mirror of
https://github.com/immich-app/immich.git
synced 2025-01-04 02:46:47 +01:00
feat(nginx): refactor + ipv6 (#1763)
* feat(nginx): refactor + ipv6 + increased buffer * Revert changes to proxy buffering * remove commented lines
This commit is contained in:
parent
b660240059
commit
7cfb257c00
5 changed files with 125 additions and 114 deletions
44
nginx/10-listen-on-ipv6-by-default.sh
Executable file
44
nginx/10-listen-on-ipv6-by-default.sh
Executable file
|
@ -0,0 +1,44 @@
|
||||||
|
#!/bin/sh
|
||||||
|
# vim:sw=4:ts=4:et
|
||||||
|
|
||||||
|
set -e
|
||||||
|
|
||||||
|
entrypoint_log() {
|
||||||
|
if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then
|
||||||
|
echo "$@"
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
ME=$(basename $0)
|
||||||
|
DEFAULT_CONF_FILE="etc/nginx/conf.d/default.conf"
|
||||||
|
|
||||||
|
# check if we have ipv6 available
|
||||||
|
if [ ! -f "/proc/net/if_inet6" ]; then
|
||||||
|
entrypoint_log "$ME: info: ipv6 not available"
|
||||||
|
exit 0
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ ! -f "/$DEFAULT_CONF_FILE" ]; then
|
||||||
|
entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE is not a file or does not exist"
|
||||||
|
exit 0
|
||||||
|
fi
|
||||||
|
|
||||||
|
# check if the file can be modified, e.g. not on a r/o filesystem
|
||||||
|
touch /$DEFAULT_CONF_FILE 2>/dev/null || { entrypoint_log "$ME: info: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; }
|
||||||
|
|
||||||
|
# check if the file is already modified, e.g. on a container restart
|
||||||
|
grep -q "listen \[::]\:8080;" /$DEFAULT_CONF_FILE && { entrypoint_log "$ME: info: IPv6 listen already enabled"; exit 0; }
|
||||||
|
|
||||||
|
if [ -f "/etc/os-release" ]; then
|
||||||
|
. /etc/os-release
|
||||||
|
else
|
||||||
|
entrypoint_log "$ME: info: can not guess the operating system"
|
||||||
|
exit 0
|
||||||
|
fi
|
||||||
|
|
||||||
|
# enable ipv6 on default.conf listen sockets
|
||||||
|
sed -i -E 's,listen 8080;,listen 8080;\n listen [::]:8080;,' /$DEFAULT_CONF_FILE
|
||||||
|
|
||||||
|
entrypoint_log "$ME: info: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE"
|
||||||
|
|
||||||
|
exit 0
|
|
@ -11,7 +11,3 @@ IMMICH_SERVER_SCHEME=$(echo "$IMMICH_WEB_URL" | grep -Eo '^https?://' || echo "h
|
||||||
export IMMICH_SERVER_SCHEME
|
export IMMICH_SERVER_SCHEME
|
||||||
IMMICH_SERVER_HOST=$(echo "$IMMICH_SERVER_URL" | cut -d '/' -f 3)
|
IMMICH_SERVER_HOST=$(echo "$IMMICH_SERVER_URL" | cut -d '/' -f 3)
|
||||||
export IMMICH_SERVER_HOST
|
export IMMICH_SERVER_HOST
|
||||||
|
|
||||||
envsubst '$IMMICH_WEB_SCHEME $IMMICH_WEB_HOST $IMMICH_SERVER_SCHEME $IMMICH_SERVER_HOST' < /etc/nginx/nginx.conf.template > /etc/nginx/nginx.conf
|
|
||||||
|
|
||||||
exec nginx -g 'daemon off;'
|
|
|
@ -3,9 +3,7 @@ FROM docker.io/nginxinc/nginx-unprivileged:latest
|
||||||
COPY LICENSE /licenses/LICENSE.txt
|
COPY LICENSE /licenses/LICENSE.txt
|
||||||
COPY LICENSE /LICENSE
|
COPY LICENSE /LICENSE
|
||||||
|
|
||||||
COPY nginx.conf "/etc/nginx/nginx.conf.template"
|
COPY 10-listen-on-ipv6-by-default.sh /docker-entrypoint.d
|
||||||
COPY start.sh /start.sh
|
COPY 15-set-env-variables.envsh /docker-entrypoint.d
|
||||||
|
|
||||||
STOPSIGNAL SIGQUIT
|
COPY templates/ /etc/nginx/templates
|
||||||
|
|
||||||
ENTRYPOINT ["/start.sh"]
|
|
||||||
|
|
104
nginx/nginx.conf
104
nginx/nginx.conf
|
@ -1,104 +0,0 @@
|
||||||
# NOTE: This file is generated on startup. See /start.sh
|
|
||||||
worker_processes auto;
|
|
||||||
error_log /var/log/nginx/error.log;
|
|
||||||
pid /tmp/nginx.pid;
|
|
||||||
|
|
||||||
# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.
|
|
||||||
include /usr/share/nginx/modules/*.conf;
|
|
||||||
|
|
||||||
events {
|
|
||||||
worker_connections 1024;
|
|
||||||
}
|
|
||||||
|
|
||||||
http {
|
|
||||||
map $http_upgrade $connection_upgrade {
|
|
||||||
default upgrade;
|
|
||||||
'' close;
|
|
||||||
}
|
|
||||||
|
|
||||||
client_body_temp_path /tmp/client_temp;
|
|
||||||
proxy_temp_path /tmp/proxy_temp_path;
|
|
||||||
fastcgi_temp_path /tmp/fastcgi_temp;
|
|
||||||
uwsgi_temp_path /tmp/uwsgi_temp;
|
|
||||||
scgi_temp_path /tmp/scgi_temp;
|
|
||||||
|
|
||||||
# events {
|
|
||||||
# worker_connections 1000;
|
|
||||||
# }
|
|
||||||
|
|
||||||
upstream server {
|
|
||||||
server $IMMICH_SERVER_HOST;
|
|
||||||
keepalive 2;
|
|
||||||
}
|
|
||||||
|
|
||||||
upstream web {
|
|
||||||
server $IMMICH_WEB_HOST;
|
|
||||||
keepalive 2;
|
|
||||||
}
|
|
||||||
|
|
||||||
server {
|
|
||||||
|
|
||||||
# Compression
|
|
||||||
gzip on;
|
|
||||||
gzip_comp_level 2;
|
|
||||||
gzip_min_length 1000;
|
|
||||||
gzip_proxied any;
|
|
||||||
gzip_types
|
|
||||||
application/javascript
|
|
||||||
application/json
|
|
||||||
font/truetype
|
|
||||||
image/svg+xml
|
|
||||||
text/css
|
|
||||||
text/html;
|
|
||||||
gzip_vary on;
|
|
||||||
gunzip on;
|
|
||||||
|
|
||||||
client_max_body_size 50000M;
|
|
||||||
|
|
||||||
listen 8080;
|
|
||||||
|
|
||||||
access_log off;
|
|
||||||
|
|
||||||
location /api {
|
|
||||||
|
|
||||||
proxy_buffering off;
|
|
||||||
proxy_buffer_size 16k;
|
|
||||||
proxy_busy_buffers_size 24k;
|
|
||||||
proxy_buffers 64 4k;
|
|
||||||
proxy_force_ranges on;
|
|
||||||
|
|
||||||
proxy_http_version 1.1;
|
|
||||||
proxy_set_header Host $host;
|
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
|
||||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
||||||
proxy_set_header X-Forwarded-Proto $scheme;
|
|
||||||
proxy_set_header Upgrade $http_upgrade;
|
|
||||||
proxy_set_header Connection $connection_upgrade;
|
|
||||||
proxy_set_header Host $host;
|
|
||||||
|
|
||||||
rewrite /api/(.*) /$1 break;
|
|
||||||
|
|
||||||
proxy_pass ${IMMICH_SERVER_SCHEME}server;
|
|
||||||
}
|
|
||||||
|
|
||||||
location / {
|
|
||||||
|
|
||||||
proxy_buffering off;
|
|
||||||
proxy_buffer_size 16k;
|
|
||||||
proxy_busy_buffers_size 24k;
|
|
||||||
proxy_buffers 64 4k;
|
|
||||||
proxy_force_ranges on;
|
|
||||||
|
|
||||||
proxy_http_version 1.1;
|
|
||||||
proxy_set_header Host $host;
|
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
|
||||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
||||||
proxy_set_header X-Forwarded-Proto $scheme;
|
|
||||||
proxy_set_header Upgrade $http_upgrade;
|
|
||||||
proxy_set_header Connection $connection_upgrade;
|
|
||||||
proxy_set_header Host $host;
|
|
||||||
|
|
||||||
proxy_pass ${IMMICH_WEB_SCHEME}web;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
77
nginx/templates/default.conf.template
Normal file
77
nginx/templates/default.conf.template
Normal file
|
@ -0,0 +1,77 @@
|
||||||
|
map $http_upgrade $connection_upgrade {
|
||||||
|
default upgrade;
|
||||||
|
'' close;
|
||||||
|
}
|
||||||
|
|
||||||
|
upstream server {
|
||||||
|
server ${IMMICH_SERVER_HOST};
|
||||||
|
keepalive 2;
|
||||||
|
}
|
||||||
|
|
||||||
|
upstream web {
|
||||||
|
server ${IMMICH_WEB_HOST};
|
||||||
|
keepalive 2;
|
||||||
|
}
|
||||||
|
|
||||||
|
server {
|
||||||
|
listen 8080;
|
||||||
|
|
||||||
|
access_log off;
|
||||||
|
client_max_body_size 50000M;
|
||||||
|
|
||||||
|
# Compression
|
||||||
|
gzip off;
|
||||||
|
gzip_comp_level 2;
|
||||||
|
gzip_min_length 1000;
|
||||||
|
gzip_proxied any;
|
||||||
|
gzip_vary on;
|
||||||
|
gunzip on;
|
||||||
|
|
||||||
|
# text/html is included by default
|
||||||
|
gzip_types
|
||||||
|
application/javascript
|
||||||
|
application/json
|
||||||
|
font/ttf
|
||||||
|
image/svg+xml
|
||||||
|
text/css;
|
||||||
|
|
||||||
|
location /api {
|
||||||
|
proxy_buffering off;
|
||||||
|
proxy_buffer_size 16k;
|
||||||
|
proxy_busy_buffers_size 24k;
|
||||||
|
proxy_buffers 64 4k;
|
||||||
|
proxy_force_ranges on;
|
||||||
|
|
||||||
|
proxy_http_version 1.1;
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
|
proxy_set_header Upgrade $http_upgrade;
|
||||||
|
proxy_set_header Connection $connection_upgrade;
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
|
||||||
|
rewrite /api/(.*) /$1 break;
|
||||||
|
|
||||||
|
proxy_pass ${IMMICH_SERVER_SCHEME}server;
|
||||||
|
}
|
||||||
|
|
||||||
|
location / {
|
||||||
|
proxy_buffering off;
|
||||||
|
proxy_buffer_size 16k;
|
||||||
|
proxy_busy_buffers_size 24k;
|
||||||
|
proxy_buffers 64 4k;
|
||||||
|
proxy_force_ranges on;
|
||||||
|
|
||||||
|
proxy_http_version 1.1;
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
|
proxy_set_header Upgrade $http_upgrade;
|
||||||
|
proxy_set_header Connection $connection_upgrade;
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
|
||||||
|
proxy_pass ${IMMICH_WEB_SCHEME}web;
|
||||||
|
}
|
||||||
|
}
|
Loading…
Reference in a new issue