feat(nginx): refactor + ipv6 (#1763)

* feat(nginx): refactor + ipv6 + increased buffer * Revert changes to proxy buffering * remove commented lines
2025-10-31 00:18:28 +02:00 · 2023-02-15 22:21:52 +01:00
parent b660240059
commit 7cfb257c00
5 changed files with 125 additions and 114 deletions
--- a/nginx/10-listen-on-ipv6-by-default.sh
+++ b/nginx/10-listen-on-ipv6-by-default.sh
@@ -0,0 +1,44 @@
+#!/bin/sh
+# vim:sw=4:ts=4:et
+
+set -e
+
+entrypoint_log() {
+    if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then
+        echo "$@"
+    fi
+}
+
+ME=$(basename $0)
+DEFAULT_CONF_FILE="etc/nginx/conf.d/default.conf"
+
+# check if we have ipv6 available
+if [ ! -f "/proc/net/if_inet6" ]; then
+    entrypoint_log "$ME: info: ipv6 not available"
+    exit 0
+fi
+
+if [ ! -f "/$DEFAULT_CONF_FILE" ]; then
+    entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE is not a file or does not exist"
+    exit 0
+fi
+
+# check if the file can be modified, e.g. not on a r/o filesystem
+touch /$DEFAULT_CONF_FILE 2>/dev/null || { entrypoint_log "$ME: info: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; }
+
+# check if the file is already modified, e.g. on a container restart
+grep -q "listen  \[::]\:8080;" /$DEFAULT_CONF_FILE && { entrypoint_log "$ME: info: IPv6 listen already enabled"; exit 0; }
+
+if [ -f "/etc/os-release" ]; then
+    . /etc/os-release
+else
+    entrypoint_log "$ME: info: can not guess the operating system"
+    exit 0
+fi
+
+# enable ipv6 on default.conf listen sockets
+sed -i -E 's,listen       8080;,listen       8080;\n    listen  [::]:8080;,' /$DEFAULT_CONF_FILE
+
+entrypoint_log "$ME: info: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE"
+
+exit 0
--- a/nginx/15-set-env-variables.envsh
+++ b/nginx/15-set-env-variables.envsh
@@ -1,4 +1,4 @@
-#! /bin/sh
+#!/bin/sh
 set -e

 export IMMICH_WEB_URL="${IMMICH_WEB_URL:-http://immich-web:3000}"
@@ -11,7 +11,3 @@ IMMICH_SERVER_SCHEME=$(echo "$IMMICH_WEB_URL" | grep -Eo '^https?://' || echo "h
 export IMMICH_SERVER_SCHEME
 IMMICH_SERVER_HOST=$(echo "$IMMICH_SERVER_URL" | cut -d '/' -f 3)
 export IMMICH_SERVER_HOST
-
-envsubst '$IMMICH_WEB_SCHEME $IMMICH_WEB_HOST  $IMMICH_SERVER_SCHEME $IMMICH_SERVER_HOST' < /etc/nginx/nginx.conf.template > /etc/nginx/nginx.conf
-
-exec nginx -g 'daemon off;'
--- a/nginx/Dockerfile
+++ b/nginx/Dockerfile
@@ -3,9 +3,7 @@ FROM docker.io/nginxinc/nginx-unprivileged:latest
 COPY LICENSE /licenses/LICENSE.txt
 COPY LICENSE /LICENSE

-COPY nginx.conf "/etc/nginx/nginx.conf.template"
-COPY start.sh /start.sh
+COPY 10-listen-on-ipv6-by-default.sh /docker-entrypoint.d
+COPY 15-set-env-variables.envsh /docker-entrypoint.d

-STOPSIGNAL SIGQUIT
-
-ENTRYPOINT ["/start.sh"]
+COPY templates/ /etc/nginx/templates
--- a/nginx/nginx.conf
+++ b/nginx/nginx.conf
@@ -1,104 +0,0 @@
-# NOTE: This file is generated on startup. See /start.sh
-worker_processes auto;
-error_log /var/log/nginx/error.log;
-pid /tmp/nginx.pid;
-
-# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.
-include /usr/share/nginx/modules/*.conf;
-
-events {
-    worker_connections 1024;
-}
-
-http {
-  map $http_upgrade $connection_upgrade {
-    default upgrade;
-    '' close;
-  }
-
-  client_body_temp_path /tmp/client_temp;
-  proxy_temp_path       /tmp/proxy_temp_path;
-  fastcgi_temp_path     /tmp/fastcgi_temp;
-  uwsgi_temp_path       /tmp/uwsgi_temp;
-  scgi_temp_path        /tmp/scgi_temp;
-
-  # events {
-  #   worker_connections 1000;
-  # }
-
-  upstream server {
-    server $IMMICH_SERVER_HOST;
-    keepalive 2;
-  }
-
-  upstream web {
-    server $IMMICH_WEB_HOST;
-    keepalive 2;
-  }
-
-  server {
-
-    # Compression
-    gzip on;
-    gzip_comp_level 2;
-    gzip_min_length 1000;
-    gzip_proxied any;
-    gzip_types
-       application/javascript
-       application/json
-       font/truetype
-       image/svg+xml
-       text/css
-       text/html;
-    gzip_vary on;
-    gunzip on;
-
-    client_max_body_size 50000M;
-
-    listen 8080;
-    
-    access_log off;
-
-    location /api {
-
-      proxy_buffering off;
-      proxy_buffer_size 16k;
-      proxy_busy_buffers_size 24k;
-      proxy_buffers 64 4k;
-      proxy_force_ranges on;
-
-      proxy_http_version 1.1;
-      proxy_set_header Host $host;
-      proxy_set_header X-Real-IP $remote_addr;
-      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-      proxy_set_header X-Forwarded-Proto $scheme;
-      proxy_set_header Upgrade $http_upgrade;
-      proxy_set_header Connection $connection_upgrade;
-      proxy_set_header Host $host;
-
-      rewrite /api/(.*) /$1 break;
-
-      proxy_pass ${IMMICH_SERVER_SCHEME}server;
-    }
-
-    location / {
-
-      proxy_buffering off;
-      proxy_buffer_size 16k;
-      proxy_busy_buffers_size 24k;
-      proxy_buffers 64 4k;
-      proxy_force_ranges on;
-
-      proxy_http_version 1.1;
-      proxy_set_header Host $host;
-      proxy_set_header X-Real-IP $remote_addr;
-      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-      proxy_set_header X-Forwarded-Proto $scheme;
-      proxy_set_header Upgrade $http_upgrade;
-      proxy_set_header Connection $connection_upgrade;
-      proxy_set_header Host $host;
-
-      proxy_pass ${IMMICH_WEB_SCHEME}web;
-    }
-  }
-}
--- a/nginx/templates/default.conf.template
+++ b/nginx/templates/default.conf.template
@@ -0,0 +1,77 @@
+map $http_upgrade $connection_upgrade {
+  default upgrade;
+  '' close;
+}
+
+upstream server {
+  server ${IMMICH_SERVER_HOST};
+  keepalive 2;
+}
+
+upstream web {
+  server ${IMMICH_WEB_HOST};
+  keepalive 2;
+}
+
+server {
+  listen 8080;
+
+  access_log off;
+  client_max_body_size 50000M;
+
+  # Compression
+  gzip off;
+  gzip_comp_level 2;
+  gzip_min_length 1000;
+  gzip_proxied any;
+  gzip_vary on;
+  gunzip on;
+
+  # text/html is included by default
+  gzip_types
+    application/javascript
+    application/json
+    font/ttf
+    image/svg+xml
+    text/css;
+
+  location /api {
+    proxy_buffering off;
+    proxy_buffer_size 16k;
+    proxy_busy_buffers_size 24k;
+    proxy_buffers 64 4k;
+    proxy_force_ranges on;
+
+    proxy_http_version 1.1;
+    proxy_set_header Host $host;
+    proxy_set_header X-Real-IP $remote_addr;
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header X-Forwarded-Proto $scheme;
+    proxy_set_header Upgrade $http_upgrade;
+    proxy_set_header Connection $connection_upgrade;
+    proxy_set_header Host $host;
+
+    rewrite /api/(.*) /$1 break;
+
+    proxy_pass ${IMMICH_SERVER_SCHEME}server;
+  }
+
+  location / {
+    proxy_buffering off;
+    proxy_buffer_size 16k;
+    proxy_busy_buffers_size 24k;
+    proxy_buffers 64 4k;
+    proxy_force_ranges on;
+
+    proxy_http_version 1.1;
+    proxy_set_header Host $host;
+    proxy_set_header X-Real-IP $remote_addr;
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header X-Forwarded-Proto $scheme;
+    proxy_set_header Upgrade $http_upgrade;
+    proxy_set_header Connection $connection_upgrade;
+    proxy_set_header Host $host;
+
+    proxy_pass ${IMMICH_WEB_SCHEME}web;
+  }
+}