Fijxu/docker-compose-configs
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
docker-compose-configs/nginx.conf
Fijxu 9940e4c01e
Use static ip addresses for containers and centralize the proxy components in a single file. 
I had to use static ip addresses here due to a very anoying NGINX
behavior which is: `nginx: [emerg] host not found in upstream
"companion:8081" in /etc/nginx/nginx.conf:17`

NIGNX will NOT start if it can't find the container IP address from the
Docker DNS resolver 127.0.0.11 which is pretty fucking anoying. Thanks
nginx dev for that stupid design.
2025-03-13 19:40:36 -03:00

75 lines
No EOL
1.7 KiB
Nginx Configuration File
Raw Permalink Blame History

worker_processes auto;
events {
worker_connections 4096;
multi_accept on;
use epoll;
}
http {
upstream http3-ytproxy {
keepalive 256;
server unix:/tmp/http-ytproxy.sock;
}
upstream companion {
keepalive 256;
server 172.50.0.3:8081;
}
# Docker DNS resolver!
resolver 127.0.0.11;
access_log off;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
# Restrict to HTTP/1.1 since HTTP/2 is not useful for DASH video streaming.
# HTTP/1.1 also uses a fairly low ammount of CPU compared to HTTP/2.
# HTTP/2 is useful for requesting a lot of files at the same time, but
# for DASH video streaming you download the video in a synchronously way,
# making HTTP/2 useless for it.
http2 off;
ssl_certificate /certs/cert.pem;
ssl_certificate_key /certs/cert.pem.key;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384";
ssl_prefer_server_ciphers off;
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off;
ssl_early_data on;
ssl_conf_command Options KTLS;
server {
server_name ${EXVPP_HOST};
listen 443 ssl reuseport;
location / {
proxy_pass http://http3-ytproxy;
sendfile_max_chunk 512k;
proxy_buffering off;
aio threads=default;
aio_write on;
directio 16m;
proxy_http_version 1.1;
proxy_set_header Connection keep-alive;
}
}
server {
server_name ${COMPANION_HOST};
listen 443 ssl;
location / {
proxy_pass http://companion;
proxy_http_version 1.1;
proxy_set_header Connection keep-alive;
}
}
}
# vim: ts=2 sw=2 et
Reference in a new issue View git blame Copy permalink