commit: 2b8a366f9b849905ad734d176cac889ee99e9ed5
parent 0f32134ea57df5041b9b7cb170bb342c6cd72b1c
Author: Lain Soykaf <lain@lain.com>
Date: Mon, 22 Dec 2025 16:10:02 +0400
Nginx example: Add headers and use same paths we use in other places
Diffstat:
2 files changed, 10 insertions(+), 2 deletions(-)
diff --git a/docs/configuration/howto_mediaproxy.md b/docs/configuration/howto_mediaproxy.md
@@ -16,7 +16,9 @@ location /proxy {
```
Also add the following on top of the configuration, outside of the `server` block:
```
-proxy_cache_path /tmp/pleroma-media-cache levels=1:2 keys_zone=pleroma_media_cache:10m max_size=10g inactive=720m use_temp_path=off;
+# Note: The cache directory must exist and be writable by nginx.
+# If nginx runs in a chroot, create it inside the chroot.
+proxy_cache_path /var/tmp/pleroma-media-cache levels=1:2 keys_zone=pleroma_media_cache:10m max_size=10g inactive=720m use_temp_path=off;
```
If you came here from one of the installation guides, take a look at the example configuration `/installation/pleroma.nginx`, where this part is already included.
diff --git a/installation/pleroma.nginx b/installation/pleroma.nginx
@@ -6,6 +6,8 @@
# 3. Copy this file to /etc/nginx/sites-available/ and then add a symlink to it
# in /etc/nginx/sites-enabled/ and run 'nginx -s reload' or restart nginx.
+# Note: The cache directory must exist and be writable by nginx.
+# If nginx runs in a chroot, create it inside the chroot.
proxy_cache_path /var/tmp/pleroma-media-cache levels=1:2 keys_zone=pleroma_media_cache:10m max_size=10g
inactive=720m use_temp_path=off;
@@ -137,6 +139,8 @@ server {
# location /media/ {
# alias /var/lib/pleroma/uploads/; # <-- make sure this is correct for your deployment
# allow all;
+ # add_header X-Content-Type-Options "nosniff";
+ # add_header Content-Security-Policy "sandbox";
# }
}
@@ -149,7 +153,7 @@ server {
#
# # Assuming default media upload deployment (e.g., not S3 which will require a different domain anyway) --
# config :pleroma, Pleroma.Upload,
-# base_url: "https://media.example.tld/uploads/",
+# base_url: "https://media.example.tld/media/",
#
# config :pleroma, Pleroma.Uploaders.Local, uploads: "/var/lib/pleroma/uploads"
#
@@ -200,6 +204,8 @@ server {
# location /media/ { # <-- make sure this path matches your Pleroma.Upload :base_url
# alias /var/lib/pleroma/uploads/; # <-- make sure this is correct for your deployment
# allow all;
+# add_header X-Content-Type-Options "nosniff";
+# add_header Content-Security-Policy "sandbox";
# }
#
# location /proxy {
