From 59d9b333d1a0e73efb51fc9108636ebf3624a219 Mon Sep 17 00:00:00 2001
From: Constantin Gierczak--Galle <git.cst1@mailbox.org>
Date: Sun, 3 Nov 2024 16:58:05 +0100
Subject: [PATCH] feat: elaborate nginx options

---
 configuration.nix |  3 +--
 photoprism.nix    | 16 +++++++++++++++-
 2 files changed, 16 insertions(+), 3 deletions(-)

diff --git a/configuration.nix b/configuration.nix
index e4e985d..7641aa7 100644
--- a/configuration.nix
+++ b/configuration.nix
@@ -62,14 +62,13 @@ in
     };
   };
 
-  # NOTE: for now, we use internal ports
   # TODO: switch to unixsockets if supported
   services.nginx = {
     enable = true;
     recommendedGzipSettings = true;
   };
 
-    nix = {
+  nix = {
     settings = {
       trusted-users = [ "@wheel" "root" "nix-ssh" ];
       auto-optimise-store = true;
diff --git a/photoprism.nix b/photoprism.nix
index 9a933df..e1a719a 100644
--- a/photoprism.nix
+++ b/photoprism.nix
@@ -43,6 +43,20 @@
     enableACME = true;
     forceSSL = true;
     serverAliases = [];
-    locations."/".proxyPass = "http://localhost:2342/";
+    recommendedTlsSettings = true;
+    recommendedOptimisation = true;
+    recommendedGzipSettings = true;
+    recommendedProxySettings = true;
+    clientMaxBodySize = "500m";
+    locations."/" = {
+      proxyPass = "http://localhost:2342/";
+      proxyWebsockets = true;
+      extraConfig = ''
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header Host $host;
+        proxy_buffering off;
+        proxy_http_version 1.1;
+      '';
+    };
   };
 }