Merge pull request #2465 from osresearch/nginx-caching

Enable nginx caching and optimizations.
This commit is contained in:
Mouse Reeve 2022-12-11 10:40:38 -08:00 committed by GitHub
commit 91f8b0e15e
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 78 additions and 14 deletions

View file

@ -86,10 +86,8 @@ services:
restart: on-failure
flower:
build: .
command: celery -A celerywyrm flower --basic_auth=${FLOWER_USER}:${FLOWER_PASSWORD}
command: celery -A celerywyrm flower --basic_auth=${FLOWER_USER}:${FLOWER_PASSWORD} --url_prefix=flower
env_file: .env
ports:
- ${FLOWER_PORT}:${FLOWER_PORT}
volumes:
- .:/app
networks:

View file

@ -5,29 +5,75 @@ upstream web {
}
server {
access_log /var/log/nginx/access.log cache_log;
listen 80;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
#include /etc/nginx/mime.types;
#default_type application/octet-stream;
gzip on;
gzip_disable "msie6";
proxy_read_timeout 1800s;
chunked_transfer_encoding on;
# store responses to anonymous users for up to 1 minute
proxy_cache bookwyrm_cache;
proxy_cache_valid any 1m;
add_header X-Cache-Status $upstream_cache_status;
# ignore the set cookie header when deciding to
# store a response in the cache
proxy_ignore_headers Cache-Control Set-Cookie Expires;
# PUT requests always bypass the cache
# logged in sessions also do not populate the cache
# to avoid serving personal data to anonymous users
proxy_cache_methods GET HEAD;
proxy_no_cache $cookie_sessionid;
proxy_cache_bypass $cookie_sessionid;
# tell the web container the address of the outside client
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_redirect off;
# rate limit the login or password reset pages
location ~ ^/(login[^-/]|password-reset|resend-link|2fa-check) {
limit_req zone=loginlimit;
proxy_pass http://web;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_redirect off;
}
# do not log periodic polling requests from logged in users
location /api/updates/ {
access_log off;
proxy_pass http://web;
}
# forward any cache misses or bypass to the web container
location / {
proxy_pass http://web;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_redirect off;
}
location /images/ {
alias /app/images/;
# directly serve images and static files from the
# bookwyrm filesystem using sendfile.
# make the logs quieter by not reporting these requests
location ~ ^/(images|static)/ {
root /app;
try_files $uri =404;
add_header X-Cache-Status STATIC;
access_log off;
}
location /static/ {
alias /app/static/;
# monitor the celery queues with flower, no caching enabled
location /flower/ {
proxy_pass http://flower:8888;
proxy_cache_bypass 1;
}
}

View file

@ -1,2 +1,22 @@
client_max_body_size 10m;
limit_req_zone $binary_remote_addr zone=loginlimit:10m rate=1r/s;
# include the cache status in the log message
log_format cache_log '$upstream_cache_status - '
'$remote_addr [$time_local] '
'"$request" $status $body_bytes_sent '
'"$http_referer" "$http_user_agent" '
'$upstream_response_time $request_time';
# Create a cache for responses from the web app
proxy_cache_path
/var/cache/nginx/bookwyrm_cache
keys_zone=bookwyrm_cache:20m
loader_threshold=400
loader_files=400
max_size=400m;
# use the accept header as part of the cache key
# since activitypub endpoints have both HTML and JSON
# on the same URI.
proxy_cache_key $scheme$proxy_host$uri$is_args$args$http_accept;