forked from immich-app/immich
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat(nginx): refactor + ipv6 (immich-app#1763)
* feat(nginx): refactor + ipv6 + increased buffer * Revert changes to proxy buffering * remove commented lines
- Loading branch information
1 parent
b660240
commit 7cfb257
Showing
5 changed files
with
125 additions
and
114 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,44 @@ | ||
| #!/bin/sh | ||
| # vim:sw=4:ts=4:et | ||
|
|
||
| set -e | ||
|
|
||
| entrypoint_log() { | ||
| if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then | ||
| echo "$@" | ||
| fi | ||
| } | ||
|
|
||
| ME=$(basename $0) | ||
| DEFAULT_CONF_FILE="etc/nginx/conf.d/default.conf" | ||
|
|
||
| # check if we have ipv6 available | ||
| if [ ! -f "/proc/net/if_inet6" ]; then | ||
| entrypoint_log "$ME: info: ipv6 not available" | ||
| exit 0 | ||
| fi | ||
|
|
||
| if [ ! -f "/$DEFAULT_CONF_FILE" ]; then | ||
| entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE is not a file or does not exist" | ||
| exit 0 | ||
| fi | ||
|
|
||
| # check if the file can be modified, e.g. not on a r/o filesystem | ||
| touch /$DEFAULT_CONF_FILE 2>/dev/null || { entrypoint_log "$ME: info: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } | ||
|
|
||
| # check if the file is already modified, e.g. on a container restart | ||
| grep -q "listen \[::]\:8080;" /$DEFAULT_CONF_FILE && { entrypoint_log "$ME: info: IPv6 listen already enabled"; exit 0; } | ||
|
|
||
| if [ -f "/etc/os-release" ]; then | ||
| . /etc/os-release | ||
| else | ||
| entrypoint_log "$ME: info: can not guess the operating system" | ||
| exit 0 | ||
| fi | ||
|
|
||
| # enable ipv6 on default.conf listen sockets | ||
| sed -i -E 's,listen 8080;,listen 8080;\n listen [::]:8080;,' /$DEFAULT_CONF_FILE | ||
|
|
||
| entrypoint_log "$ME: info: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE" | ||
|
|
||
| exit 0 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,77 @@ | ||
| map $http_upgrade $connection_upgrade { | ||
| default upgrade; | ||
| '' close; | ||
| } | ||
|
|
||
| upstream server { | ||
| server ${IMMICH_SERVER_HOST}; | ||
| keepalive 2; | ||
| } | ||
|
|
||
| upstream web { | ||
| server ${IMMICH_WEB_HOST}; | ||
| keepalive 2; | ||
| } | ||
|
|
||
| server { | ||
| listen 8080; | ||
|
|
||
| access_log off; | ||
| client_max_body_size 50000M; | ||
|
|
||
| # Compression | ||
| gzip off; | ||
| gzip_comp_level 2; | ||
| gzip_min_length 1000; | ||
| gzip_proxied any; | ||
| gzip_vary on; | ||
| gunzip on; | ||
|
|
||
| # text/html is included by default | ||
| gzip_types | ||
| application/javascript | ||
| application/json | ||
| font/ttf | ||
| image/svg+xml | ||
| text/css; | ||
|
|
||
| location /api { | ||
| proxy_buffering off; | ||
| proxy_buffer_size 16k; | ||
| proxy_busy_buffers_size 24k; | ||
| proxy_buffers 64 4k; | ||
| proxy_force_ranges on; | ||
|
|
||
| proxy_http_version 1.1; | ||
| proxy_set_header Host $host; | ||
| proxy_set_header X-Real-IP $remote_addr; | ||
| proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | ||
| proxy_set_header X-Forwarded-Proto $scheme; | ||
| proxy_set_header Upgrade $http_upgrade; | ||
| proxy_set_header Connection $connection_upgrade; | ||
| proxy_set_header Host $host; | ||
|
|
||
| rewrite /api/(.*) /$1 break; | ||
|
|
||
| proxy_pass ${IMMICH_SERVER_SCHEME}server; | ||
| } | ||
|
|
||
| location / { | ||
| proxy_buffering off; | ||
| proxy_buffer_size 16k; | ||
| proxy_busy_buffers_size 24k; | ||
| proxy_buffers 64 4k; | ||
| proxy_force_ranges on; | ||
|
|
||
| proxy_http_version 1.1; | ||
| proxy_set_header Host $host; | ||
| proxy_set_header X-Real-IP $remote_addr; | ||
| proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | ||
| proxy_set_header X-Forwarded-Proto $scheme; | ||
| proxy_set_header Upgrade $http_upgrade; | ||
| proxy_set_header Connection $connection_upgrade; | ||
| proxy_set_header Host $host; | ||
|
|
||
| proxy_pass ${IMMICH_WEB_SCHEME}web; | ||
| } | ||
| } |