diff --git a/Dockerfile b/Dockerfile index c3e9f31..e3be2c3 100644 --- a/Dockerfile +++ b/Dockerfile @@ -16,6 +16,7 @@ ENV STATIC_LOCATIONS= ENV NO_ACCESS_LOGS=0 ENV LOG_ONLY_5XX=0 ENV WORKER_CONNECTIONS=1024 + EXPOSE 80 STOPSIGNAL SIGQUIT ENTRYPOINT ["/docker-entrypoint.sh"] diff --git a/README.md b/README.md index e8de132..82347d2 100644 --- a/README.md +++ b/README.md @@ -28,7 +28,8 @@ Pair nginx-proxy with your favorite upstream server (wsgi, uwsgi, asgi, et al.) | `NO_ACCESS_LOGS` | disable access logs completely | No | 0 | 1 | | `LOG_ONLY_5XX` | only log 5XX HTTP status access events | No | 0 | 1 | | `WORKER_CONNECTIONS` | Set the number of allowed worker connections | No | 1024 | 2048 | - +| `WORKER_FILE_LIMIT` | Set the number of available file descriptors | No | `2*WORKER_CONNECTIONS` | 4096 | +| `WSGI_TIMEOUT` | uwsgi read and write timeouts | No | `KEEPALIVE_TIMEOUT` | 4096 | ### Hosting Static Assets Static files can be hosted from your proxied application by sharing a volume @@ -88,4 +89,4 @@ Notable differences from the official [nginx container][] [nginx container]: https://hub.docker.com/_/nginx [gomplate]: https://docs.gomplate.ca/ [uwsgi]: https://uwsgi-docs.readthedocs.io/en/latest/ -[nginx status]: https://nginx.org/en/docs/http/ngx_http_stub_status_module.html +[nginx status]: https://nginx.org/en/docs/http/ngx_http_stub_status_module.html \ No newline at end of file diff --git a/src/docker-entrypoint.d/00-render-templates.sh b/src/docker-entrypoint.d/00-render-templates.sh index b14c33a..6831155 100755 --- a/src/docker-entrypoint.d/00-render-templates.sh +++ b/src/docker-entrypoint.d/00-render-templates.sh @@ -16,6 +16,9 @@ function render_templates { done } +export WORKER_FILE_LIMIT=${WORKER_FILE_LIMIT:=$(( WORKER_CONNECTIONS * 2 ))} +export WSGI_TIMEOUT=${WSGI_TIMEOUT:-${KEEPALIVE_TIMEOUT}} + render_templates "/etc/nginx/*.template" "/etc/nginx" render_templates "/etc/nginx/conf.d/*.template" "/etc/nginx/conf.d" render_templates "/etc/nginx/includes/*.template" "/etc/nginx/includes" diff --git a/src/etc/nginx/conf.d/default.conf.template b/src/etc/nginx/conf.d/default.conf.template index 1bc6888..d4aa450 100644 --- a/src/etc/nginx/conf.d/default.conf.template +++ b/src/etc/nginx/conf.d/default.conf.template @@ -1,4 +1,4 @@ -# Default configuration returns 400 in order to deny any request with an +# Default configuration returns 400 in order to deny any request with an # unrecognized host header (server_name.) {{ if (ne .Env.SERVER_NAME "_") }} server { @@ -21,7 +21,7 @@ server { add_header X-Frame-Options "SAMEORIGIN"; add_header X-XSS-Protection "1; mode=block"; add_header X-Content-Type-Options "nosniff"; - + location / { {{ if (eq .Env.PROXY_UWSGI "1") }} include /etc/nginx/includes/uwsgi.conf; diff --git a/src/etc/nginx/includes/uwsgi.conf.template b/src/etc/nginx/includes/uwsgi.conf.template index 066a354..18595a0 100644 --- a/src/etc/nginx/includes/uwsgi.conf.template +++ b/src/etc/nginx/includes/uwsgi.conf.template @@ -2,5 +2,5 @@ uwsgi_pass app; uwsgi_param HTTP_X_REQUEST_ID $request_id; uwsgi_param HTTP_HOST $host; include uwsgi_params; -uwsgi_read_timeout {{ .Env.KEEPALIVE_TIMEOUT }}; -uwsgi_send_timeout {{ .Env.KEEPALIVE_TIMEOUT }}; +uwsgi_read_timeout {{ .Env.WSGI_TIMEOUT }}; +uwsgi_send_timeout {{ .Env.WSGI_TIMEOUT }}; diff --git a/src/etc/nginx/nginx.conf.template b/src/etc/nginx/nginx.conf.template index a7889b6..7210730 100644 --- a/src/etc/nginx/nginx.conf.template +++ b/src/etc/nginx/nginx.conf.template @@ -7,6 +7,7 @@ pid /var/run/nginx.pid; # Used to zap Server header load_module /usr/lib/nginx/modules/ngx_http_headers_more_filter_module.so; +worker_rlimit_nofile {{ .Env.WORKER_FILE_LIMIT }}; events { worker_connections {{ .Env.WORKER_CONNECTIONS }}; use epoll;