0
Fork 0
mirror of https://github.com/immich-app/immich.git synced 2025-01-21 00:52:43 -05:00

feat(nginx): refactor + ipv6 (#1763)

* feat(nginx): refactor + ipv6 + increased buffer

* Revert changes to proxy buffering

* remove commented lines
This commit is contained in:
Michel Heusschen 2023-02-15 22:21:52 +01:00 committed by GitHub
parent b660240059
commit 7cfb257c00
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
5 changed files with 125 additions and 114 deletions

View file

@ -0,0 +1,44 @@
#!/bin/sh
# vim:sw=4:ts=4:et
set -e
entrypoint_log() {
if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then
echo "$@"
fi
}
ME=$(basename $0)
DEFAULT_CONF_FILE="etc/nginx/conf.d/default.conf"
# check if we have ipv6 available
if [ ! -f "/proc/net/if_inet6" ]; then
entrypoint_log "$ME: info: ipv6 not available"
exit 0
fi
if [ ! -f "/$DEFAULT_CONF_FILE" ]; then
entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE is not a file or does not exist"
exit 0
fi
# check if the file can be modified, e.g. not on a r/o filesystem
touch /$DEFAULT_CONF_FILE 2>/dev/null || { entrypoint_log "$ME: info: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; }
# check if the file is already modified, e.g. on a container restart
grep -q "listen \[::]\:8080;" /$DEFAULT_CONF_FILE && { entrypoint_log "$ME: info: IPv6 listen already enabled"; exit 0; }
if [ -f "/etc/os-release" ]; then
. /etc/os-release
else
entrypoint_log "$ME: info: can not guess the operating system"
exit 0
fi
# enable ipv6 on default.conf listen sockets
sed -i -E 's,listen 8080;,listen 8080;\n listen [::]:8080;,' /$DEFAULT_CONF_FILE
entrypoint_log "$ME: info: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE"
exit 0

View file

@ -1,4 +1,4 @@
#! /bin/sh
#!/bin/sh
set -e
export IMMICH_WEB_URL="${IMMICH_WEB_URL:-http://immich-web:3000}"
@ -11,7 +11,3 @@ IMMICH_SERVER_SCHEME=$(echo "$IMMICH_WEB_URL" | grep -Eo '^https?://' || echo "h
export IMMICH_SERVER_SCHEME
IMMICH_SERVER_HOST=$(echo "$IMMICH_SERVER_URL" | cut -d '/' -f 3)
export IMMICH_SERVER_HOST
envsubst '$IMMICH_WEB_SCHEME $IMMICH_WEB_HOST $IMMICH_SERVER_SCHEME $IMMICH_SERVER_HOST' < /etc/nginx/nginx.conf.template > /etc/nginx/nginx.conf
exec nginx -g 'daemon off;'

View file

@ -3,9 +3,7 @@ FROM docker.io/nginxinc/nginx-unprivileged:latest
COPY LICENSE /licenses/LICENSE.txt
COPY LICENSE /LICENSE
COPY nginx.conf "/etc/nginx/nginx.conf.template"
COPY start.sh /start.sh
COPY 10-listen-on-ipv6-by-default.sh /docker-entrypoint.d
COPY 15-set-env-variables.envsh /docker-entrypoint.d
STOPSIGNAL SIGQUIT
ENTRYPOINT ["/start.sh"]
COPY templates/ /etc/nginx/templates

View file

@ -1,104 +0,0 @@
# NOTE: This file is generated on startup. See /start.sh
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /tmp/nginx.pid;
# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;
events {
worker_connections 1024;
}
http {
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
client_body_temp_path /tmp/client_temp;
proxy_temp_path /tmp/proxy_temp_path;
fastcgi_temp_path /tmp/fastcgi_temp;
uwsgi_temp_path /tmp/uwsgi_temp;
scgi_temp_path /tmp/scgi_temp;
# events {
# worker_connections 1000;
# }
upstream server {
server $IMMICH_SERVER_HOST;
keepalive 2;
}
upstream web {
server $IMMICH_WEB_HOST;
keepalive 2;
}
server {
# Compression
gzip on;
gzip_comp_level 2;
gzip_min_length 1000;
gzip_proxied any;
gzip_types
application/javascript
application/json
font/truetype
image/svg+xml
text/css
text/html;
gzip_vary on;
gunzip on;
client_max_body_size 50000M;
listen 8080;
access_log off;
location /api {
proxy_buffering off;
proxy_buffer_size 16k;
proxy_busy_buffers_size 24k;
proxy_buffers 64 4k;
proxy_force_ranges on;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_set_header Host $host;
rewrite /api/(.*) /$1 break;
proxy_pass ${IMMICH_SERVER_SCHEME}server;
}
location / {
proxy_buffering off;
proxy_buffer_size 16k;
proxy_busy_buffers_size 24k;
proxy_buffers 64 4k;
proxy_force_ranges on;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_set_header Host $host;
proxy_pass ${IMMICH_WEB_SCHEME}web;
}
}
}

View file

@ -0,0 +1,77 @@
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
upstream server {
server ${IMMICH_SERVER_HOST};
keepalive 2;
}
upstream web {
server ${IMMICH_WEB_HOST};
keepalive 2;
}
server {
listen 8080;
access_log off;
client_max_body_size 50000M;
# Compression
gzip off;
gzip_comp_level 2;
gzip_min_length 1000;
gzip_proxied any;
gzip_vary on;
gunzip on;
# text/html is included by default
gzip_types
application/javascript
application/json
font/ttf
image/svg+xml
text/css;
location /api {
proxy_buffering off;
proxy_buffer_size 16k;
proxy_busy_buffers_size 24k;
proxy_buffers 64 4k;
proxy_force_ranges on;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_set_header Host $host;
rewrite /api/(.*) /$1 break;
proxy_pass ${IMMICH_SERVER_SCHEME}server;
}
location / {
proxy_buffering off;
proxy_buffer_size 16k;
proxy_busy_buffers_size 24k;
proxy_buffers 64 4k;
proxy_force_ranges on;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_set_header Host $host;
proxy_pass ${IMMICH_WEB_SCHEME}web;
}
}