tilderadio
/
AzuraCast
mirror of https://github.com/AzuraCast/AzuraCast.git
4
0
Fork 0
Code Issues Releases Wiki Activity

#3702 -- Apply nginx performance boost to Ansible installations.

This commit is contained in:
Buster "Silver Eagle" Neece 2021-01-24 06:12:39 -06:00
parent 7986b34033
commit 47a3c1a0ee
No known key found for this signature in database
GPG Key ID: 6D9E12FF03411F4E
4 changed files with 30 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
update.sh
View File

@ -15,7 +15,7 @@ done
if [[ "$1" == '--' ]]; then shift; fi
APP_ENV="${APP_ENV:-production}"
UPDATE_REVISION="${UPDATE_REVISION:-59}"
UPDATE_REVISION="${UPDATE_REVISION:-60}"
PKG_OK=$(dpkg-query -W --showformat='${Status}\n' ansible | grep "install ok installed")
echo "Checking for Ansible: $PKG_OK"

8
util/ansible/roles/nginx/templates/default.j2
View File

@ -28,12 +28,6 @@ server {
ssl_certificate /etc/nginx/ssl/server.crt;
ssl_certificate_key /etc/nginx/ssl/server.key;
{% if ansible_distribution_release == 'focal' %}
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384';
ssl_prefer_server_ciphers off;
{% endif %}
root {{ app_base }}/www/web;
index index.php;
@ -46,8 +40,6 @@ server {
access_log {{ app_base }}/www_tmp/access.log;
error_log {{ app_base }}/www_tmp/error.log;
client_max_body_size 50M;
# Serve a static version of the nowplaying data for non-PHP-blocking delivery.
location /api/nowplaying_static {
expires 10s;

45
util/ansible/roles/nginx/templates/nginx.conf.j2
View File

@ -1,12 +1,14 @@
user www-data;
worker_processes auto;
worker_processes auto;
worker_rlimit_nofile 65000;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;
events {
worker_connections 10240;
# multi_accept on;
worker_connections 65000;
multi_accept on;
}
http {
@ -17,7 +19,9 @@ http {
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
server_tokens off;
@ -33,15 +37,14 @@ http {
# SSL Settings
##
{% if ansible_distribution_release == 'focal' %}
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384';
ssl_prefer_server_ciphers off;
{% else %}
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;
##
# Logging Settings
##
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
{% endif %}
##
# Logging Settings
@ -56,13 +59,21 @@ http {
gzip on;
gzip_disable "msie6";
# gzip_vary on;
# gzip_proxied any;
# gzip_comp_level 6;
# gzip_buffers 16 8k;
# gzip_http_version 1.1;
# gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
gzip_comp_level 6;
gzip_min_length 1100;
gzip_buffers 16 8k;
gzip_proxied any;
gzip_types
text/plain
text/css
text/js
text/xml
text/javascript
application/javascript
application/x-javascript
application/json
application/xml
application/xml+rss;
##
# Virtual Host Configs

2
util/ansible/update.yml
View File

@ -16,7 +16,7 @@
- { role : azuracast-radio, when : update_revision|int < 59 }
- { role : supervisord, when : update_revision|int < 13 }
- { role : mariadb, when : update_revision|int < 15 }
- { role : nginx, when : update_revision|int < 55 }
- { role : nginx, when : update_revision|int < 60 }
- { role : redis, when : update_revision|int < 57 }
- { role : php, when : update_revision|int < 50 }
- composer