forked from thundernet8/GithubProfile
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathnginx.conf
More file actions
152 lines (131 loc) · 6.24 KB
/
nginx.conf
File metadata and controls
152 lines (131 loc) · 6.24 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
worker_processes 4;
# Keep logs of events http://nginx.org/en/docs/ngx_core_module.html#error_log
# error_log /var/log/nginx-error.log info;
events {
# It's the key to high performance - have a lot of connections available
# To check your server's limits limits, run these 2 commands ["ulimit -Hn", "ulimit -Sn"]
# Max # of clients = worker_connections * worker_processes
# Total # of users you can serve per second = worker_processes * worker_connections / (keepalive_timeout * 2)
worker_connections 2048;
# Use epoll, an I/O processing method that can enhance performance an is commonly used within Linux
# http://nginx.org/en/docs/events.html
use epoll;
# If multi_accept is disabled, a worker process will accept one new connection at a time.
# Otherwise, a worker process will accept all new connections at a time.
# http://nginx.org/en/docs/ngx_core_module.html#multi_accept
multi_accept on;
}
http {
upstream gp-ssr {
server ssrnode:8082;
}
upstream gp-api {
server apinode:8000;
}
upstream gp-ws {
server apinode:8999;
}
# The processing rate of requests coming from a single IP address
# Create a rule to be used on defined server locations defined below inside "server {...}"
limit_req_zone $binary_remote_addr zone=one:10m rate=18000r/m;
# Allow X Connections per an IP address at a time
# It is individually defined below inside "server {...}" for each location
limit_conn_zone $binary_remote_addr zone=addr:10m;
# Timeout for HTTP keep-alive connections
#
# https://en.wikipedia.org/wiki/HTTP_persistent_connection
keepalive_timeout 65;
keepalive_requests 100000; # Amount of keep-alive connections to allow at a time
# Allows using sendfile() to transfer data directly in the kernel space
# http://nginx.org/en/docs/http/ngx_http_core_module.html#sendfile
sendfile on;
tcp_nopush on; # Allows sending a file in full packets in FreeBSD & Linux
tcp_nodelay on; # Forces sockets to send the data they have in their buffer
# Sets buffer size for reading client request body.
# In case the request body is larger than the buffer, the whole body or only its part is written to a temporary file
client_body_buffer_size 128k;
# Allow a maximum body size of the client request (specified in the “Content-Length” request header field)
client_max_body_size 10m;
# Allow up to this buffer size for reading client request headers. For most requests, a buffer of 1K bytes is enough
client_header_buffer_size 1k;
# A request line cannot exceed the size of one buffer, or the 414 (Request-URI Too Large) error is returned to the client
large_client_header_buffers 4 4k;
server {
listen 80;
server_name www.example.com;
index index.html index.htm index.php default.html default.htm default.php;
server_tokens off;
gzip on;
gzip_disable "MSIE [1-6]\.";
gzip_comp_level 5;
gzip_vary on;
gzip_min_length 1000;
gzip_proxied any;
gzip_types application/x-javascript text/css application/javascript text/javascript text/plain text/xml application/json application/vnd.ms-fontobject application/x-font-opentype application/x-font-truetype application/x-font-ttf application/xml font/eot font/opentype font/otf image/svg+xml image/vnd.microsoft.icon;
gzip_buffers 16 8k;
client_max_body_size 8M;
location ^~ /ws/ {
proxy_pass http://gp-ws;
proxy_redirect http:// https://;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $remote_addr;
proxy_set_header X-Forwarded-Port $remote_port;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-NginX-Proxy true;
proxy_connect_timeout 2;
proxy_buffer_size 4k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
proxy_temp_path /etc/nginx/proxy_temp;
proxy_send_timeout 600;
proxy_read_timeout 600;
}
location ^~ /api/ {
proxy_pass http://gp-api;
proxy_redirect http:// https://;
proxy_http_version 1.1;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-NginX-Proxy true;
proxy_connect_timeout 2;
proxy_buffer_size 4k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
proxy_temp_path /etc/nginx/proxy_temp;
proxy_send_timeout 600;
proxy_read_timeout 600;
}
location / {
proxy_pass http://gp-ssr;
proxy_redirect http:// https://;
proxy_http_version 1.1;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-NginX-Proxy true;
proxy_connect_timeout 2;
proxy_buffer_size 4k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
proxy_temp_path /etc/nginx/proxy_temp;
proxy_send_timeout 600;
proxy_read_timeout 600;
}
location ~ /\.
{
deny all;
}
access_log /home/wwwlogs/gp.log;
}
}