): skip frontend build * fix(ci): pull submodule when checkout * chore: show log for debugging * Revert "chore: show log for debugging" This reverts commit a930964b8d6ba550c23bce1e7fb45d92eab49ef9. * fix(ci): build entire project * chore: omit unused globals * refactor: use strictEqual and simplify some asserts * test: follow requests * refactor: add resolveRemoteNote function * refactor: refine resolveRemoteUser function * refactor: cache admin credentials * refactor: simplify assertion with excluded fields * refactor: use assert * test: note * chore: labeler detect federation * test: blocking * test: move * fix: use appropriate TLD * chore: shorter purge interval * fix(ci): change TLD * refactor: delete trivial comment * test(user): isCat * chore: use jest * chore: omit logs * chore: add memo * fix(ci): omit unnecessary build * test: pinning Note * fix: build daemon in container * style: indent * test(streaming): timeline * chore: rename * fix: delete role after test * refactor: resolve users by uri * fix: delete antenna after test * test: api timeline * test: Note deletion * refactor: sleep function * test: notification * style: indent * refactor: type-safe host * docs: update description * refactor: resolve function params * fix(block): wrong test name * fix: invalid type * fix: longer timeout for fire testing * test(timeline): hashtag * test(note): vote delivery * fix: wrong description * fix: hashtag channel param type * refactor: wrap basic cases * test(timeline): add homeTimeline tests * fix(timeline): correct wrong case and description * test(notification): add tests for Note * refactor(user): wrap profile consistency with describe * chore(note): add issue link * test(timeline): add test * test(user): suspension * test: emoji * refactor: fetch admin first * perf: faster tests * test(drive): sensitive flag * test(emoji): add tests * chore: ignore .config/docker.env * chore: hard-coded tester IP address * test(emoji): custom emoji are surrounded by zero width space * refactor: client and username as property * test(notification): mute * fix(notification): correct description * test(block): mention * refactor(emoji): addCustomEmoji function * fix: typo * test(note): add reaction tests * test(timeline): Note deletion * fix: unnecessary ts-expect-error * refactor: unnecessary fetch mocking * chore: add TODO comments * test(user): deletion * chore: enable --frozen-lockfile * fix(ci): copying configs * docs: update CONTRIBUTING.md * docs: fix typo * chore: set default sleep duration * fix(notification): omit flaky tests * fix(notification): correct type * test(notification): add api endpoint tests * chore: remove redundant mute test * refactor: use param client * fix: start timer after trigger * refactor: remove unnecessary any * chore: shorter timeout for checking if fired * fix(block): remove outdated comment * refactor: shorten remote user variable name * refactor(block): use existing function * refactor: file upload * docs: update description * test(user): ffVisibility * fix: `/api/signin` -> `/api/signin-flow` * test: abuse report * refactor: use existing type * refactor: extract duplicate configs to template file * fix: typo * fix: avoid conflict * refactor: change container dependency * perf: start misskey parallelly * fix: remove dependency * chore(backend): add typecheck * test: add check for #14728 * chore: enable eslint check * perf: don't start linked services when test * test(note): remote note deletion for moderation * chore: define config template * chore: write setup script * refactor: omit unnecessary conditional * refactor: clarify scope * refactor: omit type assertion * refactor: omit logs * style * refactor: redundant promise * refactor: unnecessary imports * refactor: use readable error code * refactor: cache set in signin function * refactor: optimize import
70 lines
2 KiB
Text
70 lines
2 KiB
Text
# based on https://github.com/misskey-dev/misskey-hub/blob/7071f63a1c80ee35c71f0fd8a6d8722c118c7574/src/docs/admin/nginx.md
|
|
|
|
# For WebSocket
|
|
map $http_upgrade $connection_upgrade {
|
|
default upgrade;
|
|
'' close;
|
|
}
|
|
|
|
proxy_cache_path /tmp/nginx_cache levels=1:2 keys_zone=cache1:16m max_size=1g inactive=720m use_temp_path=off;
|
|
|
|
server {
|
|
listen 80;
|
|
listen [::]:80;
|
|
server_name ${HOST};
|
|
|
|
# For SSL domain validation
|
|
root /var/www/html;
|
|
location /.well-known/acme-challenge/ { allow all; }
|
|
location /.well-known/pki-validation/ { allow all; }
|
|
location / { return 301 https://$server_name$request_uri; }
|
|
}
|
|
|
|
server {
|
|
listen 443 ssl;
|
|
listen [::]:443 ssl;
|
|
http2 on;
|
|
server_name ${HOST};
|
|
|
|
ssl_session_timeout 1d;
|
|
ssl_session_cache shared:ssl_session_cache:10m;
|
|
ssl_session_tickets off;
|
|
|
|
ssl_trusted_certificate /etc/nginx/certificates/rootCA.crt;
|
|
ssl_certificate /etc/nginx/certificates/$server_name.crt;
|
|
ssl_certificate_key /etc/nginx/certificates/$server_name.key;
|
|
|
|
# SSL protocol settings
|
|
ssl_protocols TLSv1.2 TLSv1.3;
|
|
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
|
|
ssl_prefer_server_ciphers off;
|
|
ssl_stapling on;
|
|
ssl_stapling_verify on;
|
|
|
|
# Change to your upload limit
|
|
client_max_body_size 80m;
|
|
|
|
# Proxy to Node
|
|
location / {
|
|
proxy_pass http://misskey.${HOST}:3000;
|
|
proxy_set_header Host $host;
|
|
proxy_http_version 1.1;
|
|
proxy_redirect off;
|
|
|
|
# If it's behind another reverse proxy or CDN, remove the following.
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto https;
|
|
|
|
# For WebSocket
|
|
proxy_set_header Upgrade $http_upgrade;
|
|
proxy_set_header Connection $connection_upgrade;
|
|
|
|
# Cache settings
|
|
proxy_cache cache1;
|
|
proxy_cache_lock on;
|
|
proxy_cache_use_stale updating;
|
|
proxy_force_ranges on;
|
|
add_header X-Cache $upstream_cache_status;
|
|
}
|
|
}
|