forked from fediversity/fediversity
Added first nginx optimization blocks.
This commit is contained in:
Hans van Zijst
parent
ada96f3d10
commit
32989bb166
GPG key ID:
43DBCC37BFDEFD72
3 changed files with 154 additions and 2 deletions
|
|
@ -33,6 +33,44 @@ keep things manageable, most of those tweaks go into separate configuration
|
|||
files that are either automatically included (those under `/etc/nginx/conf.d`)
|
||||
or explicitly where we need them (those under `/etc/nginx/snippets`).
|
||||
|
||||
Let's start with a few settings that affect nginx as a whole. Edit these
|
||||
options in `/etc/nginx/nginx.conf`:
|
||||
|
||||
```
|
||||
pcre_jit on;
|
||||
worker_rlimit_nofile 8192;
|
||||
worker_connections 4096;
|
||||
multi_accept off;
|
||||
gzip_comp_level 2;
|
||||
gzip_types application/javascript application/json application/x-javascript application/xml application/xml+rss image/svg+xml text/css text/javascript text/plain text/xml;
|
||||
gzip_min_length 1000;
|
||||
gzip_disable "MSIE [1-6]\.";
|
||||
```
|
||||
|
||||
We're going to use lots of regular expressions in our config, `pcre_jit on`
|
||||
speeds those up considerably. Workers get 8K open files, and we want 4096
|
||||
workers instead of the default 768. Workers can only accept one connection,
|
||||
which is (in almost every case) proxy_forwarded, so we set `multi_accept off`.
|
||||
|
||||
We change `gzip_comp_level` from 6 to 2, we expand the list of content that is
|
||||
to be gzipped, and don't zip anything shorter than 1000 characters, instead of
|
||||
the default 20. MSIE can take a hike...
|
||||
|
||||
These are tweaks for the connection, save this in `/etc/ngnix/conf.d/conn_optimize.conf`.
|
||||
|
||||
```
|
||||
client_body_buffer_size 32m;
|
||||
client_header_buffer_size 32k;
|
||||
client_max_body_size 1g;
|
||||
http2_max_concurrent_streams 128;
|
||||
keepalive_timeout 65;
|
||||
keepalive_requests 100;
|
||||
large_client_header_buffers 4 16k;
|
||||
server_names_hash_bucket_size 128;
|
||||
tcp_nodelay on;
|
||||
server_tokens off;
|
||||
```
|
||||
|
||||
For every `proxy_forward` we want to configure several settings, and because
|
||||
we don't want to include the same list of settings every time, we put all of
|
||||
them in one snippet of code, that we can include every time we need it.
|
||||
|
|
@ -172,5 +210,3 @@ location ~ ^(/_matrix/client/(r0|v3)/sync|/_matrix/client/(api/v1|r0|v3)/events|
|
|||
proxy_pass http://syncworkers;
|
||||
}
|
||||
|
||||
That's the concept.
|
||||
|
||||
|
|
|
|||
99
matrix/nginx/workers/locations.conf
Normal file
99
matrix/nginx/workers/locations.conf
Normal file
|
|
@ -0,0 +1,99 @@
|
|||
# Account-data
|
||||
location ~ ^(/_matrix/client/(r0|v3|unstable)/.*/tags|/_matrix/client/(r0|v3|unstable)/.*/account_data) {
|
||||
include snippets/proxy.conf;
|
||||
proxy_pass http://account_data;
|
||||
}
|
||||
|
||||
# Typing
|
||||
location ~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/typing {
|
||||
include snippets/proxy.conf;
|
||||
proxy_pass http://typing;
|
||||
}
|
||||
|
||||
# Receipts
|
||||
location ~ ^(/_matrix/client/(r0|v3|unstable)/rooms/.*/receipt|/_matrix/client/(r0|v3|unstable)/rooms/.*/read_markers) {
|
||||
include snippets/proxy.conf;
|
||||
proxy_pass http://receipts;
|
||||
}
|
||||
|
||||
# Presence
|
||||
location ~ ^/_matrix/client/(api/v1|r0|v3|unstable)/presence/ {
|
||||
include snippets/proxy.conf;
|
||||
proxy_pass http://presence;
|
||||
}
|
||||
|
||||
# To device
|
||||
location ~ ^/_matrix/client/(r0|v3|unstable)/sendToDevice/ {
|
||||
include snippets/proxy.conf;
|
||||
proxy_pass http://todevice;
|
||||
}
|
||||
|
||||
# Push rules
|
||||
location ~ ^/_matrix/client/(api/v1|r0|v3|unstable)/pushrules/ {
|
||||
include snippets/proxy.conf;
|
||||
proxy_pass http://push_rules;
|
||||
}
|
||||
|
||||
# Userdir
|
||||
location ~ ^/_matrix/client/(r0|v3|unstable)/user_directory/search$ {
|
||||
include snippets/proxy.conf;
|
||||
proxy_pass http://userdir;
|
||||
}
|
||||
|
||||
# Media, users1
|
||||
location ~* ^/_matrix/((client|federation)/[^/]+/)media/ {
|
||||
include snippets/proxy.conf;
|
||||
proxy_pass http://media;
|
||||
}
|
||||
# Media, users2
|
||||
location ~* ^/_matrix/media/v3/upload {
|
||||
include snippets/proxy.conf;
|
||||
proxy_pass http://media;
|
||||
}
|
||||
|
||||
# Media, admin
|
||||
location ~ ^/_synapse/admin/v1/(purge_)?(media(_cache)?|room|user|quarantine_media|users)/[\s\S]+|media$ {
|
||||
include snippets/private.conf;
|
||||
include snippets/proxy.conf;
|
||||
proxy_pass http://media;
|
||||
}
|
||||
|
||||
# Login
|
||||
location ~ ^(/_matrix/client/(api/v1|r0|v3|unstable)/login|/_matrix/client/(r0|v3|unstable)/register|/_matrix/client/(r0|v3|unstable)/register/available|/_matrix/client/v1/register/m.login.registration_token/validity|/_matrix/client/(r0|v3|unstable)/password_policy)$ {
|
||||
include snippets/proxy.conf;
|
||||
proxy_pass http://login;
|
||||
}
|
||||
|
||||
# Normal/initial sync
|
||||
location ~ ^/_matrix/client/(r0|v3)/sync$ {
|
||||
include snippets/proxy.conf;
|
||||
proxy_pass http://$sync;
|
||||
}
|
||||
|
||||
# Normal sync
|
||||
location ~ ^/_matrix/client/(api/v1|r0|v3)/events$ {
|
||||
include snippets/proxy.conf;
|
||||
proxy_pass http://normal_sync;
|
||||
}
|
||||
|
||||
# Initial sync
|
||||
location ~ ^/_matrix/client/(api/v1|r0|v3)/initialSync$ {
|
||||
include snippets/proxy.conf;
|
||||
proxy_pass http://initial_sync;
|
||||
}
|
||||
location ~ ^/_matrix/client/(api/v1|r0|v3)/rooms/[^/]+/initialSync$ {
|
||||
include snippets/proxy.conf;
|
||||
proxy_pass http://initial_sync;
|
||||
}
|
||||
|
||||
# Federation readers
|
||||
location ~ ^(/_matrix/federation/v1/event/|/_matrix/federation/v1/state/|/_matrix/federation/v1/state_ids/|/_matrix/federation/v1/backfill/|/_matrix/federation/v1/get_missing_events/|/_matrix/federation/v1/publicRooms|/_matrix/federation/v1/query/|/_matrix/federation/v1/make_join/|/_matrix/federation/v1/make_leave/|/_matrix/federation/(v1|v2)/send_join/|/_matrix/federation/(v1|v2)/send_leave/|/_matrix/federation/v1/make_knock/|/_matrix/federation/v1/send_knock/|/_matrix/federation/(v1|v2)/invite/|/_matrix/federation/v1/event_auth/|/_matrix/federation/v1/timestamp_to_event/|/_matrix/federation/v1/exchange_third_party_invite/|/_matrix/federation/v1/user/devices/|/_matrix/key/v2/query|/_matrix/federation/v1/hierarchy/|/_matrix/federation/v1/send/) {
|
||||
include snippets/proxy.conf;
|
||||
proxy_pass http://incoming_federation;
|
||||
}
|
||||
|
||||
# Main thread for all the rest
|
||||
location / {
|
||||
include snippets/proxy.conf;
|
||||
proxy_pass http://inbound_main;
|
||||
|
||||
17
matrix/nginx/workers/proxy_forward.conf
Normal file
17
matrix/nginx/workers/proxy_forward.conf
Normal file
|
|
@ -0,0 +1,17 @@
|
|||
proxy_connect_timeout 2s;
|
||||
proxy_buffering off;
|
||||
proxy_http_version 1.1;
|
||||
proxy_read_timeout 3600s;
|
||||
proxy_redirect off;
|
||||
proxy_send_timeout 120s;
|
||||
proxy_socket_keepalive on;
|
||||
proxy_ssl_verify off;
|
||||
|
||||
proxy_set_header Accept-Encoding "";
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
proxy_set_header Connection $connection_upgrade;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
|
||||
client_max_body_size 50M;
|
||||
Loading…
Add table
Reference in a new issue