guix/maintenance
2
0
Fork 0
mirror of git://git.savannah.gnu.org/guix/maintenance.git synced 2023-12-14 03:33:04 +01:00
Code Issues Releases Wiki Activity
maintenance/hydra/nginx/hydra.gnu.org-locations.conf
Ludovic Courtès 37c2348d72
hydra: nginx: No longer redirect /nar/guix requests. 
Fixes <https://bugs.gnu.org/36299>.
Reported by Ryan Prior <ryanprior@gmail.com>
and Danny Milosavljevic <dannym@scratchpost.org>.

* hydra/nginx/hydra.gnu.org-locations.conf: Use "location /" instead of
a regexp because regexps are matched before anything else, and thus
/nar/guix would also be redirected.
2019-06-24 10:16:49 +02:00

105 lines
3.5 KiB
Plaintext
Raw Blame History

# Configuration of the various locations at hydra.gnu.org.
# This file is meant to be included in the main configuration file.
location /guix/nar/ {
# Served by:
# guix publish -p 9999 --listen=127.0.0.1 -u nobody -C8 --cache=/var/cache/guix/publish --ttl=14d --workers=2 --nar-path=guix/nar --public-key=/home/hydra/narinfo-key.pub --private-key=/home/hydra/narinfo-key.sec
proxy_pass http://127.0.0.1:9999;
client_body_buffer_size 256k;
# Enable caching for nar files, to avoid reconstructing and recompressing
# archives.
proxy_cache nar;
proxy_cache_valid 200 15d; # cache hits for 15 days.
proxy_cache_valid 504 3m; # timeout, when the machine is overloaded
proxy_cache_valid any 1m; # cache misses/others for 1 min.
proxy_ignore_client_abort on;
# Be more tolerant of delays when fetching a nar. Using a shorter
# timeout leads to users retrying, which in turn triggers another
# export-and-compress process, which quickly brings the machine
# down.
proxy_read_timeout 60s;
proxy_send_timeout 60s;
# Nars are already compressed.
gzip off;
}
location /nix-cache-info {
proxy_pass http://127.0.0.1:9999;
# Cache this file since that's always the first thing we ask for.
proxy_cache static;
proxy_cache_valid 200 10d; # cache hits for a looong time.
proxy_cache_valid any 5m; # cache misses/others for 5 min.
proxy_ignore_client_abort on;
# We need to hide and ignore the Set-Cookie header
# to enable caching.
proxy_hide_header Set-Cookie;
proxy_ignore_headers Set-Cookie;
# Tell browsers to cache these things.
expires 10d;
}
location ~ \.narinfo$ {
# Narinfos served by 'guix publish' (see above). If we change the
# port to 3000, then they are served by Hydra.
#
# Since 'guix publish' has its own caching, and since it relies on
# the atime of cached narinfos to determine whether a narinfo can
# be removed from the cache, don't do any caching here. (Hydra
# computed narinfos on the fly so it definitely needed caching.)
proxy_pass http://127.0.0.1:9999;
# For HTTP pipelining. This has a dramatic impact on performance.
client_body_buffer_size 128k;
# Narinfos requests are short, serve many of them on a connection.
keepalive_requests 600;
# Do not tolerate slowness of hydra.gnu.org when fetching
# narinfos: better return 504 quickly than wait forever. However,
# since hydra.gnu.org is often overloaded, keep the timeouts not
# too small.
proxy_connect_timeout 4s;
proxy_read_timeout 6s;
proxy_send_timeout 6s;
# 'guix publish --ttl' produces a 'Cache-Control' header for use
# by 'guix substitute'. Let it through rather than use nginx's
# "expire" directive since the expiration time defined by 'guix
# publish' is the right one.
proxy_pass_header Cache-Control;
proxy_ignore_client_abort on;
# We need to hide and ignore the Set-Cookie header
# to enable caching.
proxy_hide_header Set-Cookie;
proxy_ignore_headers Set-Cookie;
}
# Content-addressed files served by 'guix publish'. No need to cache
# it because it is served right from the store without any additional
# processing (see above for the full 'guix publish' command).
location /file/ {
proxy_pass http://127.0.0.1:9999;
proxy_connect_timeout 3s;
}
# For use by Certbot.
location /.well-known {
root /var/www;
}
# Bye bye!
location / {
return 301 https://ci.guix.gnu.org;
}
View git blame Copy permalink