-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathnginx.conf
More file actions
255 lines (210 loc) · 7.94 KB
/
nginx.conf
File metadata and controls
255 lines (210 loc) · 7.94 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
# ===== High-Performance Nginx Configuration for 500+ Concurrent Users =====
# Auto-detect available CPU cores
worker_processes auto;
# Maximum number of open files per worker
worker_rlimit_nofile 65535;
# Performance tuning
pcre_jit on;
events {
# Connections per worker (65535 / worker_processes)
worker_connections 4096;
# Accept as many connections as possible
multi_accept on;
# Use epoll for Linux (most efficient)
use epoll;
}
http {
# ===== Basic Settings =====
charset utf-8;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
# Timeouts
keepalive_timeout 65;
keepalive_requests 1000;
send_timeout 30;
# Buffer sizes
client_body_buffer_size 16k;
client_header_buffer_size 1k;
client_max_body_size 10m;
large_client_header_buffers 4 8k;
# Types
include /etc/nginx/mime.types;
default_type application/json;
# ===== Logging =====
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for" '
'rt=$request_time uct="$upstream_connect_time" '
'uht="$upstream_header_time" urt="$upstream_response_time"';
access_log /var/log/nginx/access.log main buffer=16k flush=5s;
error_log /var/log/nginx/error.log warn;
# ===== Gzip Compression =====
gzip on;
gzip_vary on;
gzip_proxied any;
gzip_comp_level 4;
gzip_min_length 256;
gzip_buffers 16 8k;
gzip_http_version 1.1;
gzip_types
application/json
application/javascript
application/xml
application/xml+rss
text/css
text/javascript
text/plain
text/xml;
# ===== Upstream Configuration with Load Balancing =====
upstream api_gateway {
# Least connections load balancing (best for varying response times)
least_conn;
# Connection pooling - keep connections alive to upstreams
keepalive 32;
keepalive_requests 1000;
keepalive_timeout 60s;
# API Gateway instances (can scale with replicas)
server api-gateway:3000 max_fails=3 fail_timeout=30s;
# Uncomment when using replicas:
# server api-gateway-2:3000 max_fails=3 fail_timeout=30s;
# server api-gateway-3:3000 max_fails=3 fail_timeout=30s;
}
# Direct service upstreams (for service-specific routing)
upstream user_service {
least_conn;
keepalive 16;
server user-service:3001 max_fails=3 fail_timeout=30s;
}
upstream product_service {
least_conn;
keepalive 16;
server product-service:3002 max_fails=3 fail_timeout=30s;
}
upstream order_service {
least_conn;
keepalive 16;
server order-service:3003 max_fails=3 fail_timeout=30s;
}
# ===== Proxy Cache =====
proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=api_cache:10m max_size=100m inactive=60m use_temp_path=off;
# ===== Rate Limiting Zones =====
# Increased for high-load testing - adjust for production
limit_req_zone $binary_remote_addr zone=api_limit:10m rate=500r/s;
limit_req_zone $binary_remote_addr zone=auth_limit:10m rate=50r/s;
limit_conn_zone $binary_remote_addr zone=conn_limit:10m;
# ===== Main Server Block =====
server {
listen 80;
server_name localhost;
# Connection limit per IP
limit_conn conn_limit 200;
# ===== Health Check Endpoint =====
location /nginx-health {
access_log off;
return 200 "healthy\n";
add_header Content-Type text/plain;
}
# ===== API Gateway Proxy =====
location / {
# Rate limiting with burst
limit_req zone=api_limit burst=50 nodelay;
proxy_pass http://api_gateway;
# HTTP/1.1 for keepalive connections
proxy_http_version 1.1;
# Headers
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Connection "";
# Timeouts
proxy_connect_timeout 10s;
proxy_send_timeout 60s;
proxy_read_timeout 60s;
# Buffer settings
proxy_buffering on;
proxy_buffers 16 16k;
proxy_buffer_size 16k;
proxy_busy_buffers_size 32k;
# Error handling
proxy_next_upstream error timeout http_500 http_502 http_503 http_504;
proxy_next_upstream_tries 2;
proxy_next_upstream_timeout 30s;
}
# ===== Auth Endpoints (Stricter Rate Limiting) =====
location /api/auth/ {
limit_req zone=auth_limit burst=5 nodelay;
proxy_pass http://api_gateway;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Connection "";
# Longer timeout for registration (bcrypt)
proxy_read_timeout 30s;
}
# ===== Cacheable Endpoints =====
location /api/products {
limit_req zone=api_limit burst=100 nodelay;
proxy_pass http://api_gateway;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Connection "";
# Enable caching for GET requests
proxy_cache api_cache;
proxy_cache_methods GET HEAD;
proxy_cache_valid 200 1m;
proxy_cache_valid 404 30s;
proxy_cache_key $scheme$request_method$host$request_uri;
add_header X-Cache-Status $upstream_cache_status;
# Bypass cache for authenticated requests
proxy_cache_bypass $http_authorization;
proxy_no_cache $http_authorization;
}
# ===== Categories (Highly Cacheable) =====
location /api/categories {
limit_req zone=api_limit burst=100 nodelay;
proxy_pass http://api_gateway;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Connection "";
# Aggressive caching for categories
proxy_cache api_cache;
proxy_cache_methods GET HEAD;
proxy_cache_valid 200 5m;
proxy_cache_key $scheme$request_method$host$request_uri;
add_header X-Cache-Status $upstream_cache_status;
}
# ===== Health Endpoint =====
location /health {
access_log off;
proxy_pass http://api_gateway;
proxy_http_version 1.1;
proxy_set_header Connection "";
}
# ===== Metrics Endpoint (Prometheus) =====
location /metrics {
proxy_pass http://api_gateway;
proxy_http_version 1.1;
proxy_set_header Connection "";
}
}
# ===== Status Page for Monitoring =====
server {
listen 8081;
server_name localhost;
location /nginx_status {
stub_status on;
access_log off;
allow 127.0.0.1;
allow 172.16.0.0/12;
allow 10.0.0.0/8;
deny all;
}
}
}