From a4ae927915aaea3c67d919b6d62c93b56d48a09c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?E=CC=81ric=20Gaspar?= <46165813+ericgaspar@users.noreply.github.com> Date: Sat, 30 Dec 2023 17:28:25 +0100 Subject: [PATCH] Update nginx.conf --- conf/nginx.conf | 90 +++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 90 insertions(+) diff --git a/conf/nginx.conf b/conf/nginx.conf index ed28f56..4e1326c 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -90,3 +90,93 @@ location /tracker/socket { location ~ ^/plugins/[^/]+(/[^/]+)?/ws/ { try_files /dev/null @api_websocket; } + +## +# Performance optimizations +# For extra performance please refer to https://github.com/denji/nginx-tuning +## + +root __DATA_DIR__/storage/; + + # Enable compression for JS/CSS/HTML, for improved client load times. + # It might be nice to compress JSON/XML as returned by the API, but + # leaving that out to protect against potential BREACH attack. + +# gzip on; +gzip_vary on; +gzip_types # text/html is always compressed by HttpGzipModule + text/css + application/javascript + font/truetype + font/opentype + application/vnd.ms-fontobject + image/svg+xml; +gzip_min_length 1000; # default is 20 bytes +gzip_buffers 16 8k; +gzip_comp_level 2; # default is 1 + +client_body_timeout 30s; # default is 60 +client_header_timeout 10s; # default is 60 +send_timeout 10s; # default is 60 +keepalive_timeout 10s; # default is 75 +# resolver_timeout 10s; # default is 30 +reset_timedout_connection on; +proxy_ignore_client_abort on; + +tcp_nopush on; # send headers in one piece +tcp_nodelay on; # don't buffer data sent, good for small data bursts in real time + +# If you have a small /var/lib partition, it could be interesting to store temp nginx uploads in a different place +# See https://nginx.org/en/docs/http/ngx_http_core_module.html#client_body_temp_path +#client_body_temp_path /var/www/peertube/storage/nginx/; + +# Bypass PeerTube for performance reasons. Optional. +# Should be consistent with client-overrides assets list in /server/controllers/client.ts +location ~ ^/client/(assets/images/(icons/icon-36x36\.png|icons/icon-48x48\.png|icons/icon-72x72\.png|icons/icon-96x96\.png|icons/icon-144x144\.png|icons/icon-192x192\.png|icons/icon-512x512\.png|logo\.svg|favicon\.png|default-playlist\.jpg|default-avatar-account\.png|default-avatar-account-48x48\.png|default-avatar-video-channel\.png|default-avatar-video-channel-48x48\.png))$ { + more_set_headers "Cache-Control : public, max-age=31536000, immutable"; # Cache 1 year + + try_files __DATA_DIR__/storage/client-overrides/$1 __INSTALL_DIR__/client/dist/$1 @api; +} + +# Bypass PeerTube for performance reasons. Optional. +location ~ ^/client/(.*\.(js|css|png|svg|woff2|otf|ttf|woff|eot))$ { + more_set_headers "Cache-Control : public, max-age=31536000, immutable"; # Cache 1 year + + alias __INSTALL_DIR__/client/dist/$1; +} + +# Bypass PeerTube for performance reasons. Optional. +location ~ ^/static/(thumbnails|avatars)/ { + if ($request_method = 'OPTIONS') { + more_set_headers "Access-Control-Allow-Origin : *"; + more_set_headers "Access-Control-Allow-Methods : GET, OPTIONS"; + more_set_headers "Access-Control-Allow-Headers : Range,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type"; + more_set_headers "Access-Control-Max-Age : 1728000"; # Preflight request can be cached 20 days + more_set_headers "Content-Type : text/plain charset=UTF-8"; + more_set_headers "Content-Length : 0"; + return 204; + } + + more_set_headers "Access-Control-Allow-Origin : *"; + more_set_headers "Access-Control-Allow-Methods : GET, OPTIONS"; + more_set_headers "Access-Control-Allow-Headers : Range,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type"; + more_set_headers "Cache-Control : public, max-age=7200"; # Cache response 2 hours + + rewrite ^/static/(.*)$ /$1 break; + + root __DATA_DIR__/storage/; + + try_files $uri @api; +} + +location ~ ^(/static/(webseed|videos|streaming-playlists)/private/)|^/download { + # We can't rate limit a try_files directive, so we need to duplicate @api + + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + + proxy_limit_rate 5M; + + proxy_pass http://127.0.0.1:__PORT__; +}