112 lines
3.2 KiB
Nginx Configuration File
112 lines
3.2 KiB
Nginx Configuration File
user nginx;
|
|
worker_processes auto;
|
|
error_log /var/log/nginx/error.log warn;
|
|
pid /var/run/nginx.pid;
|
|
|
|
events {
|
|
worker_connections 4096; # Alta capacidad de conexiones concurrentes
|
|
use epoll; # Mejor rendimiento en Linux
|
|
}
|
|
|
|
http {
|
|
include /etc/nginx/mime.types;
|
|
default_type application/octet-stream;
|
|
|
|
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
|
|
'$status $body_bytes_sent "$http_referer" '
|
|
'"$http_user_agent" "$http_x_forwarded_for"';
|
|
|
|
access_log /var/log/nginx/access.log main;
|
|
|
|
# Optimizaciones de rendimiento
|
|
sendfile on;
|
|
tcp_nopush on;
|
|
tcp_nodelay on;
|
|
keepalive_timeout 65;
|
|
types_hash_max_size 2048;
|
|
client_max_body_size 1000M;
|
|
|
|
# Compresión gzip para reducir ancho de banda
|
|
gzip on;
|
|
gzip_vary on;
|
|
gzip_proxied any;
|
|
gzip_comp_level 6;
|
|
gzip_types text/plain text/css text/xml text/javascript
|
|
application/json application/javascript application/xml+rss
|
|
application/atom+xml image/svg+xml;
|
|
gzip_disable "msie6";
|
|
|
|
# Cache de archivos estáticos
|
|
open_file_cache max=1000 inactive=20s;
|
|
open_file_cache_valid 30s;
|
|
open_file_cache_min_uses 2;
|
|
open_file_cache_errors on;
|
|
|
|
# Configuración upstream para Gunicorn
|
|
upstream gunicorn_backend {
|
|
server rss2_web:8000 max_fails=3 fail_timeout=30s;
|
|
keepalive 32;
|
|
}
|
|
|
|
server {
|
|
listen 80;
|
|
server_name _;
|
|
|
|
# Logs específicos
|
|
access_log /var/log/nginx/rss2_access.log main;
|
|
error_log /var/log/nginx/rss2_error.log warn;
|
|
|
|
# Límites de seguridad
|
|
client_body_timeout 60s;
|
|
client_header_timeout 60s;
|
|
send_timeout 300s;
|
|
|
|
# Servir archivos estáticos directamente desde NGINX
|
|
location /static/ {
|
|
alias /app/static/;
|
|
expires 7d;
|
|
add_header Cache-Control "no-cache, must-revalidate";
|
|
access_log on;
|
|
}
|
|
|
|
# Proxy pass a Gunicorn para todo lo demás
|
|
location / {
|
|
proxy_pass http://gunicorn_backend;
|
|
proxy_redirect off;
|
|
|
|
# Headers necesarios
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
|
|
# Timeouts para queries lentas
|
|
proxy_connect_timeout 60s;
|
|
proxy_send_timeout 300s;
|
|
proxy_read_timeout 300s;
|
|
|
|
# Buffering
|
|
proxy_buffering on;
|
|
proxy_buffer_size 4k;
|
|
proxy_buffers 8 4k;
|
|
proxy_busy_buffers_size 8k;
|
|
|
|
# HTTP/1.1 para keepalive
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Connection "";
|
|
}
|
|
|
|
# Health check endpoint
|
|
location /health {
|
|
access_log off;
|
|
proxy_pass http://gunicorn_backend;
|
|
}
|
|
|
|
# Bloquear acceso a archivos sensibles
|
|
location ~ /\. {
|
|
deny all;
|
|
access_log off;
|
|
log_not_found off;
|
|
}
|
|
}
|
|
}
|