Compare commits
3 Commits
9ddcbbdccc
...
d8f2433a81
Author | SHA1 | Date | |
---|---|---|---|
d8f2433a81 | |||
a2ad779413 | |||
324dded6d2 |
@ -1 +1 @@
|
||||
worker_rlimit_nofile 1048576;
|
||||
worker_rlimit_nofile 262144;
|
||||
|
@ -1 +1 @@
|
||||
worker_connections 16384;
|
||||
worker_connections 65536;
|
||||
|
@ -2,9 +2,11 @@ brotli on;
|
||||
|
||||
## default is 6
|
||||
brotli_comp_level 5;
|
||||
brotli_min_length 1024;
|
||||
## default is 512k
|
||||
brotli_window 64k;
|
||||
|
||||
brotli_buffers 32 16k;
|
||||
brotli_min_length 1024;
|
||||
brotli_buffers 32 16k;
|
||||
|
||||
brotli_types
|
||||
application/atom+xml
|
||||
|
@ -2,14 +2,14 @@ gzip on;
|
||||
|
||||
## default is 1
|
||||
gzip_comp_level 2;
|
||||
|
||||
gzip_min_length 1024;
|
||||
gzip_buffers 32 16k;
|
||||
gunzip_buffers 32 16k;
|
||||
|
||||
gzip_vary on;
|
||||
gzip_proxied any;
|
||||
|
||||
gzip_buffers 32 16k;
|
||||
gunzip_buffers 32 16k;
|
||||
|
||||
gzip_types
|
||||
application/atom+xml
|
||||
application/javascript
|
||||
|
24
conf.avail/http-zstd.conf
Normal file
24
conf.avail/http-zstd.conf
Normal file
@ -0,0 +1,24 @@
|
||||
zstd on;
|
||||
|
||||
## default is 1
|
||||
zstd_comp_level 2;
|
||||
|
||||
zstd_min_length 1024;
|
||||
zstd_buffers 32 16k;
|
||||
|
||||
zstd_types
|
||||
application/atom+xml
|
||||
application/javascript
|
||||
application/json
|
||||
application/vnd.api+json
|
||||
application/rss+xml
|
||||
application/x-javascript
|
||||
application/xhtml+xml
|
||||
application/xml
|
||||
image/svg+xml
|
||||
image/x-icon
|
||||
text/css
|
||||
text/javascript
|
||||
text/plain
|
||||
text/xml
|
||||
;
|
1
conf.d/http-zstd.conf
Symbolic link
1
conf.d/http-zstd.conf
Symbolic link
@ -0,0 +1 @@
|
||||
../conf.avail/http-zstd.conf
|
2
mod.avail/http-zstd.conf
Normal file
2
mod.avail/http-zstd.conf
Normal file
@ -0,0 +1,2 @@
|
||||
load_module modules/ngx_http_zstd_filter_module.so;
|
||||
load_module modules/ngx_http_zstd_static_module.so;
|
1
mod.d/http-zstd.conf
Symbolic link
1
mod.d/http-zstd.conf
Symbolic link
@ -0,0 +1 @@
|
||||
../mod.avail/http-zstd.conf
|
@ -1,3 +1,23 @@
|
||||
upstream krdsh_git {
|
||||
server 127.0.0.1:3000;
|
||||
}
|
||||
upstream krdsh_ci {
|
||||
server 127.0.0.1:8000;
|
||||
}
|
||||
upstream krdsh_ci_grpc {
|
||||
server 127.0.0.1:9000;
|
||||
}
|
||||
|
||||
proxy_cache_path
|
||||
/var/cache/angie/proxy/krdsh-git
|
||||
keys_zone=krdsh_cache_git:10m
|
||||
levels=1:2 inactive=1h;
|
||||
|
||||
proxy_cache_path
|
||||
/var/cache/angie/proxy/krdsh-ci
|
||||
keys_zone=krdsh_cache_ci:10m
|
||||
levels=1:2 inactive=1h;
|
||||
|
||||
server {
|
||||
server_name git.krd.sh ci.krd.sh;
|
||||
|
||||
@ -20,11 +40,6 @@ server {
|
||||
}
|
||||
}
|
||||
|
||||
proxy_cache_path
|
||||
/var/cache/angie/proxy/krdsh-git
|
||||
keys_zone=krdsh_git:10m
|
||||
levels=1:2 inactive=1h;
|
||||
|
||||
server {
|
||||
server_name git.krd.sh;
|
||||
|
||||
@ -46,16 +61,16 @@ server {
|
||||
proxy_redirect ~*^http://(ci|git)\.krd\.sh(?:|:[0-9]+)/(.*)$ https://$1.krd.sh/$2;
|
||||
|
||||
location / {
|
||||
proxy_pass http://127.0.0.1:3000;
|
||||
proxy_pass http://krdsh_git;
|
||||
## quirks
|
||||
client_max_body_size 512M;
|
||||
chunked_transfer_encoding off;
|
||||
}
|
||||
|
||||
location @precache {
|
||||
proxy_pass http://127.0.0.1:3000;
|
||||
proxy_pass http://krdsh_git;
|
||||
|
||||
proxy_cache krdsh_git;
|
||||
proxy_cache krdsh_cache_git;
|
||||
proxy_cache_key $uri;
|
||||
proxy_cache_valid 200 1h;
|
||||
proxy_cache_valid 30s;
|
||||
@ -74,15 +89,10 @@ server {
|
||||
|
||||
location /assets/ {
|
||||
try_files /.non-existent-uri @precache;
|
||||
# proxy_pass http://127.0.0.1:3000;
|
||||
# proxy_pass http://krdsh_git;
|
||||
}
|
||||
}
|
||||
|
||||
proxy_cache_path
|
||||
/var/cache/angie/proxy/krdsh-ci
|
||||
keys_zone=krdsh_ci:10m
|
||||
levels=1:2 inactive=1h;
|
||||
|
||||
server {
|
||||
server_name ci.krd.sh;
|
||||
|
||||
@ -104,7 +114,7 @@ server {
|
||||
proxy_redirect ~*^http://(ci|git)\.krd\.sh(?:|:[0-9]+)/(.*)$ https://$1.krd.sh/$2;
|
||||
|
||||
location / {
|
||||
proxy_pass http://127.0.0.1:8000;
|
||||
proxy_pass http://krdsh_ci;
|
||||
## quirks
|
||||
chunked_transfer_encoding off;
|
||||
client_max_body_size 16M;
|
||||
@ -112,9 +122,9 @@ server {
|
||||
}
|
||||
|
||||
location @precache {
|
||||
proxy_pass http://127.0.0.1:8000;
|
||||
proxy_pass http://krdsh_ci;
|
||||
|
||||
proxy_cache krdsh_ci;
|
||||
proxy_cache krdsh_cache_ci;
|
||||
proxy_cache_key $uri;
|
||||
proxy_cache_valid 200 1h;
|
||||
proxy_cache_valid 30s;
|
||||
@ -133,7 +143,7 @@ server {
|
||||
|
||||
location /assets/ {
|
||||
try_files /.non-existent-uri @precache;
|
||||
# proxy_pass http://127.0.0.1:8000;
|
||||
# proxy_pass http://krdsh_ci;
|
||||
}
|
||||
}
|
||||
|
||||
@ -153,6 +163,6 @@ server {
|
||||
include snip.d/grpc-accept-encoding;
|
||||
|
||||
location / {
|
||||
grpc_pass grpc://127.0.0.1:9000;
|
||||
grpc_pass grpc://krdsh_ci_grpc;
|
||||
}
|
||||
}
|
||||
|
@ -1,3 +1,12 @@
|
||||
upstream krdsh_nexus {
|
||||
server 127.0.0.1:8081;
|
||||
}
|
||||
|
||||
proxy_cache_path
|
||||
/var/cache/angie/proxy/krdsh-nexus
|
||||
keys_zone=krdsh_cache_nexus:10m
|
||||
levels=1:2 inactive=1h;
|
||||
|
||||
server {
|
||||
server_name nexus.krd.sh;
|
||||
|
||||
@ -28,7 +37,7 @@ server {
|
||||
gzip off;
|
||||
brotli off;
|
||||
|
||||
proxy_pass http://127.0.0.1:8081;
|
||||
proxy_pass http://krdsh_nexus;
|
||||
proxy_method GET;
|
||||
}
|
||||
|
||||
@ -41,7 +50,7 @@ server {
|
||||
allow 240.0.0.0/4;
|
||||
deny all;
|
||||
|
||||
proxy_pass http://127.0.0.1:8081;
|
||||
proxy_pass http://krdsh_nexus;
|
||||
proxy_method GET;
|
||||
}
|
||||
|
||||
@ -70,7 +79,7 @@ server {
|
||||
proxy_redirect ~*^http://$host(?:|:[0-9]+)/(.*)$ https://$host/$1;
|
||||
|
||||
location / {
|
||||
proxy_pass http://127.0.0.1:8081;
|
||||
proxy_pass http://krdsh_nexus;
|
||||
## quirks
|
||||
client_max_body_size 1024M;
|
||||
}
|
||||
@ -84,7 +93,7 @@ server {
|
||||
allow 240.0.0.0/4;
|
||||
deny all;
|
||||
|
||||
proxy_pass http://127.0.0.1:8081;
|
||||
proxy_pass http://krdsh_nexus;
|
||||
}
|
||||
|
||||
## quirks
|
||||
@ -112,7 +121,7 @@ server {
|
||||
proxy_redirect ~*^http://$host(?:|:[0-9]+)/(.*)$ https://$host/$1;
|
||||
|
||||
location / {
|
||||
proxy_pass http://127.0.0.1:8081;
|
||||
proxy_pass http://krdsh_nexus;
|
||||
## quirks
|
||||
client_max_body_size 1024M;
|
||||
}
|
||||
@ -126,7 +135,7 @@ server {
|
||||
allow 240.0.0.0/4;
|
||||
deny all;
|
||||
|
||||
proxy_pass http://127.0.0.1:8081;
|
||||
proxy_pass http://krdsh_nexus;
|
||||
}
|
||||
|
||||
js_import njs/nexus.js;
|
||||
@ -139,11 +148,6 @@ server {
|
||||
chunked_transfer_encoding off;
|
||||
}
|
||||
|
||||
proxy_cache_path
|
||||
/var/cache/angie/proxy/krdsh-nexus
|
||||
keys_zone=krdsh_nexus:10m
|
||||
levels=1:2 inactive=1h;
|
||||
|
||||
server {
|
||||
## PITA
|
||||
server_name
|
||||
@ -196,9 +200,9 @@ server {
|
||||
}
|
||||
|
||||
location @precache {
|
||||
proxy_pass http://127.0.0.1:8081;
|
||||
proxy_pass http://krdsh_nexus;
|
||||
|
||||
proxy_cache krdsh_nexus;
|
||||
proxy_cache krdsh_cache_nexus;
|
||||
proxy_cache_key $uri$is_args$args;
|
||||
proxy_cache_valid 200 1h;
|
||||
proxy_cache_valid 30s;
|
||||
|
@ -3,7 +3,7 @@
|
||||
include snip.d/tls-common;
|
||||
|
||||
ssl_protocols TLSv1.2 TLSv1.3;
|
||||
ssl_session_cache shared:tls-intermediate:10m;
|
||||
ssl_session_cache shared:tls-intermediate:20m;
|
||||
ssl_prefer_server_ciphers off;
|
||||
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305;
|
||||
|
||||
|
@ -1,6 +1,6 @@
|
||||
include snip.d/tls-common;
|
||||
|
||||
ssl_protocols TLSv1.3;
|
||||
ssl_session_cache shared:ssl-modern:10m;
|
||||
ssl_session_cache shared:ssl-modern:20m;
|
||||
ssl_prefer_server_ciphers off;
|
||||
ssl_early_data on;
|
||||
|
@ -1,7 +1,7 @@
|
||||
include snip.d/tls-common;
|
||||
|
||||
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
|
||||
ssl_session_cache shared:tls-old:10m;
|
||||
ssl_session_cache shared:tls-old:20m;
|
||||
ssl_prefer_server_ciphers on;
|
||||
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA;
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user