xhiveframework
/
bench_new
1
0
Bifurcation 0
Code Tickets 0 Demandes d'ajout 0 Versions 0 Wiki Activité
Vous ne pouvez pas sélectionner plus de 25 sujets Les noms de sujets doivent commencer par une lettre ou un nombre, peuvent contenir des tirets ('-') et peuvent comporter jusqu'à 35 caractères.
1 Commit
1 Branche
170 KiB
 
 
 
 
Aborescence: 9fce7b5339
Branches Tags
${ item.name }
Créer la branche ${ searchTerm }
de '9fce7b5339'
${ noResults }
bench_new/bench/config/templates/nginx.conf

238 lignes
6.1 KiB
Brut Annotations Historique 

  1. {%- macro nginx_map(from_variable, to_variable, values, default) %}

  2. map {{ from_variable }} {{ to_variable }} {

  3. 	{% for (from, to) in values.items() -%}

  4. 		{{ from }} {{ to }};

  5. 	{% endfor %}

  6. 

  7. 	{%- if default -%}

  8. 		default {{ default }};

  9. 	{% endif %}

  10. }

  11. {%- endmacro %}

  12. 

  13. {%- macro server_block(bench_name, port, server_names, site_name, sites_path, ssl_certificate, ssl_certificate_key) %}

  14. server {

  15. 	{% if ssl_certificate and ssl_certificate_key %}

  16. 	listen {{ port }} ssl;

  17. 	listen [::]:{{ port }} ssl;

  18. 	{% else %}

  19. 	listen {{ port }};

  20. 	listen [::]:{{ port }};

  21. 	{% endif %}

  22. 

  23. 	server_name

  24. 		{% for name in server_names -%}

  25. 		{{ name }}

  26. 		{% endfor -%}

  27. 		;

  28. 

  29. 	root {{ sites_path }};

  30. 

  31. 	{% if allow_rate_limiting %}

  32. 	limit_conn per_host_{{ bench_name_hash }} 8;

  33. 	{% endif %}

  34. 

  35. 	proxy_buffer_size 128k;

  36. 	proxy_buffers 4 256k;

  37. 	proxy_busy_buffers_size 256k;

  38. 

  39. 	{% if ssl_certificate and ssl_certificate_key %}

  40. 	ssl_certificate      {{ ssl_certificate }};

  41. 	ssl_certificate_key  {{ ssl_certificate_key }};

  42. 	ssl_session_timeout  5m;

  43. 	ssl_session_cache shared:SSL:10m;

  44. 	ssl_session_tickets off;

  45. 	ssl_stapling on;

  46. 	ssl_stapling_verify on;

  47. 	ssl_protocols TLSv1.2 TLSv1.3;

  48. 	ssl_ciphers EECDH+AESGCM:EDH+AESGCM;

  49. 	ssl_ecdh_curve secp384r1;

  50. 	ssl_prefer_server_ciphers on;

  51. 	{% endif %}

  52. 

  53. 	add_header X-Frame-Options "SAMEORIGIN";

  54. 	add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";

  55. 	add_header X-Content-Type-Options nosniff;

  56. 	add_header X-XSS-Protection "1; mode=block";

  57. 	add_header Referrer-Policy "same-origin, strict-origin-when-cross-origin";

  58. 

  59. 	location /assets {

  60. 		try_files $uri =404;

  61. 		add_header Cache-Control "max-age=31536000";

  62. 	}

  63. 

  64. 	location ~ ^/protected/(.*) {

  65. 		internal;

  66. 		try_files /{{ site_name }}/$1 =404;

  67. 	}

  68. 

  69. 	location /socket.io {

  70. 		proxy_http_version 1.1;

  71. 		proxy_set_header Upgrade $http_upgrade;

  72. 		proxy_set_header Connection "upgrade";

  73. 		proxy_set_header X-Xhiveframework-Site-Name {{ site_name }};

  74. 		proxy_set_header Origin $scheme://$http_host;

  75. 		proxy_set_header Host $host;

  76. 

  77. 		proxy_pass http://{{ bench_name }}-socketio-server;

  78. 	}

  79. 

  80. 	location / {

  81. 

  82.  		rewrite ^(.+)/$ $1 permanent;

  83.   		rewrite ^(.+)/index\.html$ $1 permanent;

  84.   		rewrite ^(.+)\.html$ $1 permanent;

  85. 

  86. 		location ~* ^/files/.*.(htm|html|svg|xml) {

  87. 			add_header Content-disposition "attachment";

  88. 			try_files /{{ site_name }}/public/$uri @webserver;

  89. 		}

  90. 

  91. 		try_files /{{ site_name }}/public/$uri @webserver;

  92. 	}

  93. 

  94. 	location @webserver {

  95. 		proxy_http_version 1.1;

  96. 		proxy_set_header X-Forwarded-For $remote_addr;

  97. 		proxy_set_header X-Forwarded-Proto $scheme;

  98. 		proxy_set_header X-Xhiveframework-Site-Name {{ site_name }};

  99. 		proxy_set_header Host $host;

  100. 		proxy_set_header X-Use-X-Accel-Redirect True;

  101. 		proxy_read_timeout {{ http_timeout or 120 }};

  102. 		proxy_redirect off;

  103. 

  104. 		proxy_pass  http://{{ bench_name }}-xhiveframework;

  105. 	}

  106. 

  107. 	# error pages

  108. 	{% for error_code, error_page in error_pages.items() -%}

  109. 

  110. 	error_page {{ error_code }} /{{ error_page.split('/')[-1] }};

  111. 	location /{{ error_code }}.html {

  112. 		root {{ '/'.join(error_page.split('/')[:-1]) }};

  113. 		internal;

  114. 	}

  115. 

  116. 	{% endfor -%}

  117. 

  118. 	{% if logging %}

  119. 	{%- if logging.level == "site" -%}

  120. 

  121. 	access_log  /var/log/nginx/{{ site_name }}_access.log  {{ logging.log_format }};

  122. 	error_log  /var/log/nginx/{{ site_name }}_error.log;

  123. 

  124. 	{%- elif logging.level == "combined" -%}

  125. 

  126. 	access_log  /var/log/nginx/access.log {{ logging.log_format }};

  127. 	error_log  /var/log/nginx/error.log;

  128. 

  129. 	{%- endif %}

  130. 	{%- endif %}

  131. 

  132. 	# optimizations

  133. 	sendfile on;

  134. 	keepalive_timeout 15;

  135. 	client_max_body_size 50m;

  136. 	client_body_buffer_size 16K;

  137. 	client_header_buffer_size 1k;

  138. 

  139. 	# enable gzip compresion

  140. 	# based on https://mattstauffer.co/blog/enabling-gzip-on-nginx-servers-including-laravel-forge

  141. 	gzip on;

  142. 	gzip_http_version 1.1;

  143. 	gzip_comp_level 5;

  144. 	gzip_min_length 256;

  145. 	gzip_proxied any;

  146. 	gzip_vary on;

  147. 	gzip_types

  148. 		application/atom+xml

  149. 		application/javascript

  150. 		application/json

  151. 		application/rss+xml

  152. 		application/vnd.ms-fontobject

  153. 		application/x-font-ttf

  154. 		application/font-woff

  155. 		application/x-web-app-manifest+json

  156. 		application/xhtml+xml

  157. 		application/xml

  158. 		font/opentype

  159. 		image/svg+xml

  160. 		image/x-icon

  161. 		text/css

  162. 		text/plain

  163. 		text/x-component

  164. 		;

  165. 		# text/html is always compressed by HttpGzipModule

  166. }

  167. 

  168. {% if ssl_certificate and ssl_certificate_key -%}

  169. 	# http to https redirect

  170. 	server {

  171. 		listen 80;

  172. 		server_name

  173. 			{% for name in server_names -%}

  174. 			{{ name }}

  175. 			{% endfor -%}

  176. 			;

  177. 

  178. 		return 301 https://$host$request_uri;

  179. 	}

  180. 

  181. {% endif %}

  182. 

  183. {%- endmacro -%}

  184. 

  185. upstream {{ bench_name }}-xhiveframework {

  186. 	server 127.0.0.1:{{ webserver_port or 8000 }} fail_timeout=0;

  187. }

  188. 

  189. upstream {{ bench_name}}-socketio-server {

  190. 	server 127.0.0.1:{{ socketio_port or 3000 }} fail_timeout=0;

  191. }

  192. 

  193. {% if allow_rate_limiting %}

  194. limit_conn_zone $host zone=per_host_{{ bench_name_hash }}:{{ limit_conn_shared_memory }}m;

  195. {% endif %}

  196. 

  197. # setup maps

  198. {%- set site_name_variable="$host" %}

  199. {% if sites.domain_map -%}

  200. 	{# we append these variables with a random string as there could be multiple benches #}

  201. 	{%- set site_name_variable="$site_name_{0}".format(random_string) -%}

  202. 	{{ nginx_map(from_variable="$host", to_variable=site_name_variable, values=sites.domain_map, default="$host") }}

  203. {%- endif %}

  204. 

  205. # server blocks

  206. {% if sites.that_use_dns -%}

  207. 

  208. 	{{ server_block(bench_name, port=80, server_names=sites.that_use_dns, site_name=site_name_variable, sites_path=sites_path) }}

  209. 

  210. {%- endif %}

  211. 

  212. {% if sites.that_use_wildcard_ssl -%}

  213. 

  214. 	{{ server_block(bench_name, port=443, server_names=sites.that_use_wildcard_ssl,

  215. 		site_name=site_name_variable, sites_path=sites_path,

  216. 		ssl_certificate=sites.wildcard_ssl_certificate,

  217. 		ssl_certificate_key=sites.wildcard_ssl_certificate_key) }}

  218. 

  219. {%- endif %}

  220. 

  221. {%- if sites.that_use_ssl -%}

  222. 	{% for site in sites.that_use_ssl -%}

  223. 

  224. 		{{ server_block(bench_name, port=443, server_names=[site.domain or site.name],

  225. 				site_name=site_name_variable, sites_path=sites_path,

  226. 				ssl_certificate=site.ssl_certificate, ssl_certificate_key=site.ssl_certificate_key) }}

  227. 

  228. 	{% endfor %}

  229. {%- endif %}

  230. 

  231. {% if sites.that_use_port -%}

  232. 	{%- for site in sites.that_use_port -%}

  233. 

  234. 		{{ server_block(bench_name, port=site.port, server_names=[site.name], site_name=site.name, sites_path=sites_path) }}

  235. 

  236. 	{%- endfor %}

  237. {% endif %}