diff --git a/01-copy-default-entry.sh b/01-copy-default-entry.sh
index e73e2fed95b7938a9325d90a606a4e3860748686..f256a7e51a6721e552cc008c3607d1931be27a6e 100755
--- a/01-copy-default-entry.sh
+++ b/01-copy-default-entry.sh
@@ -1,7 +1,7 @@
#!/bin/bash
set -e
-echo "Copying default.conf to conf.d directory for host $PFUNKWHALE_HOSTNAME}."
+echo "Copying default.conf to conf.d directory for host ${FUNKWHALE_HOSTNAME}."
cat > "/etc/nginx/conf.d/default.conf" << EOF
upstream funkwhale-api {
# depending on your setup, you may want to update this
@@ -10,7 +10,7 @@ upstream funkwhale-api {
# required for websocket support
-map $http_upgrade $connection_upgrade {
+map \$http_upgrade \$connection_upgrade {
default upgrade;
'' close;
}
@@ -27,7 +27,7 @@ server {
# have a look here for let's encrypt configuration:
# https://certbot.eff.org/all-instructions/#debian-9-stretch-nginx
- root /srv/funkwhale/front/dist;
+ root ${FUNKWHALE_FRONTEND_PATH};
# If you are using S3 to host your files, remember to add your S3 URL to the
# media-src and img-src headers (e.g. img-src 'self' https://<your-S3-URL> data:)
@@ -37,7 +37,7 @@ server {
location / {
- include /etc/nginx/funkwhale_proxy.conf;
+ include /etc/nginx/vhost.d/funkwhale-proxy.conf;
# this is needed if you have file import via upload enabled
client_max_body_size 1024M;
proxy_pass http://funkwhale-api/;
@@ -48,7 +48,7 @@ server {
add_header Referrer-Policy "strict-origin-when-cross-origin";
add_header X-Frame-Options "ALLOW";
- alias /srv/funkwhale/front/dist/;
+ alias ${FUNKWHALE_FRONTEND_PATH};
expires 30d;
add_header Pragma public;
add_header Cache-Control "public, must-revalidate, proxy-revalidate";
@@ -59,25 +59,25 @@ server {
add_header Referrer-Policy "strict-origin-when-cross-origin";
add_header X-Frame-Options "ALLOW";
- alias /srv/funkwhale/front/dist/embed.html;
+ alias ${FUNKWHALE_FRONTEND_PATH}/embed.html;
expires 30d;
add_header Pragma public;
add_header Cache-Control "public, must-revalidate, proxy-revalidate";
}
location /federation/ {
- include /etc/nginx/funkwhale_proxy.conf;
+ include /etc/nginx/vhost.d/funkwhale-proxy.conf;
proxy_pass http://funkwhale-api/federation/;
}
# You can comment this if you do not plan to use the Subsonic API
location /rest/ {
- include /etc/nginx/funkwhale_proxy.conf;
+ include /etc/nginx/vhost.d/funkwhale-proxy.conf;
proxy_pass http://funkwhale-api/api/subsonic/rest/;
}
location /.well-known/ {
- include /etc/nginx/funkwhale_proxy.conf;
+ include /etc/nginx/vhost.d/funkwhale-proxy.conf;
proxy_pass http://funkwhale-api/.well-known/;
}
@@ -99,7 +99,7 @@ server {
internal;
# Needed to ensure DSub auth isn't forwarded to S3/Minio, see #932
proxy_set_header Authorization "";
- proxy_pass $1;
+ proxy_pass \$1;
}
location /_protected/music {
diff --git a/Dockerfile b/Dockerfile
index 56530cf57a170eb93b292b6bae32a0d9daa79a61..39318214d96fc11acc0dd09ed65ab916d946a70f 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -3,3 +3,4 @@ FROM modjular/modjular-nginx:latest
LABEL maintainer="Jeffrey Phillips Freeman the@jeffreyfreeman.me"
COPY 01-copy-default-entry.sh /docker-entrypoint.d/
+COPY funkwhale-proxy.conf /etc/nginx/vhost.d
diff --git a/funkwhale-proxy.conf b/funkwhale-proxy.conf
new file mode 100644
index 0000000000000000000000000000000000000000..dccc782f2924410ccda8be3981cb0a76ef9d5636
--- /dev/null
+++ b/funkwhale-proxy.conf
@@ -0,0 +1,19 @@
+# use this one if you put the nginx container behind another proxy
+# you will have to set some headers on this proxy as well to ensure
+# everything works correctly, you can use the ones from the funkwhale_proxy.conf file
+# at https://dev.funkwhale.audio/funkwhale/funkwhale/blob/develop/deploy/funkwhale_proxy.conf
+# your proxy will also need to support websockets
+
+proxy_set_header Host $host;
+proxy_set_header X-Real-IP $remote_addr;
+
+proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
+proxy_set_header X-Forwarded-Host $http_x_forwarded_host;
+proxy_set_header X-Forwarded-Port $http_x_forwarded_port;
+proxy_redirect off;
+
+# websocket support
+proxy_http_version 1.1;
+proxy_set_header Upgrade $http_upgrade;
+proxy_set_header Connection $connection_upgrade;