Compare commits
No commits in common. "d8f2433a81165403db8e9556ad871d3e473a358f" and "9ddcbbdccc382a6e4b2f3b76f217eeae53ef2f3d" have entirely different histories.
d8f2433a81
...
9ddcbbdccc
@ -1 +1 @@
|
|||||||
worker_rlimit_nofile 262144;
|
worker_rlimit_nofile 1048576;
|
||||||
|
@ -1 +1 @@
|
|||||||
worker_connections 65536;
|
worker_connections 16384;
|
||||||
|
@ -2,10 +2,8 @@ brotli on;
|
|||||||
|
|
||||||
## default is 6
|
## default is 6
|
||||||
brotli_comp_level 5;
|
brotli_comp_level 5;
|
||||||
## default is 512k
|
|
||||||
brotli_window 64k;
|
|
||||||
|
|
||||||
brotli_min_length 1024;
|
brotli_min_length 1024;
|
||||||
|
|
||||||
brotli_buffers 32 16k;
|
brotli_buffers 32 16k;
|
||||||
|
|
||||||
brotli_types
|
brotli_types
|
||||||
|
@ -2,14 +2,14 @@ gzip on;
|
|||||||
|
|
||||||
## default is 1
|
## default is 1
|
||||||
gzip_comp_level 2;
|
gzip_comp_level 2;
|
||||||
|
|
||||||
gzip_min_length 1024;
|
gzip_min_length 1024;
|
||||||
gzip_buffers 32 16k;
|
|
||||||
gunzip_buffers 32 16k;
|
|
||||||
|
|
||||||
gzip_vary on;
|
gzip_vary on;
|
||||||
gzip_proxied any;
|
gzip_proxied any;
|
||||||
|
|
||||||
|
gzip_buffers 32 16k;
|
||||||
|
gunzip_buffers 32 16k;
|
||||||
|
|
||||||
gzip_types
|
gzip_types
|
||||||
application/atom+xml
|
application/atom+xml
|
||||||
application/javascript
|
application/javascript
|
||||||
|
@ -1,24 +0,0 @@
|
|||||||
zstd on;
|
|
||||||
|
|
||||||
## default is 1
|
|
||||||
zstd_comp_level 2;
|
|
||||||
|
|
||||||
zstd_min_length 1024;
|
|
||||||
zstd_buffers 32 16k;
|
|
||||||
|
|
||||||
zstd_types
|
|
||||||
application/atom+xml
|
|
||||||
application/javascript
|
|
||||||
application/json
|
|
||||||
application/vnd.api+json
|
|
||||||
application/rss+xml
|
|
||||||
application/x-javascript
|
|
||||||
application/xhtml+xml
|
|
||||||
application/xml
|
|
||||||
image/svg+xml
|
|
||||||
image/x-icon
|
|
||||||
text/css
|
|
||||||
text/javascript
|
|
||||||
text/plain
|
|
||||||
text/xml
|
|
||||||
;
|
|
@ -1 +0,0 @@
|
|||||||
../conf.avail/http-zstd.conf
|
|
@ -1,2 +0,0 @@
|
|||||||
load_module modules/ngx_http_zstd_filter_module.so;
|
|
||||||
load_module modules/ngx_http_zstd_static_module.so;
|
|
@ -1 +0,0 @@
|
|||||||
../mod.avail/http-zstd.conf
|
|
@ -1,23 +1,3 @@
|
|||||||
upstream krdsh_git {
|
|
||||||
server 127.0.0.1:3000;
|
|
||||||
}
|
|
||||||
upstream krdsh_ci {
|
|
||||||
server 127.0.0.1:8000;
|
|
||||||
}
|
|
||||||
upstream krdsh_ci_grpc {
|
|
||||||
server 127.0.0.1:9000;
|
|
||||||
}
|
|
||||||
|
|
||||||
proxy_cache_path
|
|
||||||
/var/cache/angie/proxy/krdsh-git
|
|
||||||
keys_zone=krdsh_cache_git:10m
|
|
||||||
levels=1:2 inactive=1h;
|
|
||||||
|
|
||||||
proxy_cache_path
|
|
||||||
/var/cache/angie/proxy/krdsh-ci
|
|
||||||
keys_zone=krdsh_cache_ci:10m
|
|
||||||
levels=1:2 inactive=1h;
|
|
||||||
|
|
||||||
server {
|
server {
|
||||||
server_name git.krd.sh ci.krd.sh;
|
server_name git.krd.sh ci.krd.sh;
|
||||||
|
|
||||||
@ -40,6 +20,11 @@ server {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
proxy_cache_path
|
||||||
|
/var/cache/angie/proxy/krdsh-git
|
||||||
|
keys_zone=krdsh_git:10m
|
||||||
|
levels=1:2 inactive=1h;
|
||||||
|
|
||||||
server {
|
server {
|
||||||
server_name git.krd.sh;
|
server_name git.krd.sh;
|
||||||
|
|
||||||
@ -61,16 +46,16 @@ server {
|
|||||||
proxy_redirect ~*^http://(ci|git)\.krd\.sh(?:|:[0-9]+)/(.*)$ https://$1.krd.sh/$2;
|
proxy_redirect ~*^http://(ci|git)\.krd\.sh(?:|:[0-9]+)/(.*)$ https://$1.krd.sh/$2;
|
||||||
|
|
||||||
location / {
|
location / {
|
||||||
proxy_pass http://krdsh_git;
|
proxy_pass http://127.0.0.1:3000;
|
||||||
## quirks
|
## quirks
|
||||||
client_max_body_size 512M;
|
client_max_body_size 512M;
|
||||||
chunked_transfer_encoding off;
|
chunked_transfer_encoding off;
|
||||||
}
|
}
|
||||||
|
|
||||||
location @precache {
|
location @precache {
|
||||||
proxy_pass http://krdsh_git;
|
proxy_pass http://127.0.0.1:3000;
|
||||||
|
|
||||||
proxy_cache krdsh_cache_git;
|
proxy_cache krdsh_git;
|
||||||
proxy_cache_key $uri;
|
proxy_cache_key $uri;
|
||||||
proxy_cache_valid 200 1h;
|
proxy_cache_valid 200 1h;
|
||||||
proxy_cache_valid 30s;
|
proxy_cache_valid 30s;
|
||||||
@ -89,10 +74,15 @@ server {
|
|||||||
|
|
||||||
location /assets/ {
|
location /assets/ {
|
||||||
try_files /.non-existent-uri @precache;
|
try_files /.non-existent-uri @precache;
|
||||||
# proxy_pass http://krdsh_git;
|
# proxy_pass http://127.0.0.1:3000;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
proxy_cache_path
|
||||||
|
/var/cache/angie/proxy/krdsh-ci
|
||||||
|
keys_zone=krdsh_ci:10m
|
||||||
|
levels=1:2 inactive=1h;
|
||||||
|
|
||||||
server {
|
server {
|
||||||
server_name ci.krd.sh;
|
server_name ci.krd.sh;
|
||||||
|
|
||||||
@ -114,7 +104,7 @@ server {
|
|||||||
proxy_redirect ~*^http://(ci|git)\.krd\.sh(?:|:[0-9]+)/(.*)$ https://$1.krd.sh/$2;
|
proxy_redirect ~*^http://(ci|git)\.krd\.sh(?:|:[0-9]+)/(.*)$ https://$1.krd.sh/$2;
|
||||||
|
|
||||||
location / {
|
location / {
|
||||||
proxy_pass http://krdsh_ci;
|
proxy_pass http://127.0.0.1:8000;
|
||||||
## quirks
|
## quirks
|
||||||
chunked_transfer_encoding off;
|
chunked_transfer_encoding off;
|
||||||
client_max_body_size 16M;
|
client_max_body_size 16M;
|
||||||
@ -122,9 +112,9 @@ server {
|
|||||||
}
|
}
|
||||||
|
|
||||||
location @precache {
|
location @precache {
|
||||||
proxy_pass http://krdsh_ci;
|
proxy_pass http://127.0.0.1:8000;
|
||||||
|
|
||||||
proxy_cache krdsh_cache_ci;
|
proxy_cache krdsh_ci;
|
||||||
proxy_cache_key $uri;
|
proxy_cache_key $uri;
|
||||||
proxy_cache_valid 200 1h;
|
proxy_cache_valid 200 1h;
|
||||||
proxy_cache_valid 30s;
|
proxy_cache_valid 30s;
|
||||||
@ -143,7 +133,7 @@ server {
|
|||||||
|
|
||||||
location /assets/ {
|
location /assets/ {
|
||||||
try_files /.non-existent-uri @precache;
|
try_files /.non-existent-uri @precache;
|
||||||
# proxy_pass http://krdsh_ci;
|
# proxy_pass http://127.0.0.1:8000;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -163,6 +153,6 @@ server {
|
|||||||
include snip.d/grpc-accept-encoding;
|
include snip.d/grpc-accept-encoding;
|
||||||
|
|
||||||
location / {
|
location / {
|
||||||
grpc_pass grpc://krdsh_ci_grpc;
|
grpc_pass grpc://127.0.0.1:9000;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -1,12 +1,3 @@
|
|||||||
upstream krdsh_nexus {
|
|
||||||
server 127.0.0.1:8081;
|
|
||||||
}
|
|
||||||
|
|
||||||
proxy_cache_path
|
|
||||||
/var/cache/angie/proxy/krdsh-nexus
|
|
||||||
keys_zone=krdsh_cache_nexus:10m
|
|
||||||
levels=1:2 inactive=1h;
|
|
||||||
|
|
||||||
server {
|
server {
|
||||||
server_name nexus.krd.sh;
|
server_name nexus.krd.sh;
|
||||||
|
|
||||||
@ -37,7 +28,7 @@ server {
|
|||||||
gzip off;
|
gzip off;
|
||||||
brotli off;
|
brotli off;
|
||||||
|
|
||||||
proxy_pass http://krdsh_nexus;
|
proxy_pass http://127.0.0.1:8081;
|
||||||
proxy_method GET;
|
proxy_method GET;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -50,7 +41,7 @@ server {
|
|||||||
allow 240.0.0.0/4;
|
allow 240.0.0.0/4;
|
||||||
deny all;
|
deny all;
|
||||||
|
|
||||||
proxy_pass http://krdsh_nexus;
|
proxy_pass http://127.0.0.1:8081;
|
||||||
proxy_method GET;
|
proxy_method GET;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -79,7 +70,7 @@ server {
|
|||||||
proxy_redirect ~*^http://$host(?:|:[0-9]+)/(.*)$ https://$host/$1;
|
proxy_redirect ~*^http://$host(?:|:[0-9]+)/(.*)$ https://$host/$1;
|
||||||
|
|
||||||
location / {
|
location / {
|
||||||
proxy_pass http://krdsh_nexus;
|
proxy_pass http://127.0.0.1:8081;
|
||||||
## quirks
|
## quirks
|
||||||
client_max_body_size 1024M;
|
client_max_body_size 1024M;
|
||||||
}
|
}
|
||||||
@ -93,7 +84,7 @@ server {
|
|||||||
allow 240.0.0.0/4;
|
allow 240.0.0.0/4;
|
||||||
deny all;
|
deny all;
|
||||||
|
|
||||||
proxy_pass http://krdsh_nexus;
|
proxy_pass http://127.0.0.1:8081;
|
||||||
}
|
}
|
||||||
|
|
||||||
## quirks
|
## quirks
|
||||||
@ -121,7 +112,7 @@ server {
|
|||||||
proxy_redirect ~*^http://$host(?:|:[0-9]+)/(.*)$ https://$host/$1;
|
proxy_redirect ~*^http://$host(?:|:[0-9]+)/(.*)$ https://$host/$1;
|
||||||
|
|
||||||
location / {
|
location / {
|
||||||
proxy_pass http://krdsh_nexus;
|
proxy_pass http://127.0.0.1:8081;
|
||||||
## quirks
|
## quirks
|
||||||
client_max_body_size 1024M;
|
client_max_body_size 1024M;
|
||||||
}
|
}
|
||||||
@ -135,7 +126,7 @@ server {
|
|||||||
allow 240.0.0.0/4;
|
allow 240.0.0.0/4;
|
||||||
deny all;
|
deny all;
|
||||||
|
|
||||||
proxy_pass http://krdsh_nexus;
|
proxy_pass http://127.0.0.1:8081;
|
||||||
}
|
}
|
||||||
|
|
||||||
js_import njs/nexus.js;
|
js_import njs/nexus.js;
|
||||||
@ -148,6 +139,11 @@ server {
|
|||||||
chunked_transfer_encoding off;
|
chunked_transfer_encoding off;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
proxy_cache_path
|
||||||
|
/var/cache/angie/proxy/krdsh-nexus
|
||||||
|
keys_zone=krdsh_nexus:10m
|
||||||
|
levels=1:2 inactive=1h;
|
||||||
|
|
||||||
server {
|
server {
|
||||||
## PITA
|
## PITA
|
||||||
server_name
|
server_name
|
||||||
@ -200,9 +196,9 @@ server {
|
|||||||
}
|
}
|
||||||
|
|
||||||
location @precache {
|
location @precache {
|
||||||
proxy_pass http://krdsh_nexus;
|
proxy_pass http://127.0.0.1:8081;
|
||||||
|
|
||||||
proxy_cache krdsh_cache_nexus;
|
proxy_cache krdsh_nexus;
|
||||||
proxy_cache_key $uri$is_args$args;
|
proxy_cache_key $uri$is_args$args;
|
||||||
proxy_cache_valid 200 1h;
|
proxy_cache_valid 200 1h;
|
||||||
proxy_cache_valid 30s;
|
proxy_cache_valid 30s;
|
||||||
|
@ -3,7 +3,7 @@
|
|||||||
include snip.d/tls-common;
|
include snip.d/tls-common;
|
||||||
|
|
||||||
ssl_protocols TLSv1.2 TLSv1.3;
|
ssl_protocols TLSv1.2 TLSv1.3;
|
||||||
ssl_session_cache shared:tls-intermediate:20m;
|
ssl_session_cache shared:tls-intermediate:10m;
|
||||||
ssl_prefer_server_ciphers off;
|
ssl_prefer_server_ciphers off;
|
||||||
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305;
|
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305;
|
||||||
|
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
include snip.d/tls-common;
|
include snip.d/tls-common;
|
||||||
|
|
||||||
ssl_protocols TLSv1.3;
|
ssl_protocols TLSv1.3;
|
||||||
ssl_session_cache shared:ssl-modern:20m;
|
ssl_session_cache shared:ssl-modern:10m;
|
||||||
ssl_prefer_server_ciphers off;
|
ssl_prefer_server_ciphers off;
|
||||||
ssl_early_data on;
|
ssl_early_data on;
|
||||||
|
@ -1,7 +1,7 @@
|
|||||||
include snip.d/tls-common;
|
include snip.d/tls-common;
|
||||||
|
|
||||||
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
|
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
|
||||||
ssl_session_cache shared:tls-old:20m;
|
ssl_session_cache shared:tls-old:10m;
|
||||||
ssl_prefer_server_ciphers on;
|
ssl_prefer_server_ciphers on;
|
||||||
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA;
|
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA;
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user