cronekorkn/bundlewrap
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity
bundlewrap/bundles/nginx/files/nginx.conf
CroneKorkN 524ad6e89b
nginx: SSE-friendly proxy_pass + unconditional $connection_upgrade map 
Two coupled changes that let every proxy_pass vhost serve both WS and
SSE without per-vhost flags or template conditionals:

1) nginx.conf: $connection_upgrade map is now always defined (drop
   the % if has_websockets: gate), and the '' branch returns "" instead
   of "close". With "" + proxy_http_version 1.1, nginx maintains
   keep-alive to upstream for non-WS clients — which is what SSE
   requires. WS clients still get Connection: upgrade as before.

2) data/nginx/proxy_pass.conf: drop the % if websockets: conditional.
   Always set proxy_http_version 1.1 + Upgrade + Connection via the
   map, plus proxy_buffering off and proxy_read_timeout 1h for SSE.

Effects on existing vhosts:
- home.server's Proxmox WS vhost: unchanged behavior (the WS branch
  was already setting these headers). Gains the ability to also
  serve SSE if ever needed.
- All other proxy_pass vhosts (Nextcloud, Freescout, YOURLS, Gitea,
  etc.): get keep-alive to upstream (minor latency win) and unbuffered
  pass-through (slight throughput cost on huge responses, neutral
  for typical web app traffic).

Dead but harmless: bundles/nginx/metadata.py still defaults
nginx/has_websockets to False, and proxmox-ve/grafana still set it
to True. The flag is now a no-op; clean up in a separate pass.
2026-05-10 22:12:03 +02:00

44 lines
1.1 KiB
Nginx Configuration File
Raw Blame History

pid /var/run/nginx.pid;
user www-data;
worker_processes ${worker_processes};
% for module in sorted(modules):
load_module modules/ngx_${module}_module.so;
% endfor
include /etc/nginx/conf.d/*;
events {
worker_connections 768;
}
http {
access_log /var/log/nginx/access.log;
default_type application/octet-stream;
error_log /var/log/nginx/error.log;
include /etc/nginx/mime.types;
sendfile on;
server_names_hash_bucket_size 128;
tcp_nopush on;
client_max_body_size 32G;
ssl_dhparam "/etc/ssl/certs/dhparam.pem";
# dont show nginx version
server_tokens off;
% if node.has_bundle('php'):
upstream php-handler {
server unix:/var/run/php/php${node.metadata.get('php/version')}-fpm.sock;
}
% endif
# Always defined: serves both WS-enabled vhosts (Connection: upgrade for
# ws clients) and SSE/keep-alive vhosts (Connection: "" lets nginx manage
# the upstream connection for keep-alive, instead of forcing "close").
map $http_upgrade $connection_upgrade {
default upgrade;
'' '';
}
include /etc/nginx/sites-enabled/*;
}
Reference in a new issue View git blame Copy permalink