update nextcloud s3 config. add ipfs config nginx + systemd

2022-04-24 01:06:24 +02:00 · 2022-04-24 01:06:24 +02:00 · c08567ba6e
parent 5bb9fd292c
commit c08567ba6e
3 changed files with 159 additions and 1 deletions
--- a/ipfs/etc/nginx/sites-available/ipfs-gateway.conf
+++ b/ipfs/etc/nginx/sites-available/ipfs-gateway.conf
@ -0,0 +1,131 @@
+upstream gateway {
+	server 127.0.0.1:8081;
+}
+
+server {
+    server_name ipfs.unitoo.it ipns.unitoo.it; # managed by Certbot
+    listen 443 default_server ssl;
+
+    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
+
+    add_header 'Access-Control-Allow-Origin' '*' always;
+    add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS' always;
+    add_header 'Access-Control-Allow-Headers' 'X-Requested-With, Range, Content-Range, X-Chunked-Output, X-Stream-Output' always;
+    add_header 'Access-Control-Expose-Headers' 'Content-Range, X-Chunked-Output, X-Stream-Output' always;
+
+    proxy_pass_header Server;
+    proxy_read_timeout 1800s;
+
+    error_page 403 /403.html;
+
+    location /403.html {
+        root /var/www/html;
+        allow all;
+    }
+
+    location /403.png {
+        root /var/www/html;
+        allow all;
+    }
+
+    location /400.html {
+        root /var/www/html;
+        allow all;
+    }
+
+    location /ipns {
+        proxy_pass http://gateway;
+        proxy_set_header Host unitoo.it;
+        proxy_cache_bypass $http_upgrade;
+
+        proxy_intercept_errors on;
+
+        allow all;
+
+        error_page 400 /400.html;
+    }
+
+    location /ipfs {
+        proxy_pass http://gateway;
+        proxy_set_header Host unitoo.it;
+        proxy_cache_bypass $http_upgrade;
+
+        proxy_intercept_errors on;
+
+        allow all;
+
+        error_page 400 /400.html;
+    }
+
+    location / {
+        proxy_pass http://localhost:5001;
+        proxy_set_header Host $host;
+        proxy_cache_bypass $http_upgrade;
+        deny all; # <- Deny other traffic
+    }
+
+    ssl_certificate /etc/letsencrypt/live/ipfs.unitoo.it/fullchain.pem; # managed by Certbot
+    ssl_certificate_key /etc/letsencrypt/live/ipfs.unitoo.it/privkey.pem; # managed by Certbot
+
+    include snippets/denylist.conf;
+}
+
+server {
+	server_name *.ipfs.unitoo.it *.ipns.unitoo.it;
+	listen 443 ssl;
+
+	proxy_read_timeout 1800s;
+
+	error_page 403 /403.html;
+
+	location /403.html {
+		root /var/www/html;
+		allow all;
+	}
+
+	location /403.png {
+		root /var/www/html;
+		allow all;
+	}
+
+	location /400.html {
+		root /var/www/html;
+		allow all;
+	}
+
+	add_header 'Access-Control-Allow-Origin' '*' always;
+	add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS' always;
+	add_header 'Access-Control-Allow-Headers' 'X-Requested-With, Range, Content-Range, X-Chunked-Output, X-Stream-Output' always;
+	add_header 'Access-Control-Expose-Headers' 'Content-Range, X-Chunked-Output, X-Stream-Output' always;
+
+	include snippets/denylist.conf;
+
+	location / {
+		proxy_set_header Host $host;
+		proxy_set_header X-Ipfs-Gateway-Prefix "";
+		proxy_pass http://gateway;
+	}
+}
+
+server {
+    server_name ipfs.unitoo.it ipns.unitoo.it;
+    listen 80;
+
+    add_header 'Access-Control-Allow-Origin' '*' always;
+    add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS' always;
+    add_header 'Access-Control-Allow-Headers' 'X-Requested-With, Range, Content-Range, X-Chunked-Output, X-Stream-Output' always;
+    add_header 'Access-Control-Expose-Headers' 'Content-Range, X-Chunked-Output, X-Stream-Output' always;
+
+    proxy_pass_header Server;
+    proxy_read_timeout 1800s;
+
+    include snippets/denylist.conf;
+
+    location ~ "^/(ipfs|ipns|api)(/|$)" {
+        proxy_set_header Host unitoo.it;
+        proxy_set_header X-Ipfs-Gateway-Prefix "";
+        proxy_pass http://gateway;
+    }
+
+    return 404;
+}
--- a/ipfs/lib/systemd/system/ipfs.service
+++ b/ipfs/lib/systemd/system/ipfs.service
@ -0,0 +1,26 @@
+[Unit]
+Description=IPFS Daemon
+After=network.target
+
+[Service]
+#Runtime
+Environment="IPFS_PATH=/mnt/ipfs"
+Environment=IPFS_LOGGING="error"
+ExecStart=/home/ipfs/.local/bin/ipfs daemon --enable-gc --migrate
+User=ipfs
+Restart=on-failure
+RestartSec=10s
+KillSignal=SIGINT
+
+#Accounting
+LimitNOFILE=10240
+#LimitNice=10
+MemoryAccounting=true
+MemoryHigh=512M
+MemoryMax=768M
+MemorySwapMax=512M
+CPUAccounting=true
+CPUQuota=40%
+
+[Install]
+WantedBy=multi-user.target
--- a/nextcloud/var/www/html/nextcloud/config/config.s3.php
+++ b/nextcloud/var/www/html/nextcloud/config/config.s3.php
@ -9,7 +9,7 @@ $CONFIG = array (
  ),
  'datadirectory' => '/var/www/html/nextcloud/data',
  'dbtype' => 'mysql',
-  'version' => '21.0.3.1',
+  'version' => '23.0.3.2',
  'overwrite.cli.url' => 'http://your_domain/',
  'htaccess.RewriteBase' => '/',
  'dbname' => 'nextcloud',
@ -61,4 +61,5 @@ $CONFIG = array (
  'mail_smtppassword' => '',
  'maintenance' => false,
  'default_phone_region' => 'IT',
+	'preview_max_memory' => 768,
 );