krd/angie-krdsh
1
0
Fork 0
Code

Compare commits

base: krd:9ddcbbdccc382a6e4b2f3b76f217eeae53ef2f3d
Branches Tags
krd:main
...
compare: krd:d8f2433a81165403db8e9556ad871d3e473a358f
Branches Tags
krd:main

3 Commits
9ddcbbdccc ... d8f2433a81

Author SHA1 Message Date
Konstantin Demin
d8f2433a81
tuning 2024-05-06 17:01:05 +03:00
Konstantin Demin
a2ad779413
formatting 2024-05-06 17:00:48 +03:00
Konstantin Demin
324dded6d2
zstd 2024-05-06 16:58:58 +03:00
13 changed files with 86 additions and 42 deletions
Show Stats Expand all files Collapse all files

2
conf.avail/core-worker-rlimit-nofile.conf
View File

@ -1 +1 @@
worker_rlimit_nofile 1048576; worker_rlimit_nofile 262144;

2
conf.avail/core_events-worker-connections.conf
View File

@ -1 +1 @@
worker_connections 16384; worker_connections 65536;

6
conf.avail/http-brotli.conf
View File

@ -2,9 +2,11 @@ brotli on;
## default is 6 ## default is 6
brotli_comp_level 5; brotli_comp_level 5;
brotli_min_length 1024; ## default is 512k
brotli_window 64k;
brotli_buffers 32 16k; brotli_min_length 1024;
brotli_buffers 32 16k;
brotli_types brotli_types
application/atom+xml application/atom+xml

6
conf.avail/http-gzip.conf
View File

@ -2,14 +2,14 @@ gzip on;
## default is 1 ## default is 1
gzip_comp_level 2; gzip_comp_level 2;
gzip_min_length 1024; gzip_min_length 1024;
gzip_buffers 32 16k;
gunzip_buffers 32 16k;
gzip_vary on; gzip_vary on;
gzip_proxied any; gzip_proxied any;
gzip_buffers 32 16k;
gunzip_buffers 32 16k;
gzip_types gzip_types
application/atom+xml application/atom+xml
application/javascript application/javascript

24
conf.avail/http-zstd.conf Normal file
View File

@ -0,0 +1,24 @@
zstd on;
## default is 1
zstd_comp_level 2;
zstd_min_length 1024;
zstd_buffers 32 16k;
zstd_types
application/atom+xml
application/javascript
application/json
application/vnd.api+json
application/rss+xml
application/x-javascript
application/xhtml+xml
application/xml
image/svg+xml
image/x-icon
text/css
text/javascript
text/plain
text/xml
;

1
conf.d/http-zstd.conf Symbolic link
View File

@ -0,0 +1 @@
../conf.avail/http-zstd.conf

2
mod.avail/http-zstd.conf Normal file
View File

@ -0,0 +1,2 @@
load_module modules/ngx_http_zstd_filter_module.so;
load_module modules/ngx_http_zstd_static_module.so;

1
mod.d/http-zstd.conf Symbolic link
View File

@ -0,0 +1 @@
../mod.avail/http-zstd.conf

48
site.avail/http-git.krd.sh.conf
View File

@ -1,3 +1,23 @@
upstream krdsh_git {
server 127.0.0.1:3000;
}
upstream krdsh_ci {
server 127.0.0.1:8000;
}
upstream krdsh_ci_grpc {
server 127.0.0.1:9000;
}
proxy_cache_path
/var/cache/angie/proxy/krdsh-git
keys_zone=krdsh_cache_git:10m
levels=1:2 inactive=1h;
proxy_cache_path
/var/cache/angie/proxy/krdsh-ci
keys_zone=krdsh_cache_ci:10m
levels=1:2 inactive=1h;
server { server {
server_name git.krd.sh ci.krd.sh; server_name git.krd.sh ci.krd.sh;
@ -20,11 +40,6 @@ server {
} }
} }
proxy_cache_path
/var/cache/angie/proxy/krdsh-git
keys_zone=krdsh_git:10m
levels=1:2 inactive=1h;
server { server {
server_name git.krd.sh; server_name git.krd.sh;
@ -46,16 +61,16 @@ server {
proxy_redirect ~*^http://(ci|git)\.krd\.sh(?:|:[0-9]+)/(.*)$ https://$1.krd.sh/$2; proxy_redirect ~*^http://(ci|git)\.krd\.sh(?:|:[0-9]+)/(.*)$ https://$1.krd.sh/$2;
location / { location / {
proxy_pass http://127.0.0.1:3000; proxy_pass http://krdsh_git;
## quirks ## quirks
client_max_body_size 512M; client_max_body_size 512M;
chunked_transfer_encoding off; chunked_transfer_encoding off;
} }
location @precache { location @precache {
proxy_pass http://127.0.0.1:3000; proxy_pass http://krdsh_git;
proxy_cache krdsh_git; proxy_cache krdsh_cache_git;
proxy_cache_key $uri; proxy_cache_key $uri;
proxy_cache_valid 200 1h; proxy_cache_valid 200 1h;
proxy_cache_valid 30s; proxy_cache_valid 30s;
@ -74,15 +89,10 @@ server {
location /assets/ { location /assets/ {
try_files /.non-existent-uri @precache; try_files /.non-existent-uri @precache;
# proxy_pass http://127.0.0.1:3000; # proxy_pass http://krdsh_git;
} }
} }
proxy_cache_path
/var/cache/angie/proxy/krdsh-ci
keys_zone=krdsh_ci:10m
levels=1:2 inactive=1h;
server { server {
server_name ci.krd.sh; server_name ci.krd.sh;
@ -104,7 +114,7 @@ server {
proxy_redirect ~*^http://(ci|git)\.krd\.sh(?:|:[0-9]+)/(.*)$ https://$1.krd.sh/$2; proxy_redirect ~*^http://(ci|git)\.krd\.sh(?:|:[0-9]+)/(.*)$ https://$1.krd.sh/$2;
location / { location / {
proxy_pass http://127.0.0.1:8000; proxy_pass http://krdsh_ci;
## quirks ## quirks
chunked_transfer_encoding off; chunked_transfer_encoding off;
client_max_body_size 16M; client_max_body_size 16M;
@ -112,9 +122,9 @@ server {
} }
location @precache { location @precache {
proxy_pass http://127.0.0.1:8000; proxy_pass http://krdsh_ci;
proxy_cache krdsh_ci; proxy_cache krdsh_cache_ci;
proxy_cache_key $uri; proxy_cache_key $uri;
proxy_cache_valid 200 1h; proxy_cache_valid 200 1h;
proxy_cache_valid 30s; proxy_cache_valid 30s;
@ -133,7 +143,7 @@ server {
location /assets/ { location /assets/ {
try_files /.non-existent-uri @precache; try_files /.non-existent-uri @precache;
# proxy_pass http://127.0.0.1:8000; # proxy_pass http://krdsh_ci;
} }
} }
@ -153,6 +163,6 @@ server {
include snip.d/grpc-accept-encoding; include snip.d/grpc-accept-encoding;
location / { location / {
grpc_pass grpc://127.0.0.1:9000; grpc_pass grpc://krdsh_ci_grpc;
} }
} }

30
site.avail/http-nexus.krd.sh.conf
View File

@ -1,3 +1,12 @@
upstream krdsh_nexus {
server 127.0.0.1:8081;
}
proxy_cache_path
/var/cache/angie/proxy/krdsh-nexus
keys_zone=krdsh_cache_nexus:10m
levels=1:2 inactive=1h;
server { server {
server_name nexus.krd.sh; server_name nexus.krd.sh;
@ -28,7 +37,7 @@ server {
gzip off; gzip off;
brotli off; brotli off;
proxy_pass http://127.0.0.1:8081; proxy_pass http://krdsh_nexus;
proxy_method GET; proxy_method GET;
} }
@ -41,7 +50,7 @@ server {
allow 240.0.0.0/4; allow 240.0.0.0/4;
deny all; deny all;
proxy_pass http://127.0.0.1:8081; proxy_pass http://krdsh_nexus;
proxy_method GET; proxy_method GET;
} }
@ -70,7 +79,7 @@ server {
proxy_redirect ~*^http://$host(?:|:[0-9]+)/(.*)$ https://$host/$1; proxy_redirect ~*^http://$host(?:|:[0-9]+)/(.*)$ https://$host/$1;
location / { location / {
proxy_pass http://127.0.0.1:8081; proxy_pass http://krdsh_nexus;
## quirks ## quirks
client_max_body_size 1024M; client_max_body_size 1024M;
} }
@ -84,7 +93,7 @@ server {
allow 240.0.0.0/4; allow 240.0.0.0/4;
deny all; deny all;
proxy_pass http://127.0.0.1:8081; proxy_pass http://krdsh_nexus;
} }
## quirks ## quirks
@ -112,7 +121,7 @@ server {
proxy_redirect ~*^http://$host(?:|:[0-9]+)/(.*)$ https://$host/$1; proxy_redirect ~*^http://$host(?:|:[0-9]+)/(.*)$ https://$host/$1;
location / { location / {
proxy_pass http://127.0.0.1:8081; proxy_pass http://krdsh_nexus;
## quirks ## quirks
client_max_body_size 1024M; client_max_body_size 1024M;
} }
@ -126,7 +135,7 @@ server {
allow 240.0.0.0/4; allow 240.0.0.0/4;
deny all; deny all;
proxy_pass http://127.0.0.1:8081; proxy_pass http://krdsh_nexus;
} }
js_import njs/nexus.js; js_import njs/nexus.js;
@ -139,11 +148,6 @@ server {
chunked_transfer_encoding off; chunked_transfer_encoding off;
} }
proxy_cache_path
/var/cache/angie/proxy/krdsh-nexus
keys_zone=krdsh_nexus:10m
levels=1:2 inactive=1h;
server { server {
## PITA ## PITA
server_name server_name
@ -196,9 +200,9 @@ server {
} }
location @precache { location @precache {
proxy_pass http://127.0.0.1:8081; proxy_pass http://krdsh_nexus;
proxy_cache krdsh_nexus; proxy_cache krdsh_cache_nexus;
proxy_cache_key $uri$is_args$args; proxy_cache_key $uri$is_args$args;
proxy_cache_valid 200 1h; proxy_cache_valid 200 1h;
proxy_cache_valid 30s; proxy_cache_valid 30s;

2
snip.d/tls-intermediate
View File

@ -3,7 +3,7 @@
include snip.d/tls-common; include snip.d/tls-common;
ssl_protocols TLSv1.2 TLSv1.3; ssl_protocols TLSv1.2 TLSv1.3;
ssl_session_cache shared:tls-intermediate:10m; ssl_session_cache shared:tls-intermediate:20m;
ssl_prefer_server_ciphers off; ssl_prefer_server_ciphers off;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305; ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305;

2
snip.d/tls-modern
View File

@ -1,6 +1,6 @@
include snip.d/tls-common; include snip.d/tls-common;
ssl_protocols TLSv1.3; ssl_protocols TLSv1.3;
ssl_session_cache shared:ssl-modern:10m; ssl_session_cache shared:ssl-modern:20m;
ssl_prefer_server_ciphers off; ssl_prefer_server_ciphers off;
ssl_early_data on; ssl_early_data on;

2
snip.d/tls-old
View File

@ -1,7 +1,7 @@
include snip.d/tls-common; include snip.d/tls-common;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
ssl_session_cache shared:tls-old:10m; ssl_session_cache shared:tls-old:20m;
ssl_prefer_server_ciphers on; ssl_prefer_server_ciphers on;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA; ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA;