From 50fc1599beda611546d74d667ae5fc9305c38734 Mon Sep 17 00:00:00 2001 From: Rider Linden Date: Mon, 30 Jun 2025 22:32:35 +0000 Subject: [PATCH 1/3] adding keepalives to upstream connection --- README.md | 2 +- src/etc/nginx/conf.d/default.conf.template | 9 +++++++-- 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index e8de132..08041ec 100644 --- a/README.md +++ b/README.md @@ -88,4 +88,4 @@ Notable differences from the official [nginx container][] [nginx container]: https://hub.docker.com/_/nginx [gomplate]: https://docs.gomplate.ca/ [uwsgi]: https://uwsgi-docs.readthedocs.io/en/latest/ -[nginx status]: https://nginx.org/en/docs/http/ngx_http_stub_status_module.html +[nginx status]: https://nginx.org/en/docs/http/ngx_http_stub_status_module.html \ No newline at end of file diff --git a/src/etc/nginx/conf.d/default.conf.template b/src/etc/nginx/conf.d/default.conf.template index 1bc6888..9a3c62f 100644 --- a/src/etc/nginx/conf.d/default.conf.template +++ b/src/etc/nginx/conf.d/default.conf.template @@ -1,4 +1,4 @@ -# Default configuration returns 400 in order to deny any request with an +# Default configuration returns 400 in order to deny any request with an # unrecognized host header (server_name.) {{ if (ne .Env.SERVER_NAME "_") }} server { @@ -10,6 +10,8 @@ server { upstream app { server {{ .Env.UPSTREAM_SERVER }}; + + keepalive 8; # The maximum number of idle keepalive connections to upstream servers. } server { @@ -21,7 +23,10 @@ server { add_header X-Frame-Options "SAMEORIGIN"; add_header X-XSS-Protection "1; mode=block"; add_header X-Content-Type-Options "nosniff"; - + + proxy_http_version 1.1; + proxy_set_header "Connection" ""; + location / { {{ if (eq .Env.PROXY_UWSGI "1") }} include /etc/nginx/includes/uwsgi.conf; From 2baa5be7cca83e9779ccef7ff06f66e9628c237b Mon Sep 17 00:00:00 2001 From: Rider Linden Date: Wed, 2 Jul 2025 20:26:32 +0000 Subject: [PATCH 2/3] Remove keepalive, update the number of FDs available to be twice the number of workers --- Dockerfile | 1 + README.md | 1 + src/docker-entrypoint.d/00-render-templates.sh | 2 ++ src/etc/nginx/conf.d/default.conf.template | 5 ----- src/etc/nginx/nginx.conf.template | 1 + 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/Dockerfile b/Dockerfile index c3e9f31..e3be2c3 100644 --- a/Dockerfile +++ b/Dockerfile @@ -16,6 +16,7 @@ ENV STATIC_LOCATIONS= ENV NO_ACCESS_LOGS=0 ENV LOG_ONLY_5XX=0 ENV WORKER_CONNECTIONS=1024 + EXPOSE 80 STOPSIGNAL SIGQUIT ENTRYPOINT ["/docker-entrypoint.sh"] diff --git a/README.md b/README.md index 08041ec..b2d56c7 100644 --- a/README.md +++ b/README.md @@ -28,6 +28,7 @@ Pair nginx-proxy with your favorite upstream server (wsgi, uwsgi, asgi, et al.) | `NO_ACCESS_LOGS` | disable access logs completely | No | 0 | 1 | | `LOG_ONLY_5XX` | only log 5XX HTTP status access events | No | 0 | 1 | | `WORKER_CONNECTIONS` | Set the number of allowed worker connections | No | 1024 | 2048 | +| `WORKER_FILE_LIMIT` | Set the number of available file descripters | No | 2*WORKER_CONNECTIONS | 4096 | ### Hosting Static Assets diff --git a/src/docker-entrypoint.d/00-render-templates.sh b/src/docker-entrypoint.d/00-render-templates.sh index b14c33a..0cd2c4b 100755 --- a/src/docker-entrypoint.d/00-render-templates.sh +++ b/src/docker-entrypoint.d/00-render-templates.sh @@ -16,6 +16,8 @@ function render_templates { done } +export WORKER_FILE_LIMIT=${WORKER_FILE_LIMIT:=$(( WORKER_CONNECTIONS * 2 ))} + render_templates "/etc/nginx/*.template" "/etc/nginx" render_templates "/etc/nginx/conf.d/*.template" "/etc/nginx/conf.d" render_templates "/etc/nginx/includes/*.template" "/etc/nginx/includes" diff --git a/src/etc/nginx/conf.d/default.conf.template b/src/etc/nginx/conf.d/default.conf.template index 9a3c62f..d4aa450 100644 --- a/src/etc/nginx/conf.d/default.conf.template +++ b/src/etc/nginx/conf.d/default.conf.template @@ -10,8 +10,6 @@ server { upstream app { server {{ .Env.UPSTREAM_SERVER }}; - - keepalive 8; # The maximum number of idle keepalive connections to upstream servers. } server { @@ -24,9 +22,6 @@ server { add_header X-XSS-Protection "1; mode=block"; add_header X-Content-Type-Options "nosniff"; - proxy_http_version 1.1; - proxy_set_header "Connection" ""; - location / { {{ if (eq .Env.PROXY_UWSGI "1") }} include /etc/nginx/includes/uwsgi.conf; diff --git a/src/etc/nginx/nginx.conf.template b/src/etc/nginx/nginx.conf.template index a7889b6..7210730 100644 --- a/src/etc/nginx/nginx.conf.template +++ b/src/etc/nginx/nginx.conf.template @@ -7,6 +7,7 @@ pid /var/run/nginx.pid; # Used to zap Server header load_module /usr/lib/nginx/modules/ngx_http_headers_more_filter_module.so; +worker_rlimit_nofile {{ .Env.WORKER_FILE_LIMIT }}; events { worker_connections {{ .Env.WORKER_CONNECTIONS }}; use epoll; From 6b0bcaa63185e3cdfe3cfc9b7d785ce4c0764400 Mon Sep 17 00:00:00 2001 From: Rider Linden Date: Wed, 2 Jul 2025 13:58:49 -0700 Subject: [PATCH 3/3] Update README.md Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index b2d56c7..45a6d87 100644 --- a/README.md +++ b/README.md @@ -28,7 +28,7 @@ Pair nginx-proxy with your favorite upstream server (wsgi, uwsgi, asgi, et al.) | `NO_ACCESS_LOGS` | disable access logs completely | No | 0 | 1 | | `LOG_ONLY_5XX` | only log 5XX HTTP status access events | No | 0 | 1 | | `WORKER_CONNECTIONS` | Set the number of allowed worker connections | No | 1024 | 2048 | -| `WORKER_FILE_LIMIT` | Set the number of available file descripters | No | 2*WORKER_CONNECTIONS | 4096 | +| `WORKER_FILE_LIMIT` | Set the number of available file descriptors | No | 2*WORKER_CONNECTIONS | 4096 | ### Hosting Static Assets