diff options
| author |  Daenney <daenney@users.noreply.github.com> | 2024-01-21 11:35:52 +0100 |
|---|---|---|
| committer |  GitHub <noreply@github.com> | 2024-01-21 11:35:52 +0100 |
| commit | 7f6b37ea4d315e3a0889601d156ea1b6692b33bd (patch) | |
| tree | 2020ed535599eb6f4eafbb5b18922b09a0ab8b18 /docs/getting_started/reverse_proxy | |
| parent | [chore] Downgrade OTEL libraries to 1.20 (#2546) (diff) | |
| download | gotosocial-7f6b37ea4d315e3a0889601d156ea1b6692b33bd.tar.xz | |
[docs] Updates for DB, swap and HTTP/2 on nginx (#2547)
* [docs] Add warning about DBs on network storage
* [docs] Mention tuning swappiness on Linux
* [docs] Mention enabling HTTP/2 on nginx
Diffstat (limited to 'docs/getting_started/reverse_proxy')
| -rw-r--r-- | docs/getting_started/reverse_proxy/nginx.md | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/docs/getting_started/reverse_proxy/nginx.md b/docs/getting_started/reverse_proxy/nginx.md index 2cfd9020a..c223274b2 100644 --- a/docs/getting_started/reverse_proxy/nginx.md +++ b/docs/getting_started/reverse_proxy/nginx.md @@ -2,6 +2,9 @@ In order to use NGINX as a reverse proxy for GoToSocial you'll need to have it installed on your server. If you intend for the NGINX instance to also handle TLS, you'll need to [provision TLS certificates](../../advanced/certificates.md) too. +!!! tip + Enable HTTP/2 in nginx by including `http2` in the `listen` directives. This can speed up the experience for clients. Browsers do not support HTTP/2 over plain text, so this should only be added to `listen` directives for port `443` that also include the `ssl` directive. + NGINX is [packaged for many distributions](https://repology.org/project/nginx/versions). It's very likely you can install it with your distribution's package manager. You can also run NGINX using a container runtime with the [official NGINX image](https://hub.docker.com/_/nginx) that's published to the Docker Hub. In this guide we'll also show how to use certbot to provision the TLS certificates. It too is [packaged in many distributions](https://repology.org/project/certbot/versions) but many distributions tend to ship fairly old versions of certbot. If you run into trouble it may be worth considering using the [container image](https://hub.docker.com/r/certbot/certbot) instead. @@ -159,8 +162,8 @@ server { } client_max_body_size 40M; - listen [::]:443 ssl ipv6only=on; # managed by Certbot - listen 443 ssl; # managed by Certbot + listen [::]:443 ssl ipv6only=on http2; # managed by Certbot + listen 443 ssl http2; # managed by Certbot ssl_certificate /etc/letsencrypt/live/example.org/fullchain.pem; # managed by Certbot ssl_certificate_key /etc/letsencrypt/live/example.org/privkey.pem; # managed by Certbot include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot |