[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
02/02: hydra: berlin: Remove unused nginx config files.
|
From: |
Ludovic Courtès |
|
Subject: |
02/02: hydra: berlin: Remove unused nginx config files. |
|
Date: |
Wed, 1 May 2019 12:11:04 -0400 (EDT) |
civodul pushed a commit to branch master
in repository maintenance.
commit 49c30276ebc95a68b327008ba4698eb9dc87e79c
Author: Ludovic Courtès <address@hidden>
Date: Wed May 1 18:00:24 2019 +0200
hydra: berlin: Remove unused nginx config files.
These were unused since commit
a94e1be87429b943ad9e0ffcddc84bb889711c2b.
* hydra/nginx/berlin-locations.conf,
hydra/nginx/berlin.conf: Remove.
* hydra/modules/sysadmin/services.scm (frontend-services): Add
NGINX-SERVICE-TYPE only when NGINX-CONFIG-FILE is true.
* hydra/berlin.scm (services): Remove #:nginx-config-file argument to
'frontend-services'.
---
hydra/berlin.scm | 3 -
hydra/modules/sysadmin/services.scm | 23 ++--
hydra/nginx/berlin-locations.conf | 135 -------------------
hydra/nginx/berlin.conf | 256 ------------------------------------
4 files changed, 12 insertions(+), 405 deletions(-)
diff --git a/hydra/berlin.scm b/hydra/berlin.scm
index 343e104..e9c984a 100644
--- a/hydra/berlin.scm
+++ b/hydra/berlin.scm
@@ -221,9 +221,6 @@ fastcgi_param PHP_VALUE \"post_max_size = 16M
#:systems '("x86_64-linux" "i686-linux"
"aarch64-linux")
#:motd %motd
- ;; We don't use this.
- #:nginx-config-file
- (file-append %nginx-config "/berlin.conf")
#:max-jobs 20)
(nginx-service-type
config => %nginx-configuration)))))
diff --git a/hydra/modules/sysadmin/services.scm
b/hydra/modules/sysadmin/services.scm
index 96e359d..cf2b249 100644
--- a/hydra/modules/sysadmin/services.scm
+++ b/hydra/modules/sysadmin/services.scm
@@ -229,10 +229,6 @@
(compression-level 9)
(workers publish-workers)))
- (service nginx-service-type
- (nginx-configuration
- (file nginx-config-file)))
-
%nginx-mime-types
%nginx-cache-activation
@@ -245,11 +241,16 @@
(service openssh-service-type)
(service sysadmin-service-type sysadmins)
- (modify-services %base-services
- (guix-service-type config =>
- (guix-daemon-config #:max-jobs max-jobs
+ (append (if nginx-config-file
+ (list (service nginx-service-type
+ (nginx-configuration
+ (file nginx-config-file))))
+ '())
+ (modify-services %base-services
+ (guix-service-type
+ config => (guix-daemon-config #:max-jobs max-jobs
#:cores cores))
- (login-service-type
- config => (login-configuration
- (inherit config)
- (motd motd))))))
+ (login-service-type
+ config => (login-configuration
+ (inherit config)
+ (motd motd)))))))
diff --git a/hydra/nginx/berlin-locations.conf
b/hydra/nginx/berlin-locations.conf
deleted file mode 100644
index 4766677..0000000
--- a/hydra/nginx/berlin-locations.conf
+++ /dev/null
@@ -1,135 +0,0 @@
-# Configuration of the various HTTP locations.
-# This file is meant to be included in the berlin Nginx configuration file.
-
-# Cuirass.
-location / {
- proxy_pass http://localhost:8081;
-}
-
-location /static {
- proxy_pass http://localhost:8081;
-
- # Let browsers cache this for a while.
- expires 10d;
-
- # Cache quite aggressively.
- proxy_cache static;
- proxy_cache_valid 200 5d;
- proxy_cache_valid any 10m;
- proxy_ignore_client_abort on;
-}
-
-location = /berlin.guixsd.org-export.pub {
- root @WWWROOT@;
-}
-
-location = /nix-cache-info {
- proxy_pass http://localhost:3000/nix-cache-info;
-
- # Cache this file since that's always the first thing we ask for.
- proxy_cache static;
- proxy_cache_valid 200 100d; # cache hits for a looong time.
- proxy_cache_valid any 5m; # cache misses/others for 5 min.
- proxy_ignore_client_abort on;
-
- # We need to hide and ignore the Set-Cookie header
- # to enable caching.
- proxy_hide_header Set-Cookie;
- proxy_ignore_headers Set-Cookie;
-}
-
-location /nar/ {
- proxy_pass http://localhost:3000;
-
- client_body_buffer_size 256k;
-
- # Be more tolerant of delays when fetching a nar.
- proxy_read_timeout 60s;
- proxy_send_timeout 60s;
-
- # Enable caching for nar files, to avoid reconstructing and recompressing
- # archives.
- proxy_cache nar;
- proxy_cache_valid 200 30d; # cache hits for 1 month
- proxy_cache_valid 504 3m; # timeout, when hydra.gnu.org is overloaded
- proxy_cache_valid any 1h; # cache misses/others for 1h.
-
- proxy_ignore_client_abort on;
-
- # Nars are already compressed.
- gzip off;
-
- # We need to hide and ignore the Set-Cookie header
- # to enable caching.
- proxy_hide_header Set-Cookie;
- proxy_ignore_headers Set-Cookie;
-
- # Provide a 'content-length' header so that 'guix substitute-binary'
- # knows upfront how much it is downloading.
- #add_header Content-Length $body_bytes_sent;
-}
-
-location ~ \.narinfo$ {
- # Since 'guix publish' has its own caching, and since it relies on
- # the atime of cached narinfos to determine whether a narinfo can
- # be removed from the cache, don't do any caching here.
- proxy_pass http://localhost:3000;
-
- # For HTTP pipelining. This has a dramatic impact on performance.
- client_body_buffer_size 128k;
-
- # Narinfos requests are short, serve many of them on a connection.
- keepalive_requests 600;
-
- # Do not tolerate slowness of hydra.gnu.org when fetching
- # narinfos: better return 504 quickly than wait forever.
- proxy_connect_timeout 2s;
- proxy_read_timeout 2s;
- proxy_send_timeout 2s;
-
- # 'guix publish --ttl' produces a 'Cache-Control' header for use
- # by 'guix substitute'. Let it through rather than use nginx's
- # "expire" directive since the expiration time defined by 'guix
- # publish' is the right one.
- proxy_pass_header Cache-Control;
-
- proxy_ignore_client_abort on;
-
- # We need to hide and ignore the Set-Cookie header
- # to enable caching.
- proxy_hide_header Set-Cookie;
- proxy_ignore_headers Set-Cookie;
-}
-
-location /log/ {
- proxy_pass http://localhost:3000;
-
- # Enable caching for build logs.
- proxy_cache logs;
- proxy_cache_valid 200 60d; # cache hits.
- proxy_cache_valid 504 3m; # timeout, when hydra.gnu.org is overloaded
- proxy_cache_valid any 1h; # cache misses/others.
-
- proxy_ignore_client_abort on;
-
- # We need to hide and ignore the Set-Cookie header
- # to enable caching.
- proxy_hide_header Set-Cookie;
- proxy_ignore_headers Set-Cookie;
-}
-
-# Content-addressed files served by 'guix publish'.
-location /file/ {
- proxy_pass http://localhost:3000;
-
- proxy_cache cas;
- proxy_cache_valid 200 200d; # cache hits
- proxy_cache_valid any 5m; # cache misses/others
-
- proxy_ignore_client_abort on;
-}
-
-# For use by Certbot.
-location /.well-known {
- root /var/www;
-}
diff --git a/hydra/nginx/berlin.conf b/hydra/nginx/berlin.conf
deleted file mode 100644
index 797beb9..0000000
--- a/hydra/nginx/berlin.conf
+++ /dev/null
@@ -1,256 +0,0 @@
-# This is the nginx config file for berlin.guixsd.conf.
-
-user nginx;
-
-# This is a 72-core machine, but let's not use all of them for nginx.
-worker_processes 32;
-
-error_log /var/log/nginx/error.log error;
-pid /var/run/nginx.pid;
-
-pcre_jit on;
-
-events {
- worker_connections 1024;
-}
-
-http {
- include /etc/nginx/mime.types;
- default_type application/octet-stream;
-
- # We need to specify all these or nginx picks its own directory to
- # store them, which doesn't work because the store is read-only.
- client_body_temp_path /var/run/nginx/body;
- proxy_temp_path /var/run/nginx/proxy;
- fastcgi_temp_path /var/run/nginx/fastcgi;
- uwsgi_temp_path /var/run/nginx/uwsgi;
- scgi_temp_path /var/run/nginx/scgi;
-
- access_log /var/log/nginx/access.log;
-
- sendfile on;
-
- # Maximum chunk size to send. Partly this is a workaround
- # for <http://bugs.gnu.org/19939>, but also the nginx docs
- # mention that "Without the limit, one fast connection may
- # seize the worker process entirely."
- # <http://nginx.org/en/docs/http/ngx_http_core_module#sendfile_max_chunk>
- sendfile_max_chunk 1m;
-
- keepalive_timeout 65;
-
- # Use HTTP 1.1 to talk to the backend so we benefit from
- # keep-alive connections and chunked transfer encoding. The
- # latter allows us to make sure we do not cache partial downloads.
- proxy_http_version 1.1;
-
- # The 'inactive' parameter for caching is not very useful in our
- # case: all that matters is that LRU sweeping happens when
- # 'max_size' is hit.
-
- # cache for nar files
- proxy_cache_path /var/cache/nginx/nar
- levels=2
- inactive=8d # inactive keys removed after 8d
- keys_zone=nar:4m # nar cache meta data: ~32K keys
- max_size=10g; # total cache data size max
-
- # cache for content-addressed files
- proxy_cache_path /var/cache/nginx/cas
- levels=2
- inactive=180d # inactive keys removed after 180d
- keys_zone=cas:8m # nar cache meta data: ~64K keys
- max_size=50g; # total cache data size max
-
- # cache for build logs
- proxy_cache_path /var/cache/nginx/logs
- levels=2
- inactive=60d # inactive keys removed after 60d
- keys_zone=logs:8m # narinfo meta data: ~64K keys
- max_size=4g; # total cache data size max
-
- # cache for static data
- proxy_cache_path /var/cache/nginx/static
- levels=1
- inactive=10d # inactive keys removed after 10d
- keys_zone=static:1m # nar cache meta data: ~8K keys
- max_size=200m; # total cache data size max
-
- # If Hydra cannot honor these delays, then something is wrong and
- # we'd better drop the connection and return 504.
- proxy_connect_timeout 7s;
- proxy_read_timeout 10s;
- proxy_send_timeout 10s;
-
- # Cache timeouts for a little while to avoid increasing pressure.
- proxy_cache_valid 504 30s;
-
- server {
- listen 80;
- server_name berlin.guixsd.org ci.guix.info ci.guix.gnu.org;
-
- access_log /var/log/nginx/http.access.log;
-
- proxy_set_header X-Forwarded-Host $host;
- proxy_set_header X-Forwarded-Port $server_port;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-
- include berlin-locations.conf;
- }
-
- server {
- listen 80;
- server_name bootstrappable.org www.bootstrappable.org;
- root /home/rekado/bootstrappable.org;
- index index.html;
- access_log /var/log/nginx/bootstrappable.access.log;
- location = / {
- root /home/rekado/bootstrappable.org;
- }
- }
-
- server {
- listen 80;
- server_name guix.info www.guix.info guix.gnu.org;
- root /home/rekado/guix.info;
- index index.html;
- access_log /var/log/nginx/guix-info.access.log;
- location = / {
- root /home/rekado/guix.info;
- }
- }
-
- server {
- listen 80;
- server_name issues.guix.info issues.guix.gnu.org;
- root /home/rekado/mumi/;
- index index.html;
- access_log /var/log/nginx/issues-guix-info.access.log;
- location / {
- proxy_pass http://localhost:1234;
- }
- }
-
- # HTTPS server.
- server {
- listen 443 ssl;
- server_name berlin.guixsd.org ci.guix.info ci.guix.gnu.org;
-
- ssl_certificate
/etc/letsencrypt/live/berlin.guixsd.org/fullchain.pem;
- ssl_certificate_key
/etc/letsencrypt/live/berlin.guixsd.org/privkey.pem;
-
- # Make sure SSL is disabled.
- ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
-
- # Disable weak cipher suites.
- ssl_ciphers HIGH:!aNULL:!MD5;
- ssl_prefer_server_ciphers on;
-
- # Use our own DH parameters created with:
- # openssl dhparam -out dhparams.pem 2048
- # as suggested at <https://weakdh.org/sysadmin.html>.
- ssl_dhparam /etc/dhparams.pem;
-
- access_log /var/log/nginx/https.access.log;
-
- proxy_set_header X-Forwarded-Host $host;
- proxy_set_header X-Forwarded-Port $server_port;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-
- include berlin-locations.conf;
- }
- server {
- listen 443 ssl;
- server_name bootstrappable.org www.bootstrappable.org;
-
- ssl_certificate
/etc/letsencrypt/live/bootstrappable.org/fullchain.pem;
- ssl_certificate_key
/etc/letsencrypt/live/bootstrappable.org/privkey.pem;
-
- # Make sure SSL is disabled.
- ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
-
- # Disable weak cipher suites.
- ssl_ciphers HIGH:!aNULL:!MD5;
- ssl_prefer_server_ciphers on;
-
- # Use our own DH parameters created with:
- # openssl dhparam -out dhparams.pem 2048
- # as suggested at <https://weakdh.org/sysadmin.html>.
- ssl_dhparam /etc/dhparams.pem;
-
- proxy_set_header X-Forwarded-Host $host;
- proxy_set_header X-Forwarded-Port $server_port;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-
- root /home/rekado/bootstrappable.org;
- index index.html;
- access_log /var/log/nginx/bootstrappable.https.access.log;
- location = / {
- root /home/rekado/bootstrappable.org;
- }
- }
- server {
- listen 443 ssl;
- server_name guix.info www.guix.info guix.gnu.org;
-
- ssl_certificate /etc/letsencrypt/live/guix.info/fullchain.pem;
- ssl_certificate_key /etc/letsencrypt/live/guix.info/privkey.pem;
-
- # Make sure SSL is disabled.
- ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
-
- # Disable weak cipher suites.
- ssl_ciphers HIGH:!aNULL:!MD5;
- ssl_prefer_server_ciphers on;
-
- # Use our own DH parameters created with:
- # openssl dhparam -out dhparams.pem 2048
- # as suggested at <https://weakdh.org/sysadmin.html>.
- ssl_dhparam /etc/dhparams.pem;
-
- proxy_set_header X-Forwarded-Host $host;
- proxy_set_header X-Forwarded-Port $server_port;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-
- root /home/rekado/guix.info;
- index index.html;
- access_log /var/log/nginx/guix-info.https.access.log;
- location = / {
- root /home/rekado/guix.info;
- }
- }
- server {
- listen 443 ssl;
- server_name issues.guix.info issues.guix.gnu.org;
-
- ssl_certificate
/etc/letsencrypt/live/issues.guix.info/fullchain.pem;
- ssl_certificate_key /etc/letsencrypt/live/issues.guix.info/privkey.pem;
-
- # Make sure SSL is disabled.
- ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
-
- # Disable weak cipher suites.
- ssl_ciphers HIGH:!aNULL:!MD5;
- ssl_prefer_server_ciphers on;
-
- # Use our own DH parameters created with:
- # openssl dhparam -out dhparams.pem 2048
- # as suggested at <https://weakdh.org/sysadmin.html>.
- ssl_dhparam /etc/dhparams.pem;
-
- proxy_set_header X-Forwarded-Host $host;
- proxy_set_header X-Forwarded-Port $server_port;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- proxy_connect_timeout 600;
- proxy_send_timeout 600;
- proxy_read_timeout 600;
- send_timeout 600;
-
- root /home/rekado/mumi/;
- index index.html;
- access_log /var/log/nginx/issues-guix-info.https.access.log;
- location / {
- proxy_pass http://localhost:1234;
- }
- }
-}