[server] nginx configuration improvements
- Use keepalives - Update deprecated http2 syntax - Document how to check config Refs: - https://www.nginx.com/blog/avoiding-top-10-nginx-configuration-mistakes/#no-keepalives - https://github.com/nginxinc/kubernetes-ingress/issues/4237 - https://stackoverflow.com/questions/65944578/how-to-get-nginx-running-in-docker-to-reload-nginx-conf-configuration
This commit is contained in:
parent
8b643549fe
commit
407eca5414
3 changed files with 18 additions and 3 deletions
|
@ -62,3 +62,12 @@ We can see this in the default configuration of nginx:
|
||||||
This is a [handy tool](https://nginx-playground.wizardzines.com) to check the
|
This is a [handy tool](https://nginx-playground.wizardzines.com) to check the
|
||||||
syntax of the configuration files. Alternatively, you can run `docker exec nginx
|
syntax of the configuration files. Alternatively, you can run `docker exec nginx
|
||||||
nginx -t` on the instance to ask nginx to check the configuration.
|
nginx -t` on the instance to ask nginx to check the configuration.
|
||||||
|
|
||||||
|
## Updating configuration
|
||||||
|
|
||||||
|
Nginx configuration files can be changed without needing to restart anything.
|
||||||
|
|
||||||
|
1. Update the configuration file at `/root/nginx/conf.d/museum.conf`
|
||||||
|
2. Verify that there are no errors in the configuration by using `sudo docker
|
||||||
|
exec nginx nginx -t`.
|
||||||
|
3. Ask nginx to reload the configuration `sudo systemctl reload nginx`.
|
||||||
|
|
|
@ -62,7 +62,7 @@ To bring up an additional museum node:
|
||||||
sudo mkdir -p /root/museum/data/billing
|
sudo mkdir -p /root/museum/data/billing
|
||||||
sudo mv *.json /root/museum/data/billing/
|
sudo mv *.json /root/museum/data/billing/
|
||||||
|
|
||||||
* If not running behind Nginx, add the TLS credentials (otherwise add the to
|
* If not running behind Nginx, add the TLS credentials (otherwise add them to
|
||||||
Nginx)
|
Nginx)
|
||||||
|
|
||||||
sudo tee /root/museum/credentials/tls.cert
|
sudo tee /root/museum/credentials/tls.cert
|
||||||
|
|
|
@ -4,11 +4,15 @@
|
||||||
upstream museum {
|
upstream museum {
|
||||||
# https://nginx.org/en/docs/http/ngx_http_upstream_module.html
|
# https://nginx.org/en/docs/http/ngx_http_upstream_module.html
|
||||||
server host.docker.internal:8080 max_conns=50;
|
server host.docker.internal:8080 max_conns=50;
|
||||||
|
|
||||||
|
# Keep these many connections alive to upstream (requires HTTP/1.1)
|
||||||
|
keepalive 20;
|
||||||
}
|
}
|
||||||
|
|
||||||
server {
|
server {
|
||||||
listen 443 ssl http2;
|
listen 443 ssl;
|
||||||
listen [::]:443 ssl http2;
|
listen [::]:443 ssl;
|
||||||
|
http2 on;
|
||||||
ssl_certificate /etc/ssl/certs/cert.pem;
|
ssl_certificate /etc/ssl/certs/cert.pem;
|
||||||
ssl_certificate_key /etc/ssl/private/key.pem;
|
ssl_certificate_key /etc/ssl/private/key.pem;
|
||||||
|
|
||||||
|
@ -16,6 +20,8 @@ server {
|
||||||
|
|
||||||
location / {
|
location / {
|
||||||
proxy_pass http://museum;
|
proxy_pass http://museum;
|
||||||
|
proxy_http_version 1.1;
|
||||||
|
proxy_set_header Connection "";
|
||||||
proxy_set_header Host $host;
|
proxy_set_header Host $host;
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
|
|
Loading…
Reference in a new issue