From 18fda4674ec33bca58fee5ab8c4e7a16f07a2dee Mon Sep 17 00:00:00 2001 From: vchikalkin Date: Thu, 15 Feb 2024 13:48:50 +0300 Subject: [PATCH] optimize nginx --- config/http/nginx.conf | 44 +++++++++++++++++++++++++++++++++++++++++ config/nginx.auth.conf | 11 +++-------- config/nginx.off.conf | 12 +++-------- docker-compose.auth.yml | 1 + docker-compose.off.yml | 1 + 5 files changed, 52 insertions(+), 17 deletions(-) create mode 100644 config/http/nginx.conf diff --git a/config/http/nginx.conf b/config/http/nginx.conf new file mode 100644 index 0000000..c9ccd26 --- /dev/null +++ b/config/http/nginx.conf @@ -0,0 +1,44 @@ + user nginx; + worker_processes auto; + + error_log /var/log/nginx/error.log notice; + pid /var/run/nginx.pid; + + +events { + worker_connections 1024; +} + + +http { + include /etc/nginx/mime.types; + default_type application/octet-stream; + + + limit_req_zone $binary_remote_addr zone=req_limit_per_ip:10m rate=2r/s; + limit_conn_zone $binary_remote_addr zone=conn_limit_per_ip:10m; + + log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + + access_log off; + + sendfile on; + #tcp_nopush on; + + keepalive_timeout 65; + + #gzip on; + + include /etc/nginx/conf.d/*.conf; + + # Compression + gzip on; + gzip_min_length 1000; + gzip_proxied any; + gzip_comp_level 1; + gzip_types text/css text/javascript text/xml text/plain text/x-component application/javascript application/json application/xml application/rss+xml font/truetype font/opentype application/vnd.ms-fontobject image/svg+xml; + gzip_vary on; + gzip_disable "msie6"; +} \ No newline at end of file diff --git a/config/nginx.auth.conf b/config/nginx.auth.conf index 2b15363..ff32646 100644 --- a/config/nginx.auth.conf +++ b/config/nginx.auth.conf @@ -22,14 +22,6 @@ server { listen 80; include /etc/nginx/mime.types; - gzip on; - gzip_min_length 1000; - gzip_proxied any; - gzip_comp_level 1; - gzip_types text/css text/javascript text/xml text/plain text/x-component application/javascript application/json application/xml application/rss+xml font/truetype font/opentype application/vnd.ms-fontobject image/svg+xml; - gzip_vary on; - gzip_disable "msie6"; - error_page 401 /login; @@ -55,6 +47,9 @@ server { } location / { + limit_req zone=req_limit_per_ip burst=5 nodelay; + limit_conn conn_limit_per_ip 10; + proxy_pass http://app; proxy_http_version 1.1; diff --git a/config/nginx.off.conf b/config/nginx.off.conf index 3fe7d9a..b3e91a6 100644 --- a/config/nginx.off.conf +++ b/config/nginx.off.conf @@ -9,16 +9,10 @@ server { listen 80; include /etc/nginx/mime.types; - gzip on; - gzip_min_length 1000; - gzip_proxied any; - gzip_comp_level 1; - gzip_types text/css text/javascript text/xml text/plain text/x-component application/javascript application/json application/xml application/rss+xml font/truetype font/opentype application/vnd.ms-fontobject image/svg+xml; - gzip_vary on; - gzip_disable "msie6"; - - location / { + limit_req zone=req_limit_per_ip burst=5 nodelay; + limit_conn conn_limit_per_ip 10; + proxy_pass http://app; proxy_http_version 1.1; diff --git a/docker-compose.auth.yml b/docker-compose.auth.yml index b40e317..04224ae 100644 --- a/docker-compose.auth.yml +++ b/docker-compose.auth.yml @@ -13,6 +13,7 @@ services: volumes: - ./config/nginx.auth.conf:/etc/nginx/templates/default.conf.template - ./config/include:/etc/nginx/include + - ./config/http/nginx.conf:/etc/nginx/nginx.conf restart: always networks: - auth_network diff --git a/docker-compose.off.yml b/docker-compose.off.yml index 55b846e..82ac871 100644 --- a/docker-compose.off.yml +++ b/docker-compose.off.yml @@ -11,6 +11,7 @@ services: volumes: - ./config/nginx.off.conf:/etc/nginx/templates/default.conf.template - ./config/include:/etc/nginx/include + - ./config/http/nginx.conf:/etc/nginx/nginx.conf restart: always networks: - app_network