From 9c0b1ac8ce15c1f7f2d2a89a1a25327c765fac43 Mon Sep 17 00:00:00 2001 From: Disassembler Date: Fri, 9 Feb 2018 14:31:55 +0100 Subject: [PATCH] Prolong nginx timeouts and simplify proxy rules --- basic/etc/nginx/nginx.conf | 10 ++++++++-- ckan/etc/nginx/conf.d/ckan.conf | 3 --- crisiscleanup/etc/nginx/conf.d/crisiscleanup.conf | 3 --- cts/docker/etc/nginx/nginx.conf | 6 ++++-- cts/etc/nginx/conf.d/cts.conf | 3 --- gnuhealth/etc/nginx/conf.d/gnuhealth.conf | 3 --- kanboard/docker/etc/nginx/nginx.conf | 2 -- kanboard/etc/nginx/conf.d/kanboard.conf | 3 --- mifosx/etc/nginx/conf.d/mifosx.conf | 3 --- motech/etc/nginx/conf.d/motech.conf | 3 --- openmapkit/etc/nginx/conf.d/openmapkit.conf | 3 --- pandora/docker/etc/nginx/nginx.conf | 8 ++++---- pandora/etc/nginx/conf.d/pandora.conf | 3 --- pandora/srv/pandora/conf/gunicorn_config.py | 2 +- sahana/etc/nginx/conf.d/sahana.conf | 3 --- sambro/etc/nginx/conf.d/sambro.conf | 3 --- seeddms/docker/etc/nginx/nginx.conf | 2 -- seeddms/etc/nginx/conf.d/seeddms.conf | 3 --- sigmah/etc/nginx/conf.d/sigmah.conf | 3 --- ushahidi/docker/etc/nginx/nginx.conf | 2 -- ushahidi/etc/nginx/conf.d/ushahidi.conf | 3 --- 21 files changed, 17 insertions(+), 57 deletions(-) diff --git a/basic/etc/nginx/nginx.conf b/basic/etc/nginx/nginx.conf index f0d839d..bb55de2 100644 --- a/basic/etc/nginx/nginx.conf +++ b/basic/etc/nginx/nginx.conf @@ -14,9 +14,7 @@ http { server_tokens off; client_max_body_size 100m; - keepalive_timeout 65; sendfile on; - tcp_nodelay on; gzip_vary on; ssl_protocols TLSv1.2; @@ -29,5 +27,13 @@ http { log_format main '$remote_addr - $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent" "$http_x_forwarded_for"'; access_log /var/log/nginx/access.log main; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header X-Forwarded-Host $host:$server_port; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_connect_timeout 300; + proxy_send_timeout 300; + proxy_read_timeout 300; + send_timeout 300; + include /etc/nginx/conf.d/*.conf; } diff --git a/ckan/etc/nginx/conf.d/ckan.conf b/ckan/etc/nginx/conf.d/ckan.conf index 5c902b0..a149bd9 100644 --- a/ckan/etc/nginx/conf.d/ckan.conf +++ b/ckan/etc/nginx/conf.d/ckan.conf @@ -6,9 +6,6 @@ server { error_log /var/log/nginx/ckan.error.log; location / { - proxy_set_header X-Forwarded-For $remote_addr; - proxy_set_header X-Forwarded-Host $host:$server_port; - proxy_set_header X-Forwarded-Proto $scheme; proxy_pass http://127.0.0.1:8003; } } diff --git a/crisiscleanup/etc/nginx/conf.d/crisiscleanup.conf b/crisiscleanup/etc/nginx/conf.d/crisiscleanup.conf index 2f2586f..a8a1d82 100644 --- a/crisiscleanup/etc/nginx/conf.d/crisiscleanup.conf +++ b/crisiscleanup/etc/nginx/conf.d/crisiscleanup.conf @@ -6,9 +6,6 @@ server { error_log /var/log/nginx/crisiscleanup.error.log; location / { - proxy_set_header X-Forwarded-For $remote_addr; - proxy_set_header X-Forwarded-Host $host:$server_port; - proxy_set_header X-Forwarded-Proto $scheme; proxy_pass http://127.0.0.1:8005; } } diff --git a/cts/docker/etc/nginx/nginx.conf b/cts/docker/etc/nginx/nginx.conf index 25e88f7..bce57c7 100644 --- a/cts/docker/etc/nginx/nginx.conf +++ b/cts/docker/etc/nginx/nginx.conf @@ -14,9 +14,8 @@ http { access_log off; server_tokens off; client_max_body_size 100m; - keepalive_timeout 65; sendfile on; - tcp_nodelay on; + send_timeout 300; server { listen 8006; @@ -56,6 +55,9 @@ http { proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header X-Forwarded-Host $host:$server_port; proxy_set_header X-Forwarded-Proto $scheme; + proxy_connect_timeout 300; + proxy_send_timeout 300; + proxy_read_timeout 300; proxy_pass http://127.0.0.1:8000; } } diff --git a/cts/etc/nginx/conf.d/cts.conf b/cts/etc/nginx/conf.d/cts.conf index bc09102..7aaf6a1 100644 --- a/cts/etc/nginx/conf.d/cts.conf +++ b/cts/etc/nginx/conf.d/cts.conf @@ -6,9 +6,6 @@ server { error_log /var/log/nginx/cts.error.log; location / { - proxy_set_header X-Forwarded-For $remote_addr; - proxy_set_header X-Forwarded-Host $host:$server_port; - proxy_set_header X-Forwarded-Proto $scheme; proxy_pass http://127.0.0.1:8006; } } diff --git a/gnuhealth/etc/nginx/conf.d/gnuhealth.conf b/gnuhealth/etc/nginx/conf.d/gnuhealth.conf index 8adecb6..e444dbd 100644 --- a/gnuhealth/etc/nginx/conf.d/gnuhealth.conf +++ b/gnuhealth/etc/nginx/conf.d/gnuhealth.conf @@ -6,9 +6,6 @@ server { error_log /var/log/nginx/gnuhealth.error.log; location / { - proxy_set_header X-Forwarded-For $remote_addr; - proxy_set_header X-Forwarded-Host $host:$server_port; - proxy_set_header X-Forwarded-Proto $scheme; proxy_pass http://127.0.0.1:8008; } } diff --git a/kanboard/docker/etc/nginx/nginx.conf b/kanboard/docker/etc/nginx/nginx.conf index 82d694e..668ace7 100644 --- a/kanboard/docker/etc/nginx/nginx.conf +++ b/kanboard/docker/etc/nginx/nginx.conf @@ -14,9 +14,7 @@ http { access_log off; server_tokens off; client_max_body_size 100m; - keepalive_timeout 65; sendfile on; - tcp_nodelay on; server { listen 8009; diff --git a/kanboard/etc/nginx/conf.d/kanboard.conf b/kanboard/etc/nginx/conf.d/kanboard.conf index f5d51d5..01526fb 100644 --- a/kanboard/etc/nginx/conf.d/kanboard.conf +++ b/kanboard/etc/nginx/conf.d/kanboard.conf @@ -6,9 +6,6 @@ server { error_log /var/log/nginx/kanboard.error.log; location / { - proxy_set_header X-Forwarded-For $remote_addr; - proxy_set_header X-Forwarded-Host $host:$server_port; - proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-HTTPS $https; proxy_set_header X-Forwarded-Server-Name $host; proxy_set_header X-Forwarded-Server-Port $server_port; diff --git a/mifosx/etc/nginx/conf.d/mifosx.conf b/mifosx/etc/nginx/conf.d/mifosx.conf index 57836cc..923fda0 100644 --- a/mifosx/etc/nginx/conf.d/mifosx.conf +++ b/mifosx/etc/nginx/conf.d/mifosx.conf @@ -6,9 +6,6 @@ server { error_log /var/log/nginx/mifosx.error.log; location / { - proxy_set_header X-Forwarded-For $remote_addr; - proxy_set_header X-Forwarded-Host $host:$server_port; - proxy_set_header X-Forwarded-Proto $scheme; proxy_pass http://127.0.0.1:8012; } } diff --git a/motech/etc/nginx/conf.d/motech.conf b/motech/etc/nginx/conf.d/motech.conf index f9ec99a..81a6318 100644 --- a/motech/etc/nginx/conf.d/motech.conf +++ b/motech/etc/nginx/conf.d/motech.conf @@ -6,9 +6,6 @@ server { error_log /var/log/nginx/motech.error.log; location / { - proxy_set_header X-Forwarded-For $remote_addr; - proxy_set_header X-Forwarded-Host $host:$server_port; - proxy_set_header X-Forwarded-Proto $scheme; proxy_pass http://127.0.0.1:8013; } } diff --git a/openmapkit/etc/nginx/conf.d/openmapkit.conf b/openmapkit/etc/nginx/conf.d/openmapkit.conf index 6d99c12..e3b1f26 100644 --- a/openmapkit/etc/nginx/conf.d/openmapkit.conf +++ b/openmapkit/etc/nginx/conf.d/openmapkit.conf @@ -6,9 +6,6 @@ server { error_log /var/log/nginx/openmapkit.error.log; location / { - proxy_set_header X-Forwarded-For $remote_addr; - proxy_set_header X-Forwarded-Host $host:$server_port; - proxy_set_header X-Forwarded-Proto $scheme; proxy_pass http://127.0.0.1:8007; } } diff --git a/pandora/docker/etc/nginx/nginx.conf b/pandora/docker/etc/nginx/nginx.conf index 95fa09e..2a89f83 100644 --- a/pandora/docker/etc/nginx/nginx.conf +++ b/pandora/docker/etc/nginx/nginx.conf @@ -14,9 +14,8 @@ http { access_log off; server_tokens off; client_max_body_size 100m; - keepalive_timeout 65; sendfile on; - tcp_nodelay on; + send_timeout 300; server { listen 8002; @@ -42,8 +41,9 @@ http { proxy_set_header X-Forwarded-Proto $scheme; proxy_redirect off; proxy_buffering off; - proxy_read_timeout 90; - proxy_connect_timeout 90; + proxy_connect_timeout 300; + proxy_send_timeout 300; + proxy_read_timeout 300; if (!-f $request_filename) { proxy_pass http://127.0.0.1:2620; break; diff --git a/pandora/etc/nginx/conf.d/pandora.conf b/pandora/etc/nginx/conf.d/pandora.conf index de90df6..236197a 100644 --- a/pandora/etc/nginx/conf.d/pandora.conf +++ b/pandora/etc/nginx/conf.d/pandora.conf @@ -6,9 +6,6 @@ server { error_log /var/log/nginx/pandora.error.log; location / { - proxy_set_header X-Forwarded-For $remote_addr; - proxy_set_header X-Forwarded-Host $host:$server_port; - proxy_set_header X-Forwarded-Proto $scheme; proxy_pass http://127.0.0.1:8002; } } diff --git a/pandora/srv/pandora/conf/gunicorn_config.py b/pandora/srv/pandora/conf/gunicorn_config.py index 4e8137f..77b7b0a 100644 --- a/pandora/srv/pandora/conf/gunicorn_config.py +++ b/pandora/srv/pandora/conf/gunicorn_config.py @@ -1,5 +1,5 @@ bind="127.0.0.1:2620" log_level="info" max_requests=1000 -timeout=90 +timeout=300 workers=5 diff --git a/sahana/etc/nginx/conf.d/sahana.conf b/sahana/etc/nginx/conf.d/sahana.conf index 3c32ff5..6a2aafd 100644 --- a/sahana/etc/nginx/conf.d/sahana.conf +++ b/sahana/etc/nginx/conf.d/sahana.conf @@ -6,9 +6,6 @@ server { error_log /var/log/nginx/sahana.error.log; location / { - proxy_set_header X-Forwarded-For $remote_addr; - proxy_set_header X-Forwarded-Host $host:$server_port; - proxy_set_header X-Forwarded-Proto $scheme; proxy_pass http://127.0.0.1:8001; } } diff --git a/sambro/etc/nginx/conf.d/sambro.conf b/sambro/etc/nginx/conf.d/sambro.conf index 4d2dc88..08bf605 100644 --- a/sambro/etc/nginx/conf.d/sambro.conf +++ b/sambro/etc/nginx/conf.d/sambro.conf @@ -6,9 +6,6 @@ server { error_log /var/log/nginx/sambro.error.log; location / { - proxy_set_header X-Forwarded-For $remote_addr; - proxy_set_header X-Forwarded-Host $host:$server_port; - proxy_set_header X-Forwarded-Proto $scheme; proxy_pass http://127.0.0.1:8099; } } diff --git a/seeddms/docker/etc/nginx/nginx.conf b/seeddms/docker/etc/nginx/nginx.conf index ea48df2..bee4c33 100644 --- a/seeddms/docker/etc/nginx/nginx.conf +++ b/seeddms/docker/etc/nginx/nginx.conf @@ -14,9 +14,7 @@ http { access_log off; server_tokens off; client_max_body_size 100m; - keepalive_timeout 65; sendfile on; - tcp_nodelay on; server { listen 8010; diff --git a/seeddms/etc/nginx/conf.d/seeddms.conf b/seeddms/etc/nginx/conf.d/seeddms.conf index 4496e13..4396b24 100644 --- a/seeddms/etc/nginx/conf.d/seeddms.conf +++ b/seeddms/etc/nginx/conf.d/seeddms.conf @@ -6,9 +6,6 @@ server { error_log /var/log/nginx/seeddms.error.log; location / { - proxy_set_header X-Forwarded-For $remote_addr; - proxy_set_header X-Forwarded-Host $host:$server_port; - proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-HTTPS $https; proxy_set_header X-Forwarded-Server-Name $host; proxy_set_header X-Forwarded-Server-Port $server_port; diff --git a/sigmah/etc/nginx/conf.d/sigmah.conf b/sigmah/etc/nginx/conf.d/sigmah.conf index 6d64b6c..810dc54 100644 --- a/sigmah/etc/nginx/conf.d/sigmah.conf +++ b/sigmah/etc/nginx/conf.d/sigmah.conf @@ -6,9 +6,6 @@ server { error_log /var/log/nginx/sigmah.error.log; location / { - proxy_set_header X-Forwarded-For $remote_addr; - proxy_set_header X-Forwarded-Host $host:$server_port; - proxy_set_header X-Forwarded-Proto $scheme; proxy_pass http://127.0.0.1:8011; } } diff --git a/ushahidi/docker/etc/nginx/nginx.conf b/ushahidi/docker/etc/nginx/nginx.conf index e9a2a54..68ae125 100644 --- a/ushahidi/docker/etc/nginx/nginx.conf +++ b/ushahidi/docker/etc/nginx/nginx.conf @@ -14,9 +14,7 @@ http { access_log off; server_tokens off; client_max_body_size 100m; - keepalive_timeout 65; sendfile on; - tcp_nodelay on; server { listen 8014; diff --git a/ushahidi/etc/nginx/conf.d/ushahidi.conf b/ushahidi/etc/nginx/conf.d/ushahidi.conf index 3c88ecc..1c83afd 100644 --- a/ushahidi/etc/nginx/conf.d/ushahidi.conf +++ b/ushahidi/etc/nginx/conf.d/ushahidi.conf @@ -6,9 +6,6 @@ server { error_log /var/log/nginx/ushahidi.error.log; location / { - proxy_set_header X-Forwarded-For $remote_addr; - proxy_set_header X-Forwarded-Host $host:$server_port; - proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-HTTPS $https; proxy_set_header X-Forwarded-Server-Name $host; proxy_set_header X-Forwarded-Server-Port $server_port;