mirror of
https://github.com/immich-app/immich.git
synced 2025-01-26 17:21:29 +02:00
feat(nginx): refactor + ipv6 (#1763)
* feat(nginx): refactor + ipv6 + increased buffer * Revert changes to proxy buffering * remove commented lines
This commit is contained in:
parent
b660240059
commit
7cfb257c00
44
nginx/10-listen-on-ipv6-by-default.sh
Executable file
44
nginx/10-listen-on-ipv6-by-default.sh
Executable file
@ -0,0 +1,44 @@
|
||||
#!/bin/sh
|
||||
# vim:sw=4:ts=4:et
|
||||
|
||||
set -e
|
||||
|
||||
entrypoint_log() {
|
||||
if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then
|
||||
echo "$@"
|
||||
fi
|
||||
}
|
||||
|
||||
ME=$(basename $0)
|
||||
DEFAULT_CONF_FILE="etc/nginx/conf.d/default.conf"
|
||||
|
||||
# check if we have ipv6 available
|
||||
if [ ! -f "/proc/net/if_inet6" ]; then
|
||||
entrypoint_log "$ME: info: ipv6 not available"
|
||||
exit 0
|
||||
fi
|
||||
|
||||
if [ ! -f "/$DEFAULT_CONF_FILE" ]; then
|
||||
entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE is not a file or does not exist"
|
||||
exit 0
|
||||
fi
|
||||
|
||||
# check if the file can be modified, e.g. not on a r/o filesystem
|
||||
touch /$DEFAULT_CONF_FILE 2>/dev/null || { entrypoint_log "$ME: info: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; }
|
||||
|
||||
# check if the file is already modified, e.g. on a container restart
|
||||
grep -q "listen \[::]\:8080;" /$DEFAULT_CONF_FILE && { entrypoint_log "$ME: info: IPv6 listen already enabled"; exit 0; }
|
||||
|
||||
if [ -f "/etc/os-release" ]; then
|
||||
. /etc/os-release
|
||||
else
|
||||
entrypoint_log "$ME: info: can not guess the operating system"
|
||||
exit 0
|
||||
fi
|
||||
|
||||
# enable ipv6 on default.conf listen sockets
|
||||
sed -i -E 's,listen 8080;,listen 8080;\n listen [::]:8080;,' /$DEFAULT_CONF_FILE
|
||||
|
||||
entrypoint_log "$ME: info: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE"
|
||||
|
||||
exit 0
|
@ -1,4 +1,4 @@
|
||||
#! /bin/sh
|
||||
#!/bin/sh
|
||||
set -e
|
||||
|
||||
export IMMICH_WEB_URL="${IMMICH_WEB_URL:-http://immich-web:3000}"
|
||||
@ -11,7 +11,3 @@ IMMICH_SERVER_SCHEME=$(echo "$IMMICH_WEB_URL" | grep -Eo '^https?://' || echo "h
|
||||
export IMMICH_SERVER_SCHEME
|
||||
IMMICH_SERVER_HOST=$(echo "$IMMICH_SERVER_URL" | cut -d '/' -f 3)
|
||||
export IMMICH_SERVER_HOST
|
||||
|
||||
envsubst '$IMMICH_WEB_SCHEME $IMMICH_WEB_HOST $IMMICH_SERVER_SCHEME $IMMICH_SERVER_HOST' < /etc/nginx/nginx.conf.template > /etc/nginx/nginx.conf
|
||||
|
||||
exec nginx -g 'daemon off;'
|
@ -3,9 +3,7 @@ FROM docker.io/nginxinc/nginx-unprivileged:latest
|
||||
COPY LICENSE /licenses/LICENSE.txt
|
||||
COPY LICENSE /LICENSE
|
||||
|
||||
COPY nginx.conf "/etc/nginx/nginx.conf.template"
|
||||
COPY start.sh /start.sh
|
||||
COPY 10-listen-on-ipv6-by-default.sh /docker-entrypoint.d
|
||||
COPY 15-set-env-variables.envsh /docker-entrypoint.d
|
||||
|
||||
STOPSIGNAL SIGQUIT
|
||||
|
||||
ENTRYPOINT ["/start.sh"]
|
||||
COPY templates/ /etc/nginx/templates
|
||||
|
104
nginx/nginx.conf
104
nginx/nginx.conf
@ -1,104 +0,0 @@
|
||||
# NOTE: This file is generated on startup. See /start.sh
|
||||
worker_processes auto;
|
||||
error_log /var/log/nginx/error.log;
|
||||
pid /tmp/nginx.pid;
|
||||
|
||||
# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.
|
||||
include /usr/share/nginx/modules/*.conf;
|
||||
|
||||
events {
|
||||
worker_connections 1024;
|
||||
}
|
||||
|
||||
http {
|
||||
map $http_upgrade $connection_upgrade {
|
||||
default upgrade;
|
||||
'' close;
|
||||
}
|
||||
|
||||
client_body_temp_path /tmp/client_temp;
|
||||
proxy_temp_path /tmp/proxy_temp_path;
|
||||
fastcgi_temp_path /tmp/fastcgi_temp;
|
||||
uwsgi_temp_path /tmp/uwsgi_temp;
|
||||
scgi_temp_path /tmp/scgi_temp;
|
||||
|
||||
# events {
|
||||
# worker_connections 1000;
|
||||
# }
|
||||
|
||||
upstream server {
|
||||
server $IMMICH_SERVER_HOST;
|
||||
keepalive 2;
|
||||
}
|
||||
|
||||
upstream web {
|
||||
server $IMMICH_WEB_HOST;
|
||||
keepalive 2;
|
||||
}
|
||||
|
||||
server {
|
||||
|
||||
# Compression
|
||||
gzip on;
|
||||
gzip_comp_level 2;
|
||||
gzip_min_length 1000;
|
||||
gzip_proxied any;
|
||||
gzip_types
|
||||
application/javascript
|
||||
application/json
|
||||
font/truetype
|
||||
image/svg+xml
|
||||
text/css
|
||||
text/html;
|
||||
gzip_vary on;
|
||||
gunzip on;
|
||||
|
||||
client_max_body_size 50000M;
|
||||
|
||||
listen 8080;
|
||||
|
||||
access_log off;
|
||||
|
||||
location /api {
|
||||
|
||||
proxy_buffering off;
|
||||
proxy_buffer_size 16k;
|
||||
proxy_busy_buffers_size 24k;
|
||||
proxy_buffers 64 4k;
|
||||
proxy_force_ranges on;
|
||||
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection $connection_upgrade;
|
||||
proxy_set_header Host $host;
|
||||
|
||||
rewrite /api/(.*) /$1 break;
|
||||
|
||||
proxy_pass ${IMMICH_SERVER_SCHEME}server;
|
||||
}
|
||||
|
||||
location / {
|
||||
|
||||
proxy_buffering off;
|
||||
proxy_buffer_size 16k;
|
||||
proxy_busy_buffers_size 24k;
|
||||
proxy_buffers 64 4k;
|
||||
proxy_force_ranges on;
|
||||
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection $connection_upgrade;
|
||||
proxy_set_header Host $host;
|
||||
|
||||
proxy_pass ${IMMICH_WEB_SCHEME}web;
|
||||
}
|
||||
}
|
||||
}
|
77
nginx/templates/default.conf.template
Normal file
77
nginx/templates/default.conf.template
Normal file
@ -0,0 +1,77 @@
|
||||
map $http_upgrade $connection_upgrade {
|
||||
default upgrade;
|
||||
'' close;
|
||||
}
|
||||
|
||||
upstream server {
|
||||
server ${IMMICH_SERVER_HOST};
|
||||
keepalive 2;
|
||||
}
|
||||
|
||||
upstream web {
|
||||
server ${IMMICH_WEB_HOST};
|
||||
keepalive 2;
|
||||
}
|
||||
|
||||
server {
|
||||
listen 8080;
|
||||
|
||||
access_log off;
|
||||
client_max_body_size 50000M;
|
||||
|
||||
# Compression
|
||||
gzip off;
|
||||
gzip_comp_level 2;
|
||||
gzip_min_length 1000;
|
||||
gzip_proxied any;
|
||||
gzip_vary on;
|
||||
gunzip on;
|
||||
|
||||
# text/html is included by default
|
||||
gzip_types
|
||||
application/javascript
|
||||
application/json
|
||||
font/ttf
|
||||
image/svg+xml
|
||||
text/css;
|
||||
|
||||
location /api {
|
||||
proxy_buffering off;
|
||||
proxy_buffer_size 16k;
|
||||
proxy_busy_buffers_size 24k;
|
||||
proxy_buffers 64 4k;
|
||||
proxy_force_ranges on;
|
||||
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection $connection_upgrade;
|
||||
proxy_set_header Host $host;
|
||||
|
||||
rewrite /api/(.*) /$1 break;
|
||||
|
||||
proxy_pass ${IMMICH_SERVER_SCHEME}server;
|
||||
}
|
||||
|
||||
location / {
|
||||
proxy_buffering off;
|
||||
proxy_buffer_size 16k;
|
||||
proxy_busy_buffers_size 24k;
|
||||
proxy_buffers 64 4k;
|
||||
proxy_force_ranges on;
|
||||
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection $connection_upgrade;
|
||||
proxy_set_header Host $host;
|
||||
|
||||
proxy_pass ${IMMICH_WEB_SCHEME}web;
|
||||
}
|
||||
}
|
Loading…
x
Reference in New Issue
Block a user