From 901b400823ce506990a4f8b39cde662933b487cb Mon Sep 17 00:00:00 2001 From: Saylor Berman Date: Thu, 7 Sep 2023 11:53:39 -0600 Subject: [PATCH] Optimize default nginx config (#1040) Problem: We want to ensure that the default nginx configuration uses the best possible options for performance and stability. Solution: Using NGINX Ingress Controller as a guide, added options to increase performance, set the common X-Forwarded-For header, and allow standard media types. --- internal/mode/static/nginx/conf/nginx.conf | 15 +++++++++++++-- .../mode/static/nginx/config/servers_template.go | 1 + 2 files changed, 14 insertions(+), 2 deletions(-) diff --git a/internal/mode/static/nginx/conf/nginx.conf b/internal/mode/static/nginx/conf/nginx.conf index 74af2ee4db..1abe5c879a 100644 --- a/internal/mode/static/nginx/conf/nginx.conf +++ b/internal/mode/static/nginx/conf/nginx.conf @@ -1,13 +1,21 @@ load_module /usr/lib/nginx/modules/ngx_http_js_module.so; -events {} +worker_processes auto; pid /var/run/nginx/nginx.pid; -error_log stderr debug; +error_log stderr info; + +events { + worker_connections 1024; +} http { include /etc/nginx/conf.d/*.conf; + include /etc/nginx/mime.types; js_import /usr/lib/nginx/modules/njs/httpmatches.js; + + default_type application/octet-stream; + proxy_headers_hash_bucket_size 512; proxy_headers_hash_max_size 1024; server_names_hash_bucket_size 256; @@ -15,6 +23,9 @@ http { variables_hash_bucket_size 512; variables_hash_max_size 1024; + sendfile on; + tcp_nopush on; + server { listen unix:/var/run/nginx/nginx-status.sock; access_log off; diff --git a/internal/mode/static/nginx/config/servers_template.go b/internal/mode/static/nginx/config/servers_template.go index 2a62a4fab7..38321d9f42 100644 --- a/internal/mode/static/nginx/config/servers_template.go +++ b/internal/mode/static/nginx/config/servers_template.go @@ -51,6 +51,7 @@ server { proxy_set_header {{ $h.Name }} "{{ $h.Value }}"; {{- end }} proxy_set_header Host $gw_api_compliant_host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $connection_upgrade;