From 60fbbc101372da31d1a951a748b012e7e0ec9d0d Mon Sep 17 00:00:00 2001 From: bunkerity Date: Sat, 14 Nov 2020 14:19:27 +0100 Subject: [PATCH] move some http directives to server --- confs/global/nginx.conf | 11 +---------- confs/site/open-file-cache.conf | 4 ++++ confs/site/server.conf | 3 +++ entrypoint/defaults.sh | 9 +++++---- entrypoint/global-config.sh | 8 -------- entrypoint/site-config.sh | 17 +++++++++++++++++ 6 files changed, 30 insertions(+), 22 deletions(-) create mode 100644 confs/site/open-file-cache.conf diff --git a/confs/global/nginx.conf b/confs/global/nginx.conf index 6afd9ab..a02a954 100644 --- a/confs/global/nginx.conf +++ b/confs/global/nginx.conf @@ -47,9 +47,6 @@ http { include /etc/nginx/mime.types; default_type application/octet-stream; - # maximum request body size - client_max_body_size %MAX_CLIENT_SIZE%; - # write logs to local syslog access_log syslog:server=unix:/dev/log,nohostname,facility=local0,severity=notice combined; error_log syslog:server=unix:/dev/log,nohostname,facility=local0 warn; @@ -61,9 +58,6 @@ http { uwsgi_temp_path /tmp/uwsgi_temp; scgi_temp_path /tmp/scgi_temp; - # load caching custom config - include /etc/nginx/cache.conf; - # close connections in FIN_WAIT1 state reset_timedout_connection on; @@ -73,9 +67,6 @@ http { keepalive_timeout 15; send_timeout 10; - # enable/disable sending nginx version - server_tokens %SERVER_TOKENS%; - # resolvers to use resolver %DNS_RESOLVERS% ipv6=off; @@ -96,7 +87,7 @@ http { # list of blocked country %BLOCK_COUNTRY% - # list of blocker user agents + # list of blocked user agents %BLOCK_USER_AGENT% # custom http confs diff --git a/confs/site/open-file-cache.conf b/confs/site/open-file-cache.conf new file mode 100644 index 0000000..8324dcd --- /dev/null +++ b/confs/site/open-file-cache.conf @@ -0,0 +1,4 @@ +open_file_cache %OPEN_FILE_CACHE%; +open_file_cache_errors %OPEN_FILE_CACHE_ERRORS%; +open_file_cache_min_uses %OPEN_FILE_CACHE_MIN_USES%; +open_file_cache_valid %OPEN_FILE_CACHE_VALID%; diff --git a/confs/site/server.conf b/confs/site/server.conf index eff1451..0544142 100644 --- a/confs/site/server.conf +++ b/confs/site/server.conf @@ -34,4 +34,7 @@ server { %USE_CLIENT_CACHE% %USE_GZIP% %USE_BROTLI% + client_max_body_size %MAX_CLIENT_SIZE%; + server_tokens %SERVER_TOKENS%; + %USE_OPEN_FILE_CACHE% } diff --git a/entrypoint/defaults.sh b/entrypoint/defaults.sh index 7ec494b..0fbfe9b 100644 --- a/entrypoint/defaults.sh +++ b/entrypoint/defaults.sh @@ -8,10 +8,11 @@ USE_CLIENT_CACHE="${USE_CLIENT_CACHE-no}" CLIENT_CACHE_EXTENSIONS="${CLIENT_CACHE_EXTENSIONS-jpg|jpeg|png|bmp|ico|svg|tif|css|js|otf|ttf|eot|woff|woff2}" CLIENT_CACHE_CONTROL="${CLIENT_CACHE_CONTROL-public, max-age=15552000}" CLIENT_CACHE_ETAG="${CLIENT_CACHE_ETAG-on}" -CACHE="${CACHE-max=1000 inactive=60s}" -CACHE_ERRORS="${CACHE_ERRORS-on}" -CACHE_USES="${CACHE_USES-1}" -CACHE_VALID="${CACHE_VALID-60s}" +USE_OPEN_FILE_CACHE="${USE_OPEN_FILE_CACHE-no}" +OPEN_FILE_CACHE="${OPEN_FILE_CACHE-max=1000 inactive=20s}" +OPEN_FILE_CACHE_ERRORS="${OPEN_FILE_CACHE_ERRORS-on}" +OPEN_FILE_CACHE_MIN_USES="${OPEN_FILE_CACHE_MIN_USES-2}" +OPEN_FILE_CACHE_VALID="${OPEN_FILE_CACHE_VALID-30s}" USE_GZIP="${USE_GZIP-no}" GZIP_COMP_LEVEL="${GZIP_COMP_LEVEL-5}" GZIP_MIN_LENGTH="${GZIP_MIN_LENGTH-1000}" diff --git a/entrypoint/global-config.sh b/entrypoint/global-config.sh index fc9e9d3..e9af5a1 100644 --- a/entrypoint/global-config.sh +++ b/entrypoint/global-config.sh @@ -31,14 +31,6 @@ else replace_in_file "/etc/nginx/nginx.conf" "%INCLUDE_SERVER%" "include /etc/nginx/server.conf;" fi -# global values -replace_in_file "/etc/nginx/nginx.conf" "%MAX_CLIENT_SIZE%" "$MAX_CLIENT_SIZE" -replace_in_file "/etc/nginx/nginx.conf" "%SERVER_TOKENS%" "$SERVER_TOKENS" -replace_in_file "/etc/nginx/cache.conf" "%CACHE%" "$CACHE" -replace_in_file "/etc/nginx/cache.conf" "%CACHE_ERRORS%" "$CACHE_ERRORS" -replace_in_file "/etc/nginx/cache.conf" "%CACHE_USES%" "$CACHE_USES" -replace_in_file "/etc/nginx/cache.conf" "%CACHE_VALID%" "$CACHE_VALID" - # let's encrypt setup if [ "$AUTO_LETS_ENCRYPT" = "yes" ] ; then FIRST_SERVER_NAME=$(echo "$SERVER_NAME" | cut -d " " -f 1) diff --git a/entrypoint/site-config.sh b/entrypoint/site-config.sh index 1fa3fcd..9ff62c7 100644 --- a/entrypoint/site-config.sh +++ b/entrypoint/site-config.sh @@ -36,6 +36,23 @@ else replace_in_file "${NGINX_PREFIX}server.conf" "%SERVER_CONF%" "include /server-confs/*.conf;" fi +# max body size +replace_in_file "{NGINX_PREFIX}server.conf" "%MAX_CLIENT_SIZE%" "$MAX_CLIENT_SIZE" + +# server tokens +replace_in_file "{NGINX_PREFIX}server.conf" "%SERVER_TOKENS%" "$SERVER_TOKENS" + +# file metadata caching +if [ "$USE_OPEN_FILE_CACHE" = "yes" ] ; then + replace_in_file "${NGINX_PREFIX}server.conf" "%USE_OPEN_FILE_CACHE%" "include ${NGINX_PREFIX}open-file-cache.conf;" + replace_in_file "${NGINX_PREFIX}open-file-cache.conf" "%OPEN_FILE_CACHE%" "$OPEN_FILE_CACHE" + replace_in_file "${NGINX_PREFIX}open-file-cache.conf" "%OPEN_FILE_CACHE_ERRORS%" "$OPEN_FILE_CACHE_ERRORS" + replace_in_file "${NGINX_PREFIX}open-file-cache.conf" "%OPEN_FILE_CACHE_MIN_USES%" "$OPEN_FILE_CACHE_MIN_USES" + replace_in_file "${NGINX_PREFIX}open-file-cache.conf" "%OPEN_FILE_CACHE_VALID%" "$OPEN_FILE_CACHE_VALID" +else + replace_in_file "${NGINX_PREFIX}server.conf" "%OPEN_FILE_CACHE%" "" +fi + # client caching if [ "$USE_CLIENT_CACHE" = "yes" ] ; then replace_in_file "${NGINX_PREFIX}server.conf" "%USE_CLIENT_CACHE%" "include ${NGINX_PREFIX}client-cache.conf;"