Skip to content
Snippets Groups Projects
Select Git revision
  • develop default protected
  • 2405-front-buttont-trigger-third-party-hook
  • 2452-fetch-third-party-metadata
  • 2448-complete-tags
  • renovate/front-major-all-dependencies
  • renovate/front-all-dependencies
  • chore/2406-compose-modularity-scope
  • fix-schema-channel-metadata-choices
  • feat/2091-improve-visuals
  • stable protected
  • tempArne
  • 1.4.1-upgrade-release
  • 2416-revert-library-drop
  • 2408-troi-create-missing-tracks
  • wip/2091-improve-visuals
  • pin-mutagen-to-1.46
  • 2395-far-right-filter
  • fix-amd64-docker-build-gfortran
  • fix-plugins-dev-setup
  • flupsi/2804-new-upload-process
  • 2.0.0-alpha.2 protected
  • 2.0.0-alpha.1 protected
  • 1.4.1 protected
  • 1.4.0 protected
  • 1.4.0-rc2 protected
  • 1.4.0-rc1 protected
  • 1.3.4 protected
  • 1.3.3 protected
  • 1.3.2 protected
  • 1.3.1 protected
  • 1.3.0 protected
  • 1.3.0-rc6 protected
  • 1.3.0-rc5 protected
  • 1.3.0-rc4 protected
  • 1.2.10 protected
  • 1.3.0-rc3 protected
  • 1.3.0-rc2 protected
  • 1.3.0-rc1 protected
  • 1.2.9 protected
  • 1.2.8 protected
40 results

funkwhale.conf.template

Blame
  • funkwhale.conf.template 5.47 KiB
    upstream funkwhale-api {
        # depending on your setup, you may want to update this
        server ${FUNKWHALE_API_HOST}:${FUNKWHALE_API_PORT};
    }
    
    # Required for websocket support.
    map $http_upgrade $connection_upgrade {
        default upgrade;
        ''      close;
    }
    
    
    server {
        listen      80;
        listen [::]:80;
    
        server_name _;
    
        # General configs
        root /usr/share/nginx/html;
        client_max_body_size ${NGINX_MAX_BODY_SIZE};
        charset utf-8;
    
        # compression settings
        gzip on;
        gzip_comp_level    5;
        gzip_min_length    256;
        gzip_proxied       any;
        gzip_vary          on;
        gzip_types
            application/javascript
            application/vnd.geo+json
            application/vnd.ms-fontobject
            application/x-font-ttf
            application/x-web-app-manifest+json
            font/opentype
            image/bmp
            image/svg+xml
            image/x-icon
            text/cache-manifest
            text/css
            text/plain
            text/vcard
            text/vnd.rim.location.xloc
            text/vtt
            text/x-component
            text/x-cross-domain-policy;
        # end of compression settings
    
        # headers
        add_header Content-Security-Policy "default-src 'self'; connect-src https: wss: http: ws: 'self' 'unsafe-eval'; script-src 'self' 'wasm-unsafe-eval'; style-src https: http: 'self' 'unsafe-inline'; img-src https: http: 'self' data:; font-src https: http: 'self' data:; media-src https: http: 'self' data:; object-src 'none'";
        add_header Referrer-Policy "strict-origin-when-cross-origin";
        add_header X-Frame-Options "SAMEORIGIN" always;
        add_header Service-Worker-Allowed "/";
    
        location /api/ {
            include /etc/nginx/funkwhale_proxy.conf;
            # This is needed if you have file import via upload enabled.
            client_max_body_size ${NGINX_MAX_BODY_SIZE};
            proxy_pass   http://funkwhale-api;
        }
    
        location ~ ^/library/(albums|tracks|artists|playlists)/ {
            include /etc/nginx/funkwhale_proxy.conf;
            proxy_pass   http://funkwhale-api;
        }
    
        location /channels/ {
            include /etc/nginx/funkwhale_proxy.conf;
            proxy_pass   http://funkwhale-api;
        }
    
        location ~ ^/@(vite-plugin-pwa|vite|id)/ {
            include /etc/nginx/funkwhale_proxy.conf;
            alias /usr/share/nginx/html/;
            try_files $uri $uri/ /index.html;
        }
    
        location /@ {
            include /etc/nginx/funkwhale_proxy.conf;
            proxy_pass   http://funkwhale-api;
        }
    
        location / {
            expires 1d;
            include /etc/nginx/funkwhale_proxy.conf;
            alias /usr/share/nginx/html/;
            try_files $uri $uri/ /index.html;
        }
    
        location ~ "/(front/)?embed.html" {
            alias /usr/share/nginx/html/embed.html;
            add_header Content-Security-Policy "connect-src https: http: 'self'; default-src 'self'; script-src 'self' unpkg.com 'unsafe-inline' 'unsafe-eval'; style-src https: http: 'self' 'unsafe-inline'; img-src https: http: 'self' data:; font-src https: http: 'self' data:; object-src 'none'; media-src https: http: 'self' data:";
            add_header Referrer-Policy "strict-origin-when-cross-origin";
    
            expires 1d;
        }
    
        location /federation/ {
            include /etc/nginx/funkwhale_proxy.conf;
            proxy_pass   http://funkwhale-api;
        }
    
        # You can comment this if you do not plan to use the Subsonic API.
        location /rest/ {
            include /etc/nginx/funkwhale_proxy.conf;
            proxy_pass   http://funkwhale-api/api/subsonic/rest/;
        }
    
        location /.well-known/ {
            include /etc/nginx/funkwhale_proxy.conf;
            proxy_pass   http://funkwhale-api;
        }
    
        # Allow direct access to only specific subdirectories in /media
        location /media/__sized__/ {
            alias ${MEDIA_ROOT}/__sized__/;
            add_header Access-Control-Allow-Origin '*';
        }
    
        # Allow direct access to only specific subdirectories in /media
        location /media/attachments/ {
            alias ${MEDIA_ROOT}/attachments/;
            add_header Access-Control-Allow-Origin '*';
        }
    
        # Allow direct access to only specific subdirectories in /media
        location /media/dynamic_preferences/ {
            alias ${MEDIA_ROOT}/dynamic_preferences/;
            add_header Access-Control-Allow-Origin '*';
        }
    
        # This is an internal location that is used to serve
        # media (uploaded) files once correct permission / authentication
        # has been checked on API side.
        # Comment the "NON-S3" commented lines and uncomment "S3" commented lines
        # if you're storing media files in a S3 bucket.
        location ~ /_protected/media/(.+) {
            internal;
            alias   ${MEDIA_ROOT}/$1;                                           # NON-S3
            # Needed to ensure DSub auth isn't forwarded to S3/Minio, see #932.
    #       proxy_set_header Authorization "";                                  # S3
    #       proxy_pass $1;                                                      # S3
            add_header Access-Control-Allow-Origin '*';
        }
    
        location /_protected/music/ {
            # This is an internal location that is used to serve
            # local music files once correct permission / authentication
            # has been checked on API side.
            # Set this to the same value as your MUSIC_DIRECTORY_PATH setting.
            internal;
            alias   ${MUSIC_DIRECTORY_PATH}/;
            add_header Access-Control-Allow-Origin '*';
        }
    
        location /manifest.json {
            # If the reverse proxy is terminating SSL, nginx gets confused and redirects to http, hence the full URL
            return 302 ${FUNKWHALE_PROTOCOL}://${FUNKWHALE_HOSTNAME}/api/v1/instance/spa-manifest.json;
        }
    
    }