1
0

Compare commits

..

No commits in common. "d8f2433a81165403db8e9556ad871d3e473a358f" and "9ddcbbdccc382a6e4b2f3b76f217eeae53ef2f3d" have entirely different histories.

13 changed files with 42 additions and 86 deletions

View File

@ -1 +1 @@
worker_rlimit_nofile 262144;
worker_rlimit_nofile 1048576;

View File

@ -1 +1 @@
worker_connections 65536;
worker_connections 16384;

View File

@ -2,11 +2,9 @@ brotli on;
## default is 6
brotli_comp_level 5;
## default is 512k
brotli_window 64k;
brotli_min_length 1024;
brotli_buffers 32 16k;
brotli_buffers 32 16k;
brotli_types
application/atom+xml

View File

@ -2,14 +2,14 @@ gzip on;
## default is 1
gzip_comp_level 2;
gzip_min_length 1024;
gzip_buffers 32 16k;
gunzip_buffers 32 16k;
gzip_vary on;
gzip_proxied any;
gzip_buffers 32 16k;
gunzip_buffers 32 16k;
gzip_types
application/atom+xml
application/javascript

View File

@ -1,24 +0,0 @@
zstd on;
## default is 1
zstd_comp_level 2;
zstd_min_length 1024;
zstd_buffers 32 16k;
zstd_types
application/atom+xml
application/javascript
application/json
application/vnd.api+json
application/rss+xml
application/x-javascript
application/xhtml+xml
application/xml
image/svg+xml
image/x-icon
text/css
text/javascript
text/plain
text/xml
;

View File

@ -1 +0,0 @@
../conf.avail/http-zstd.conf

View File

@ -1,2 +0,0 @@
load_module modules/ngx_http_zstd_filter_module.so;
load_module modules/ngx_http_zstd_static_module.so;

View File

@ -1 +0,0 @@
../mod.avail/http-zstd.conf

View File

@ -1,23 +1,3 @@
upstream krdsh_git {
server 127.0.0.1:3000;
}
upstream krdsh_ci {
server 127.0.0.1:8000;
}
upstream krdsh_ci_grpc {
server 127.0.0.1:9000;
}
proxy_cache_path
/var/cache/angie/proxy/krdsh-git
keys_zone=krdsh_cache_git:10m
levels=1:2 inactive=1h;
proxy_cache_path
/var/cache/angie/proxy/krdsh-ci
keys_zone=krdsh_cache_ci:10m
levels=1:2 inactive=1h;
server {
server_name git.krd.sh ci.krd.sh;
@ -40,6 +20,11 @@ server {
}
}
proxy_cache_path
/var/cache/angie/proxy/krdsh-git
keys_zone=krdsh_git:10m
levels=1:2 inactive=1h;
server {
server_name git.krd.sh;
@ -61,16 +46,16 @@ server {
proxy_redirect ~*^http://(ci|git)\.krd\.sh(?:|:[0-9]+)/(.*)$ https://$1.krd.sh/$2;
location / {
proxy_pass http://krdsh_git;
proxy_pass http://127.0.0.1:3000;
## quirks
client_max_body_size 512M;
chunked_transfer_encoding off;
}
location @precache {
proxy_pass http://krdsh_git;
proxy_pass http://127.0.0.1:3000;
proxy_cache krdsh_cache_git;
proxy_cache krdsh_git;
proxy_cache_key $uri;
proxy_cache_valid 200 1h;
proxy_cache_valid 30s;
@ -89,10 +74,15 @@ server {
location /assets/ {
try_files /.non-existent-uri @precache;
# proxy_pass http://krdsh_git;
# proxy_pass http://127.0.0.1:3000;
}
}
proxy_cache_path
/var/cache/angie/proxy/krdsh-ci
keys_zone=krdsh_ci:10m
levels=1:2 inactive=1h;
server {
server_name ci.krd.sh;
@ -114,7 +104,7 @@ server {
proxy_redirect ~*^http://(ci|git)\.krd\.sh(?:|:[0-9]+)/(.*)$ https://$1.krd.sh/$2;
location / {
proxy_pass http://krdsh_ci;
proxy_pass http://127.0.0.1:8000;
## quirks
chunked_transfer_encoding off;
client_max_body_size 16M;
@ -122,9 +112,9 @@ server {
}
location @precache {
proxy_pass http://krdsh_ci;
proxy_pass http://127.0.0.1:8000;
proxy_cache krdsh_cache_ci;
proxy_cache krdsh_ci;
proxy_cache_key $uri;
proxy_cache_valid 200 1h;
proxy_cache_valid 30s;
@ -143,7 +133,7 @@ server {
location /assets/ {
try_files /.non-existent-uri @precache;
# proxy_pass http://krdsh_ci;
# proxy_pass http://127.0.0.1:8000;
}
}
@ -163,6 +153,6 @@ server {
include snip.d/grpc-accept-encoding;
location / {
grpc_pass grpc://krdsh_ci_grpc;
grpc_pass grpc://127.0.0.1:9000;
}
}

View File

@ -1,12 +1,3 @@
upstream krdsh_nexus {
server 127.0.0.1:8081;
}
proxy_cache_path
/var/cache/angie/proxy/krdsh-nexus
keys_zone=krdsh_cache_nexus:10m
levels=1:2 inactive=1h;
server {
server_name nexus.krd.sh;
@ -37,7 +28,7 @@ server {
gzip off;
brotli off;
proxy_pass http://krdsh_nexus;
proxy_pass http://127.0.0.1:8081;
proxy_method GET;
}
@ -50,7 +41,7 @@ server {
allow 240.0.0.0/4;
deny all;
proxy_pass http://krdsh_nexus;
proxy_pass http://127.0.0.1:8081;
proxy_method GET;
}
@ -79,7 +70,7 @@ server {
proxy_redirect ~*^http://$host(?:|:[0-9]+)/(.*)$ https://$host/$1;
location / {
proxy_pass http://krdsh_nexus;
proxy_pass http://127.0.0.1:8081;
## quirks
client_max_body_size 1024M;
}
@ -93,7 +84,7 @@ server {
allow 240.0.0.0/4;
deny all;
proxy_pass http://krdsh_nexus;
proxy_pass http://127.0.0.1:8081;
}
## quirks
@ -121,7 +112,7 @@ server {
proxy_redirect ~*^http://$host(?:|:[0-9]+)/(.*)$ https://$host/$1;
location / {
proxy_pass http://krdsh_nexus;
proxy_pass http://127.0.0.1:8081;
## quirks
client_max_body_size 1024M;
}
@ -135,7 +126,7 @@ server {
allow 240.0.0.0/4;
deny all;
proxy_pass http://krdsh_nexus;
proxy_pass http://127.0.0.1:8081;
}
js_import njs/nexus.js;
@ -148,6 +139,11 @@ server {
chunked_transfer_encoding off;
}
proxy_cache_path
/var/cache/angie/proxy/krdsh-nexus
keys_zone=krdsh_nexus:10m
levels=1:2 inactive=1h;
server {
## PITA
server_name
@ -200,9 +196,9 @@ server {
}
location @precache {
proxy_pass http://krdsh_nexus;
proxy_pass http://127.0.0.1:8081;
proxy_cache krdsh_cache_nexus;
proxy_cache krdsh_nexus;
proxy_cache_key $uri$is_args$args;
proxy_cache_valid 200 1h;
proxy_cache_valid 30s;

View File

@ -3,7 +3,7 @@
include snip.d/tls-common;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_session_cache shared:tls-intermediate:20m;
ssl_session_cache shared:tls-intermediate:10m;
ssl_prefer_server_ciphers off;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305;

View File

@ -1,6 +1,6 @@
include snip.d/tls-common;
ssl_protocols TLSv1.3;
ssl_session_cache shared:ssl-modern:20m;
ssl_session_cache shared:ssl-modern:10m;
ssl_prefer_server_ciphers off;
ssl_early_data on;

View File

@ -1,7 +1,7 @@
include snip.d/tls-common;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
ssl_session_cache shared:tls-old:20m;
ssl_session_cache shared:tls-old:10m;
ssl_prefer_server_ciphers on;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA;