Remove http2 because it probably provides absolutely no benefit for a nostr client.
This commit is contained in:
parent
18884a4efb
commit
f7d7a58f74
@ -1,8 +1,48 @@
|
|||||||
---
|
---
|
||||||
- name: strfry | Configure nginx
|
- name: strfry | Configure nginx
|
||||||
ansible.builtin.import_role:
|
ansible.builtin.import_role:
|
||||||
name: nginxinc.nginx_core.nginx_config
|
name: nginx_core.nginx_config
|
||||||
vars:
|
vars:
|
||||||
|
# afaict, overriding any numeric values in the main nginx config requires replacing the entire dictionary.
|
||||||
|
# See: https://github.com/nginxinc/ansible-role-nginx-config/issues/352
|
||||||
|
# The only difference between this and the main nginx config is the worker_rlimit_nofile value and worker_connections.
|
||||||
|
nginx_config_main_template_enable: true
|
||||||
|
nginx_config_main_template:
|
||||||
|
template_file: nginx.conf.j2
|
||||||
|
deployment_location: /etc/nginx/nginx.conf
|
||||||
|
backup: false
|
||||||
|
config: # https://nginx.org/en/docs/ngx_core_module.html
|
||||||
|
main:
|
||||||
|
user:
|
||||||
|
username: nginx
|
||||||
|
group: nginx
|
||||||
|
worker_processes: auto
|
||||||
|
error_log:
|
||||||
|
file: /var/log/nginx/error.log
|
||||||
|
level: notice
|
||||||
|
pid: /var/run/nginx.pid
|
||||||
|
|
||||||
|
# worker_rlimit_nofile changes the limit on the maximum number of open files (RLIMIT_NOFILE) for worker processes.
|
||||||
|
# Used to increase the limit without restarting the main process.
|
||||||
|
# The recomended value seems to be worker_connections * 2
|
||||||
|
worker_rlimit_nofile: 12288
|
||||||
|
|
||||||
|
events:
|
||||||
|
worker_connections: 4096
|
||||||
|
|
||||||
|
# include: # String or a list of strings
|
||||||
|
# - /etc/nginx/modules.conf
|
||||||
|
http: # https://nginx.org/en/docs/http/ngx_http_core_module.html
|
||||||
|
default_type: application/octet-stream
|
||||||
|
sendfile: true
|
||||||
|
server_tokens: false
|
||||||
|
tcp_nodelay: true
|
||||||
|
tcp_nopush: true
|
||||||
|
include:
|
||||||
|
- /etc/nginx/mime.types
|
||||||
|
- /etc/nginx/http.conf # These are shared http level configs that nginx_conf refuses to directly configure.
|
||||||
|
- /etc/nginx/conf.d/*.conf
|
||||||
|
|
||||||
nginx_config_http_template_enable: true
|
nginx_config_http_template_enable: true
|
||||||
nginx_config_http_template:
|
nginx_config_http_template:
|
||||||
- template_file: http/default.conf.j2
|
- template_file: http/default.conf.j2
|
||||||
@ -20,8 +60,9 @@
|
|||||||
- address: "{{ default_interface_ipv4_address|default(ansible_default_ipv4.address) }}:{{ nginx_strfry_https_port|default(443) }} ssl"
|
- address: "{{ default_interface_ipv4_address|default(ansible_default_ipv4.address) }}:{{ nginx_strfry_https_port|default(443) }} ssl"
|
||||||
include:
|
include:
|
||||||
- "/etc/nginx/acme_{{ nginx_strfry_domain }}.conf"
|
- "/etc/nginx/acme_{{ nginx_strfry_domain }}.conf"
|
||||||
- /etc/nginx/enable_http2.conf
|
|
||||||
client_max_body_size: 0 # Stream request body to backend
|
client_max_body_size: 0 # Stream request body to backend
|
||||||
|
http2:
|
||||||
|
enable: true
|
||||||
locations:
|
locations:
|
||||||
- location: /
|
- location: /
|
||||||
proxy:
|
proxy:
|
||||||
@ -39,3 +80,53 @@
|
|||||||
connect_timeout: 3m
|
connect_timeout: 3m
|
||||||
send_timeout: 3m
|
send_timeout: 3m
|
||||||
read_timeout: 3m
|
read_timeout: 3m
|
||||||
|
|
||||||
|
- template_file: http/default.conf.j2
|
||||||
|
deployment_location: /etc/nginx/http.conf
|
||||||
|
backup: false
|
||||||
|
config:
|
||||||
|
core:
|
||||||
|
default_type: application/octet-stream
|
||||||
|
sendfile: true
|
||||||
|
server_tokens: false
|
||||||
|
tcp_nodelay: true
|
||||||
|
tcp_nopush: true
|
||||||
|
resolver: # required for oscp stapling
|
||||||
|
address:
|
||||||
|
- '1.1.1.1'
|
||||||
|
- '8.8.8.8'
|
||||||
|
resolver_timeout: 10s
|
||||||
|
log:
|
||||||
|
format:
|
||||||
|
- name: main
|
||||||
|
format: |
|
||||||
|
'$remote_addr - $remote_user [$time_local] "$request" '
|
||||||
|
'$status $body_bytes_sent "$http_referer" '
|
||||||
|
'"$http_user_agent" "$http_x_forwarded_for" "$realip_remote_addr"'
|
||||||
|
gzip: # https://nginx.org/en/docs/http/ngx_http_gzip_module.html
|
||||||
|
enable: true
|
||||||
|
comp_level: 3
|
||||||
|
disable: "msie6"
|
||||||
|
min_length: 1100
|
||||||
|
proxied: any
|
||||||
|
types:
|
||||||
|
- text/plain
|
||||||
|
- text/css
|
||||||
|
- application/x-javascript
|
||||||
|
- text/xml
|
||||||
|
- application/xml
|
||||||
|
vary: true
|
||||||
|
|
||||||
|
- template_file: http/default.conf.j2
|
||||||
|
deployment_location: "/etc/nginx/conf.d/mappings.conf"
|
||||||
|
backup: false
|
||||||
|
config:
|
||||||
|
map:
|
||||||
|
mappings: # https://nginx.org/en/docs/http/websocket.html
|
||||||
|
- string: $http_upgrade
|
||||||
|
variable: $connection_upgrade
|
||||||
|
content:
|
||||||
|
- value: default
|
||||||
|
new_value: upgrade
|
||||||
|
- value: "''"
|
||||||
|
new_value: close
|
||||||
|
Loading…
Reference in New Issue
Block a user