1
0

Compare commits

..

3 Commits

Author SHA1 Message Date
d8f2433a81
tuning 2024-05-06 17:01:05 +03:00
a2ad779413
formatting 2024-05-06 17:00:48 +03:00
324dded6d2
zstd 2024-05-06 16:58:58 +03:00
13 changed files with 86 additions and 42 deletions

View File

@ -1 +1 @@
worker_rlimit_nofile 1048576;
worker_rlimit_nofile 262144;

View File

@ -1 +1 @@
worker_connections 16384;
worker_connections 65536;

View File

@ -2,9 +2,11 @@ brotli on;
## default is 6
brotli_comp_level 5;
brotli_min_length 1024;
## default is 512k
brotli_window 64k;
brotli_buffers 32 16k;
brotli_min_length 1024;
brotli_buffers 32 16k;
brotli_types
application/atom+xml

View File

@ -2,14 +2,14 @@ gzip on;
## default is 1
gzip_comp_level 2;
gzip_min_length 1024;
gzip_buffers 32 16k;
gunzip_buffers 32 16k;
gzip_vary on;
gzip_proxied any;
gzip_buffers 32 16k;
gunzip_buffers 32 16k;
gzip_types
application/atom+xml
application/javascript

24
conf.avail/http-zstd.conf Normal file
View File

@ -0,0 +1,24 @@
zstd on;
## default is 1
zstd_comp_level 2;
zstd_min_length 1024;
zstd_buffers 32 16k;
zstd_types
application/atom+xml
application/javascript
application/json
application/vnd.api+json
application/rss+xml
application/x-javascript
application/xhtml+xml
application/xml
image/svg+xml
image/x-icon
text/css
text/javascript
text/plain
text/xml
;

1
conf.d/http-zstd.conf Symbolic link
View File

@ -0,0 +1 @@
../conf.avail/http-zstd.conf

2
mod.avail/http-zstd.conf Normal file
View File

@ -0,0 +1,2 @@
load_module modules/ngx_http_zstd_filter_module.so;
load_module modules/ngx_http_zstd_static_module.so;

1
mod.d/http-zstd.conf Symbolic link
View File

@ -0,0 +1 @@
../mod.avail/http-zstd.conf

View File

@ -1,3 +1,23 @@
upstream krdsh_git {
server 127.0.0.1:3000;
}
upstream krdsh_ci {
server 127.0.0.1:8000;
}
upstream krdsh_ci_grpc {
server 127.0.0.1:9000;
}
proxy_cache_path
/var/cache/angie/proxy/krdsh-git
keys_zone=krdsh_cache_git:10m
levels=1:2 inactive=1h;
proxy_cache_path
/var/cache/angie/proxy/krdsh-ci
keys_zone=krdsh_cache_ci:10m
levels=1:2 inactive=1h;
server {
server_name git.krd.sh ci.krd.sh;
@ -20,11 +40,6 @@ server {
}
}
proxy_cache_path
/var/cache/angie/proxy/krdsh-git
keys_zone=krdsh_git:10m
levels=1:2 inactive=1h;
server {
server_name git.krd.sh;
@ -46,16 +61,16 @@ server {
proxy_redirect ~*^http://(ci|git)\.krd\.sh(?:|:[0-9]+)/(.*)$ https://$1.krd.sh/$2;
location / {
proxy_pass http://127.0.0.1:3000;
proxy_pass http://krdsh_git;
## quirks
client_max_body_size 512M;
chunked_transfer_encoding off;
}
location @precache {
proxy_pass http://127.0.0.1:3000;
proxy_pass http://krdsh_git;
proxy_cache krdsh_git;
proxy_cache krdsh_cache_git;
proxy_cache_key $uri;
proxy_cache_valid 200 1h;
proxy_cache_valid 30s;
@ -74,15 +89,10 @@ server {
location /assets/ {
try_files /.non-existent-uri @precache;
# proxy_pass http://127.0.0.1:3000;
# proxy_pass http://krdsh_git;
}
}
proxy_cache_path
/var/cache/angie/proxy/krdsh-ci
keys_zone=krdsh_ci:10m
levels=1:2 inactive=1h;
server {
server_name ci.krd.sh;
@ -104,7 +114,7 @@ server {
proxy_redirect ~*^http://(ci|git)\.krd\.sh(?:|:[0-9]+)/(.*)$ https://$1.krd.sh/$2;
location / {
proxy_pass http://127.0.0.1:8000;
proxy_pass http://krdsh_ci;
## quirks
chunked_transfer_encoding off;
client_max_body_size 16M;
@ -112,9 +122,9 @@ server {
}
location @precache {
proxy_pass http://127.0.0.1:8000;
proxy_pass http://krdsh_ci;
proxy_cache krdsh_ci;
proxy_cache krdsh_cache_ci;
proxy_cache_key $uri;
proxy_cache_valid 200 1h;
proxy_cache_valid 30s;
@ -133,7 +143,7 @@ server {
location /assets/ {
try_files /.non-existent-uri @precache;
# proxy_pass http://127.0.0.1:8000;
# proxy_pass http://krdsh_ci;
}
}
@ -153,6 +163,6 @@ server {
include snip.d/grpc-accept-encoding;
location / {
grpc_pass grpc://127.0.0.1:9000;
grpc_pass grpc://krdsh_ci_grpc;
}
}

View File

@ -1,3 +1,12 @@
upstream krdsh_nexus {
server 127.0.0.1:8081;
}
proxy_cache_path
/var/cache/angie/proxy/krdsh-nexus
keys_zone=krdsh_cache_nexus:10m
levels=1:2 inactive=1h;
server {
server_name nexus.krd.sh;
@ -28,7 +37,7 @@ server {
gzip off;
brotli off;
proxy_pass http://127.0.0.1:8081;
proxy_pass http://krdsh_nexus;
proxy_method GET;
}
@ -41,7 +50,7 @@ server {
allow 240.0.0.0/4;
deny all;
proxy_pass http://127.0.0.1:8081;
proxy_pass http://krdsh_nexus;
proxy_method GET;
}
@ -70,7 +79,7 @@ server {
proxy_redirect ~*^http://$host(?:|:[0-9]+)/(.*)$ https://$host/$1;
location / {
proxy_pass http://127.0.0.1:8081;
proxy_pass http://krdsh_nexus;
## quirks
client_max_body_size 1024M;
}
@ -84,7 +93,7 @@ server {
allow 240.0.0.0/4;
deny all;
proxy_pass http://127.0.0.1:8081;
proxy_pass http://krdsh_nexus;
}
## quirks
@ -112,7 +121,7 @@ server {
proxy_redirect ~*^http://$host(?:|:[0-9]+)/(.*)$ https://$host/$1;
location / {
proxy_pass http://127.0.0.1:8081;
proxy_pass http://krdsh_nexus;
## quirks
client_max_body_size 1024M;
}
@ -126,7 +135,7 @@ server {
allow 240.0.0.0/4;
deny all;
proxy_pass http://127.0.0.1:8081;
proxy_pass http://krdsh_nexus;
}
js_import njs/nexus.js;
@ -139,11 +148,6 @@ server {
chunked_transfer_encoding off;
}
proxy_cache_path
/var/cache/angie/proxy/krdsh-nexus
keys_zone=krdsh_nexus:10m
levels=1:2 inactive=1h;
server {
## PITA
server_name
@ -196,9 +200,9 @@ server {
}
location @precache {
proxy_pass http://127.0.0.1:8081;
proxy_pass http://krdsh_nexus;
proxy_cache krdsh_nexus;
proxy_cache krdsh_cache_nexus;
proxy_cache_key $uri$is_args$args;
proxy_cache_valid 200 1h;
proxy_cache_valid 30s;

View File

@ -3,7 +3,7 @@
include snip.d/tls-common;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_session_cache shared:tls-intermediate:10m;
ssl_session_cache shared:tls-intermediate:20m;
ssl_prefer_server_ciphers off;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305;

View File

@ -1,6 +1,6 @@
include snip.d/tls-common;
ssl_protocols TLSv1.3;
ssl_session_cache shared:ssl-modern:10m;
ssl_session_cache shared:ssl-modern:20m;
ssl_prefer_server_ciphers off;
ssl_early_data on;

View File

@ -1,7 +1,7 @@
include snip.d/tls-common;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
ssl_session_cache shared:tls-old:10m;
ssl_session_cache shared:tls-old:20m;
ssl_prefer_server_ciphers on;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA;