#3702 -- Apply nginx performance boost to Ansible installations.
This commit is contained in:
parent
7986b34033
commit
47a3c1a0ee
|
@ -15,7 +15,7 @@ done
|
|||
if [[ "$1" == '--' ]]; then shift; fi
|
||||
|
||||
APP_ENV="${APP_ENV:-production}"
|
||||
UPDATE_REVISION="${UPDATE_REVISION:-59}"
|
||||
UPDATE_REVISION="${UPDATE_REVISION:-60}"
|
||||
|
||||
PKG_OK=$(dpkg-query -W --showformat='${Status}\n' ansible | grep "install ok installed")
|
||||
echo "Checking for Ansible: $PKG_OK"
|
||||
|
|
|
@ -28,12 +28,6 @@ server {
|
|||
ssl_certificate /etc/nginx/ssl/server.crt;
|
||||
ssl_certificate_key /etc/nginx/ssl/server.key;
|
||||
|
||||
{% if ansible_distribution_release == 'focal' %}
|
||||
ssl_protocols TLSv1.2 TLSv1.3;
|
||||
ssl_ciphers 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384';
|
||||
ssl_prefer_server_ciphers off;
|
||||
{% endif %}
|
||||
|
||||
root {{ app_base }}/www/web;
|
||||
index index.php;
|
||||
|
||||
|
@ -46,8 +40,6 @@ server {
|
|||
access_log {{ app_base }}/www_tmp/access.log;
|
||||
error_log {{ app_base }}/www_tmp/error.log;
|
||||
|
||||
client_max_body_size 50M;
|
||||
|
||||
# Serve a static version of the nowplaying data for non-PHP-blocking delivery.
|
||||
location /api/nowplaying_static {
|
||||
expires 10s;
|
||||
|
|
|
@ -1,12 +1,14 @@
|
|||
user www-data;
|
||||
worker_processes auto;
|
||||
worker_processes auto;
|
||||
worker_rlimit_nofile 65000;
|
||||
|
||||
pid /run/nginx.pid;
|
||||
|
||||
include /etc/nginx/modules-enabled/*.conf;
|
||||
|
||||
events {
|
||||
worker_connections 10240;
|
||||
# multi_accept on;
|
||||
worker_connections 65000;
|
||||
multi_accept on;
|
||||
}
|
||||
|
||||
http {
|
||||
|
@ -17,7 +19,9 @@ http {
|
|||
sendfile on;
|
||||
tcp_nopush on;
|
||||
tcp_nodelay on;
|
||||
|
||||
keepalive_timeout 65;
|
||||
|
||||
types_hash_max_size 2048;
|
||||
server_tokens off;
|
||||
|
||||
|
@ -33,15 +37,14 @@ http {
|
|||
# SSL Settings
|
||||
##
|
||||
|
||||
{% if ansible_distribution_release == 'focal' %}
|
||||
ssl_protocols TLSv1.2 TLSv1.3;
|
||||
ssl_ciphers 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384';
|
||||
ssl_prefer_server_ciphers off;
|
||||
{% else %}
|
||||
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
|
||||
ssl_prefer_server_ciphers on;
|
||||
|
||||
##
|
||||
# Logging Settings
|
||||
##
|
||||
|
||||
access_log /var/log/nginx/access.log;
|
||||
error_log /var/log/nginx/error.log;
|
||||
{% endif %}
|
||||
|
||||
##
|
||||
# Logging Settings
|
||||
|
@ -56,13 +59,21 @@ http {
|
|||
|
||||
gzip on;
|
||||
gzip_disable "msie6";
|
||||
|
||||
# gzip_vary on;
|
||||
# gzip_proxied any;
|
||||
# gzip_comp_level 6;
|
||||
# gzip_buffers 16 8k;
|
||||
# gzip_http_version 1.1;
|
||||
# gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
|
||||
gzip_comp_level 6;
|
||||
gzip_min_length 1100;
|
||||
gzip_buffers 16 8k;
|
||||
gzip_proxied any;
|
||||
gzip_types
|
||||
text/plain
|
||||
text/css
|
||||
text/js
|
||||
text/xml
|
||||
text/javascript
|
||||
application/javascript
|
||||
application/x-javascript
|
||||
application/json
|
||||
application/xml
|
||||
application/xml+rss;
|
||||
|
||||
##
|
||||
# Virtual Host Configs
|
||||
|
|
|
@ -16,7 +16,7 @@
|
|||
- { role : azuracast-radio, when : update_revision|int < 59 }
|
||||
- { role : supervisord, when : update_revision|int < 13 }
|
||||
- { role : mariadb, when : update_revision|int < 15 }
|
||||
- { role : nginx, when : update_revision|int < 55 }
|
||||
- { role : nginx, when : update_revision|int < 60 }
|
||||
- { role : redis, when : update_revision|int < 57 }
|
||||
- { role : php, when : update_revision|int < 50 }
|
||||
- composer
|
||||
|
|
Loading…
Reference in New Issue