# Bluesky PDS

Easy bluesky PDS configuration with docker and nginx as reverse proxy.

## PDS configuration

Create `pds` directory.

```shell
$ mkdir pds
```

Copy `.env.sample` to `.env` and fill in the configuration.

```shell
$ cp .env.sample .env
$ nano .env
```

## Nginx

`/etc/nginx/sites-enabled/pds.conf`
```nginx configuration
server
{
	listen      80;
	listen [::]:80;
	server_name {{SERVER_NAME}};

	# Let's Encrypt
	location /.well-known/acme-challenge/ { root /usr/share/nginx/html; allow all; }

	# HTTPS redirection.
	location / { return 301 https://$host$request_uri; }
}

server
{
	listen      443 ssl http2;
	listen [::]:443 ssl http2;
	server_name {{SERVER_NAME}};

	ssl_certificate /etc/letsencrypt/live/{{SERVER_NAME}}/fullchain.pem;
	ssl_certificate_key /etc/letsencrypt/live/{{SERVER_NAME}}/privkey.pem;
	ssl_trusted_certificate /etc/letsencrypt/live/{{SERVER_NAME}}/chain.pem;

	# Generic SSL configuration.
	include ssl.conf;

	location /
	{
		proxy_http_version 1.1;
		proxy_set_header Upgrade $http_upgrade;
		proxy_set_header Connection "upgrade";
		proxy_set_header Host $http_host;
		proxy_pass http://localhost:8051;

		client_max_body_size 30m;
	}

	access_log none;
	error_log /var/log/nginx/{{SERVER_NAME}}.error.log;
}
```

`/etc/nginx/ssl.conf`
```nginx configuration
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ecdh_curve sect571r1:secp521r1:brainpoolP512r1:secp384r1:prime256v1;
ssl_ciphers EECDH+AESGCM:EECDH+CHACHA20:EECDH+AES:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-256-GCM-SHA384:TLS13-AES-128-GCM-SHA256;
ssl_dhparam dhparam.pem;
ssl_prefer_server_ciphers on;

ssl_stapling on;
ssl_stapling_verify on;

ssl_session_cache shared:SSL:10m;
ssl_session_timeout 5m;
ssl_session_tickets on;
```