From 4fc9b6d535366d9d7c1d33181df8978dedf149b6 Mon Sep 17 00:00:00 2001
From: Martin McKeaveney <martinmckeaveney@gmail.com>
Date: Tue, 1 Feb 2022 14:38:58 +0100
Subject: [PATCH] adding nginx best practices on buffering and body size, gzip

---
 hosting/kubernetes/nginx/nginx.conf | 24 +++++++++++++++++++-----
 hosting/proxy/nginx.conf            | 22 ++++++++++++++++++++--
 2 files changed, 39 insertions(+), 7 deletions(-)

diff --git a/hosting/kubernetes/nginx/nginx.conf b/hosting/kubernetes/nginx/nginx.conf
index 14c9b5aa44..3f324f052c 100644
--- a/hosting/kubernetes/nginx/nginx.conf
+++ b/hosting/kubernetes/nginx/nginx.conf
@@ -12,7 +12,19 @@ http {
   limit_req_zone $binary_remote_addr zone=ratelimit:10m rate=10r/s;
   include       /etc/nginx/mime.types;
   default_type  application/octet-stream;
+  charset utf-8;
+  sendfile on;
+  tcp_nopush on;
+  tcp_nodelay on;
+  server_tokens off;
+  types_hash_max_size 2048;
 
+  # buffering
+  client_body_buffer_size 1K;
+  client_header_buffer_size 1k;
+  client_max_body_size 1k;
+  ignore_invalid_headers off;
+  proxy_buffering off;
 
   log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                     '$status $body_bytes_sent "$http_referer" '
@@ -25,9 +37,6 @@ http {
   server { 
     listen       10000 default_server;
     server_name  _;
-    client_max_body_size 1000m;
-    ignore_invalid_headers off;
-    proxy_buffering off;
 
     # Security Headers
     add_header X-Frame-Options SAMEORIGIN always;
@@ -107,7 +116,12 @@ http {
     client_header_timeout 60;
     client_body_timeout   60;
     keepalive_timeout     60;
-    gzip                  on;
-    gzip_comp_level       4;
+
+    # gzip
+    gzip on;
+    gzip_vary on;
+    gzip_proxied any;
+    gzip_comp_level 6;
+    gzip_types text/plain text/css text/xml application/json application/javascript application/rss+xml application/atom+xml image/svg+xml;
   }
 }
\ No newline at end of file
diff --git a/hosting/proxy/nginx.conf b/hosting/proxy/nginx.conf
index 1f7f0f6e6e..7a8a44e2d8 100644
--- a/hosting/proxy/nginx.conf
+++ b/hosting/proxy/nginx.conf
@@ -12,6 +12,19 @@ http {
   limit_req_zone $binary_remote_addr zone=ratelimit:10m rate=10r/s;
   include       /etc/nginx/mime.types;
   default_type  application/octet-stream;
+  charset utf-8;
+	sendfile on;
+	tcp_nopush on;
+	tcp_nodelay on;
+	server_tokens off;
+  types_hash_max_size 2048;
+
+  # buffering 
+  client_body_buffer_size 1K;
+  client_header_buffer_size 1k;
+  client_max_body_size 1k;
+  ignore_invalid_headers off;
+  proxy_buffering off;
 
 
   log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
@@ -111,7 +124,12 @@ http {
     client_header_timeout 60;
     client_body_timeout   60;
     keepalive_timeout     60;
-    gzip                  on;
-    gzip_comp_level       4;
+
+    # gzip
+    gzip on;
+    gzip_vary on;
+    gzip_proxied any;
+    gzip_comp_level 6;
+    gzip_types text/plain text/css text/xml application/json application/javascript application/rss+xml application/atom+xml image/svg+xml;
   }
 }
\ No newline at end of file