mirror of
git://git.savannah.gnu.org/guix/maintenance.git
synced 2023-12-14 03:33:04 +01:00
37c2348d72
Fixes <https://bugs.gnu.org/36299>. Reported by Ryan Prior <ryanprior@gmail.com> and Danny Milosavljevic <dannym@scratchpost.org>. * hydra/nginx/hydra.gnu.org-locations.conf: Use "location /" instead of a regexp because regexps are matched before anything else, and thus /nar/guix would also be redirected.
104 lines
3.5 KiB
Text
104 lines
3.5 KiB
Text
# Configuration of the various locations at hydra.gnu.org.
|
|
# This file is meant to be included in the main configuration file.
|
|
|
|
location /guix/nar/ {
|
|
# Served by:
|
|
# guix publish -p 9999 --listen=127.0.0.1 -u nobody -C8 --cache=/var/cache/guix/publish --ttl=14d --workers=2 --nar-path=guix/nar --public-key=/home/hydra/narinfo-key.pub --private-key=/home/hydra/narinfo-key.sec
|
|
proxy_pass http://127.0.0.1:9999;
|
|
|
|
client_body_buffer_size 256k;
|
|
|
|
# Enable caching for nar files, to avoid reconstructing and recompressing
|
|
# archives.
|
|
proxy_cache nar;
|
|
proxy_cache_valid 200 15d; # cache hits for 15 days.
|
|
proxy_cache_valid 504 3m; # timeout, when the machine is overloaded
|
|
proxy_cache_valid any 1m; # cache misses/others for 1 min.
|
|
|
|
proxy_ignore_client_abort on;
|
|
|
|
# Be more tolerant of delays when fetching a nar. Using a shorter
|
|
# timeout leads to users retrying, which in turn triggers another
|
|
# export-and-compress process, which quickly brings the machine
|
|
# down.
|
|
proxy_read_timeout 60s;
|
|
proxy_send_timeout 60s;
|
|
|
|
# Nars are already compressed.
|
|
gzip off;
|
|
}
|
|
|
|
location /nix-cache-info {
|
|
proxy_pass http://127.0.0.1:9999;
|
|
|
|
# Cache this file since that's always the first thing we ask for.
|
|
proxy_cache static;
|
|
proxy_cache_valid 200 10d; # cache hits for a looong time.
|
|
proxy_cache_valid any 5m; # cache misses/others for 5 min.
|
|
proxy_ignore_client_abort on;
|
|
|
|
# We need to hide and ignore the Set-Cookie header
|
|
# to enable caching.
|
|
proxy_hide_header Set-Cookie;
|
|
proxy_ignore_headers Set-Cookie;
|
|
|
|
# Tell browsers to cache these things.
|
|
expires 10d;
|
|
}
|
|
|
|
location ~ \.narinfo$ {
|
|
# Narinfos served by 'guix publish' (see above). If we change the
|
|
# port to 3000, then they are served by Hydra.
|
|
#
|
|
# Since 'guix publish' has its own caching, and since it relies on
|
|
# the atime of cached narinfos to determine whether a narinfo can
|
|
# be removed from the cache, don't do any caching here. (Hydra
|
|
# computed narinfos on the fly so it definitely needed caching.)
|
|
proxy_pass http://127.0.0.1:9999;
|
|
|
|
# For HTTP pipelining. This has a dramatic impact on performance.
|
|
client_body_buffer_size 128k;
|
|
|
|
# Narinfos requests are short, serve many of them on a connection.
|
|
keepalive_requests 600;
|
|
|
|
# Do not tolerate slowness of hydra.gnu.org when fetching
|
|
# narinfos: better return 504 quickly than wait forever. However,
|
|
# since hydra.gnu.org is often overloaded, keep the timeouts not
|
|
# too small.
|
|
proxy_connect_timeout 4s;
|
|
proxy_read_timeout 6s;
|
|
proxy_send_timeout 6s;
|
|
|
|
# 'guix publish --ttl' produces a 'Cache-Control' header for use
|
|
# by 'guix substitute'. Let it through rather than use nginx's
|
|
# "expire" directive since the expiration time defined by 'guix
|
|
# publish' is the right one.
|
|
proxy_pass_header Cache-Control;
|
|
|
|
proxy_ignore_client_abort on;
|
|
|
|
# We need to hide and ignore the Set-Cookie header
|
|
# to enable caching.
|
|
proxy_hide_header Set-Cookie;
|
|
proxy_ignore_headers Set-Cookie;
|
|
}
|
|
|
|
# Content-addressed files served by 'guix publish'. No need to cache
|
|
# it because it is served right from the store without any additional
|
|
# processing (see above for the full 'guix publish' command).
|
|
location /file/ {
|
|
proxy_pass http://127.0.0.1:9999;
|
|
|
|
proxy_connect_timeout 3s;
|
|
}
|
|
|
|
# For use by Certbot.
|
|
location /.well-known {
|
|
root /var/www;
|
|
}
|
|
|
|
# Bye bye!
|
|
location / {
|
|
return 301 https://ci.guix.gnu.org;
|
|
}
|