refactors the Nginx configuration for the following points:
- update tls version to include 1.3 by default. so far it was not included by default to make room for previous versions of Nginx, but since 2018 Debian stable has included Nginx in version 1.14.1, and tls 1.3 is available since Nginx 1.13.0.
- clearly indicate that new minimum required version.
- update outdated ssl_ciphers to remove cipher required to support android 4.4, since that version is unsupported since March 2020.
- reordered configuration in sections for easier maintenance: performance optimizations are separated from the vital application/websocket parts.
- move parts that always require manual configuration at the top: peertube host and server name, use server_name
- move peertube host to a more flexible upstream block: it allows to configure it in one place instead of 3, and is future-proof regarding load-balancing.
- simplified port 80 block: Let’s Encrypt supports 301 redirects.
- group certificate-related config together.
- remove reslover config: it defaults to /etc/resolv.conf which is more than enough.
- align values with their neighbors for easier reading
- always specify units
- always specify default values when they differ from the values set
- use ’m’ for minutes, ’M’ for megabytes
- add consensual optimizations wrt file serving:
- add timeout optimizations
- add file descriptor cache optimizations
- enable sendfile with chunk size > rate limit
- enable threading
- tcp optimizations
- point to further, more system-specific optimizations in the section description
- CDN configuration reduced to one line change
- support/docker/production/docker-compose.yml: addition of a nginx
image reusing support/nginx/peertube nginx conf to improve performance,
and lessen setup differences between the docker-compose install and the
typical production install.
- support/docker/production/docker-compose.yml: postgres 10 -> postgres
12, redis 4 -> redis 5. Postgres major updates implies manual upgrade.
- support/nginx/peertube: HTTP -> HTTPS redirection is now commented
by default, to allow its reuse in support/docker/production/docker-compose.yml.
* Add client-overrides storage to config
* Add static-serve for client overrides
* Move backgroun-image logo from bundle to css tag for runtime content hash
* Add dynamic JSON manifest
* Add content hash for manifest, favicon and logo
Co-authored-by: kimsible <kimsible@users.noreply.github.com>
Created section for CentOS 8 instructions as it deviates from CentOS 7
- There is no python binary that can be installed with a package so it must be symlinked
- Removed packages not needed from step 4
- Removed step concerning g++ as the version in CentOS 8 is usable
- Improved wording for Steps summary in both CentOS 8 and 7