kopia lustrzana https://github.com/alecmuffett/eotk
commit: nginx cache rework
rodzic
6946f965a2
commit
5fa78eee04
2
eotk
2
eotk
|
@ -524,7 +524,7 @@ case "$cmd" in
|
||||||
|
|
||||||
Print building OnionBalance configurations...
|
Print building OnionBalance configurations...
|
||||||
(
|
(
|
||||||
echo LOG_LEVEL: debug
|
echo LOG_LEVEL: info
|
||||||
echo TOR_ADDRESS: $tor_address
|
echo TOR_ADDRESS: $tor_address
|
||||||
echo TOR_PORT: $tor_port
|
echo TOR_PORT: $tor_port
|
||||||
echo REFRESH_INTERVAL: 600
|
echo REFRESH_INTERVAL: 600
|
||||||
|
|
|
@ -343,6 +343,7 @@ sub DoProject {
|
||||||
|
|
||||||
# in-template settings
|
# in-template settings
|
||||||
|
|
||||||
|
&SetEnv("nginx_cache_min_uses", 2);
|
||||||
&SetEnv("nginx_cache_size", "16m");
|
&SetEnv("nginx_cache_size", "16m");
|
||||||
&SetEnv("nginx_cache_seconds", 0);
|
&SetEnv("nginx_cache_seconds", 0);
|
||||||
&SetEnv("nginx_hello_onion", 1);
|
&SetEnv("nginx_hello_onion", 1);
|
||||||
|
@ -372,6 +373,9 @@ sub DoProject {
|
||||||
&SetEnv("block_location", "");
|
&SetEnv("block_location", "");
|
||||||
&SetEnv("block_location_re", "");
|
&SetEnv("block_location_re", "");
|
||||||
|
|
||||||
|
&SetEnv("no_cache_content_type", "");
|
||||||
|
&SetEnv("no_cache_host", "");
|
||||||
|
|
||||||
&SetEnv("SCRIPT_NAMES", "bounce.sh debugoff.sh debugon.sh harvest.sh maps.sh nxreload.sh start.sh status.sh stop.sh syntax.sh torreload.sh");
|
&SetEnv("SCRIPT_NAMES", "bounce.sh debugoff.sh debugon.sh harvest.sh maps.sh nxreload.sh start.sh status.sh stop.sh syntax.sh torreload.sh");
|
||||||
&SetEnv("SCRIPT_PAUSE", 5);
|
&SetEnv("SCRIPT_PAUSE", 5);
|
||||||
|
|
||||||
|
|
|
@ -28,11 +28,14 @@ my %known =
|
||||||
'PROJECTS_HOME' => 1, # where the projects live
|
'PROJECTS_HOME' => 1, # where the projects live
|
||||||
|
|
||||||
# in-template settings
|
# in-template settings
|
||||||
|
'BLOCK_ERR' => 1,
|
||||||
'BLOCK_HOST' => 1,
|
'BLOCK_HOST' => 1,
|
||||||
'BLOCK_HOST_RE' => 1,
|
'BLOCK_HOST_RE' => 1,
|
||||||
'BLOCK_LOCATION' => 1,
|
'BLOCK_LOCATION' => 1,
|
||||||
'BLOCK_LOCATION_RE' => 1,
|
'BLOCK_LOCATION_RE' => 1,
|
||||||
|
'FOREIGNMAP_CSV' => 1,
|
||||||
'IS_SOFTMAP' => 1,
|
'IS_SOFTMAP' => 1,
|
||||||
|
'NGINX_CACHE_MIN_USES' => 1,
|
||||||
'NGINX_CACHE_SECONDS' => 1,
|
'NGINX_CACHE_SECONDS' => 1,
|
||||||
'NGINX_CACHE_SIZE' => 1,
|
'NGINX_CACHE_SIZE' => 1,
|
||||||
'NGINX_HELLO_ONION' => 1,
|
'NGINX_HELLO_ONION' => 1,
|
||||||
|
@ -43,6 +46,8 @@ my %known =
|
||||||
'NGINX_TEMPLATE' => 1,
|
'NGINX_TEMPLATE' => 1,
|
||||||
'NGINX_TIMEOUT' => 1,
|
'NGINX_TIMEOUT' => 1,
|
||||||
'NGINX_WORKERS' => 1,
|
'NGINX_WORKERS' => 1,
|
||||||
|
'NO_CACHE_CONTENT_TYPE' => 1,
|
||||||
|
'NO_CACHE_HOST' => 1,
|
||||||
'SOFTMAP_NGINX_WORKERS' => 1,
|
'SOFTMAP_NGINX_WORKERS' => 1,
|
||||||
'SOFTMAP_TOR_WORKERS' => 1,
|
'SOFTMAP_TOR_WORKERS' => 1,
|
||||||
'SUPPRESS_HEADER_CSP' => 1,
|
'SUPPRESS_HEADER_CSP' => 1,
|
||||||
|
|
|
@ -28,15 +28,16 @@ http {
|
||||||
resolver %NGINX_RESOLVER% valid=%NGINX_TIMEOUT%s %NGINX_RESOLVER_FLAGS%;
|
resolver %NGINX_RESOLVER% valid=%NGINX_TIMEOUT%s %NGINX_RESOLVER_FLAGS%;
|
||||||
resolver_timeout %NGINX_TIMEOUT%s;
|
resolver_timeout %NGINX_TIMEOUT%s;
|
||||||
|
|
||||||
# internal connection buffers; these are quite large, need space to
|
# we walk a line between keeping it small and flooding resources...
|
||||||
# swallow entire SSL headers because we're being a MITM...
|
|
||||||
proxy_buffering on;
|
proxy_buffering on;
|
||||||
proxy_buffers 16 64k;
|
proxy_buffer_size 64k; # for initial; impacts SSL header
|
||||||
proxy_buffer_size 64k;
|
proxy_buffers 16 64k; # for rest of response
|
||||||
proxy_busy_buffers_size 512k;
|
proxy_busy_buffers_size 256k; # how much can be busy sending to client?
|
||||||
proxy_max_temp_file_size 2048k;
|
|
||||||
|
# in case we want to start spooling responses locally
|
||||||
|
proxy_temp_path /tmp/nginx-proxy-%PROJECT%;
|
||||||
|
proxy_max_temp_file_size 64m; # < default(1024m)
|
||||||
proxy_temp_file_write_size 64k;
|
proxy_temp_file_write_size 64k;
|
||||||
proxy_temp_path "/tmp";
|
|
||||||
|
|
||||||
%%IF %NGINX_CACHE_SECONDS%
|
%%IF %NGINX_CACHE_SECONDS%
|
||||||
# nginx caching static responses for %NGINX_CACHE_SECONDS% seconds
|
# nginx caching static responses for %NGINX_CACHE_SECONDS% seconds
|
||||||
|
@ -45,10 +46,31 @@ http {
|
||||||
# https://nginx.org/en/docs/http/ngx_http_proxy_module.html
|
# https://nginx.org/en/docs/http/ngx_http_proxy_module.html
|
||||||
proxy_cache_path /tmp/nginx-cache-%PROJECT% levels=1:2 keys_zone=%PROJECT%:%NGINX_CACHE_SIZE%;
|
proxy_cache_path /tmp/nginx-cache-%PROJECT% levels=1:2 keys_zone=%PROJECT%:%NGINX_CACHE_SIZE%;
|
||||||
proxy_cache %PROJECT%;
|
proxy_cache %PROJECT%;
|
||||||
|
proxy_cache_min_uses %NGINX_CACHE_MIN_USES%;
|
||||||
proxy_cache_revalidate on;
|
proxy_cache_revalidate on;
|
||||||
proxy_cache_use_stale timeout updating;
|
proxy_cache_use_stale timeout updating;
|
||||||
# "proxy_cache_valid any" includes things like 404s
|
proxy_cache_valid any %NGINX_CACHE_SECONDS%s; # "any" includes 404s, etc
|
||||||
proxy_cache_valid any %NGINX_CACHE_SECONDS%s;
|
|
||||||
|
# content-types not to cache
|
||||||
|
map $http_content_type $no_cache_content_type {
|
||||||
|
%%CSV %NO_CACHE_CONTENT_TYPE%
|
||||||
|
%1% 1;
|
||||||
|
%%ENDCSV
|
||||||
|
default 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
# hosts not to cache
|
||||||
|
map $http_host $no_cache_host {
|
||||||
|
hostnames;
|
||||||
|
%%CSV %NO_CACHE_HOST%
|
||||||
|
%1% 1;
|
||||||
|
%%ENDCSV
|
||||||
|
default 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
# so, should we skip caching this stuff for some reason?
|
||||||
|
proxy_no_cache $no_cache_content_type $no_cache_host;
|
||||||
|
proxy_cache_bypass $no_cache_content_type $no_cache_host;
|
||||||
%%ELSE
|
%%ELSE
|
||||||
# nginx caching disabled
|
# nginx caching disabled
|
||||||
%%ENDIF
|
%%ENDIF
|
||||||
|
|
Ładowanie…
Reference in New Issue