user www wheel; worker_processes 8; events { worker_connections 1024; } http { include mime.types; default_type application/octet-stream; access_log /var/log/nginx/access.log; access_log off; error_log /var/log/nginx/error.log; aio on; sendfile on; tcp_nopush on; resolver 192.168.0.5 [fd01::5]; server { listen *:80; listen [::]:80; server_name pkgp.ahlawat.com; root /usr/local/share/poudriere/html; location /data { alias /mnt/poudriere/data/logs/bulk; autoindex on; } location /packages { root /mnt/poudriere/data; autoindex on; } #error_page 404 /404.html; error_page 500 502 503 504 /50x.html; location = /50x.html { root /usr/local/www/nginx-dist; } } server { listen *:443 ssl http2; listen [::]:443 ssl http2; server_name pkgp.ahlawat.com; root /usr/local/share/poudriere/html; ssl_certificate /mnt/certs/fullchain.pem; ssl_certificate_key /mnt/certs/privkey.pem; ssl_session_timeout 1d; ssl_session_cache shared:MozSSL:10m; # about 40000 sessions ssl_session_tickets off; # modern configuration ssl_protocols TLSv1.3; ssl_prefer_server_ciphers off; # HSTS (ngx_http_headers_module is required) (63072000 seconds) add_header Strict-Transport-Security "max-age=63072000" always; # OCSP stapling ssl_stapling on; ssl_stapling_verify on; # verify chain of trust of OCSP response using Root CA and Intermediate certs ssl_trusted_certificate /mnt/certs/fullchain.pem; location /data { alias /mnt/poudriere/data/logs/bulk; autoindex on; } location /packages { root /mnt/poudriere/data; autoindex on; } #error_page 404 /404.html; error_page 500 502 503 504 /50x.html; location = /50x.html { root /usr/local/www/nginx-dist; } } # https://www.nginx.com/blog/nginx-caching-guide/ # https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_cache_valid proxy_cache_path /mnt/cache/pkg/ levels=1:2 keys_zone=pkg_cache:10m max_size=10g inactive=1d use_temp_path=off; server { listen *:80; listen [::]:80; server_name pkgp-freebsd-pkg.ahlawat.com; # root /mnt/cache/pkg/; # autoindex on; proxy_http_version 1.1; proxy_socket_keepalive on; proxy_set_header Host $host; # add_header X-Proxy-Cache $upstream_cache_status; location / { proxy_cache pkg_cache; proxy_cache_valid 1d; proxy_cache_revalidate on; proxy_cache_lock on; proxy_ignore_headers X-Accel-Expires Expires Cache-Control Set-Cookie; proxy_hide_header X-Accel-Expires; proxy_hide_header Expires; proxy_hide_header Cache-Control; proxy_hide_header Set-Cookie; proxy_pass http://pkg-mirrors; proxy_next_upstream error timeout invalid_header http_404; } } upstream pkg-mirrors { server localhost:8001; server localhost:8002 backup; server localhost:8003 backup; } server { listen *:8001; listen [::]:8001; server_name localhost; location / { proxy_pass http://pkg0.tuk.FreeBSD.org; } } server { listen *:8002; listen [::]:8002; server_name localhost; location / { proxy_pass http://pkg0.bbt.FreeBSD.org; } } server { listen *:8003; listen [::]:8003; server_name localhost; location / { proxy_pass http://pkg0.nyi.FreeBSD.org; } } proxy_cache_path /mnt/cache/update/ levels=1:2 keys_zone=update_cache:10m max_size=10g inactive=1d use_temp_path=off; server { listen *:80; listen [::]:80; server_name pkgp-freebsd-update.ahlawat.com; # root /mnt/cache/update/; # autoindex on; proxy_http_version 1.1; proxy_socket_keepalive on; proxy_set_header Host $host; # add_header X-Proxy-Cache $upstream_cache_status; location / { proxy_cache update_cache; proxy_cache_valid 1d; proxy_cache_revalidate on; proxy_cache_lock on; proxy_ignore_headers X-Accel-Expires Expires Cache-Control Set-Cookie; proxy_hide_header X-Accel-Expires; proxy_hide_header Expires; proxy_hide_header Cache-Control; proxy_hide_header Set-Cookie; proxy_pass http://update-mirrors; proxy_next_upstream error timeout invalid_header http_404; } } upstream update-mirrors { server localhost:8011; server localhost:8012; server localhost:8013; server localhost:8014; } server { listen *:8011; listen [::]:8011; server_name localhost; location / { proxy_pass http://update1.FreeBSD.org; } } server { listen *:8012; listen [::]:8012; server_name localhost; location / { proxy_pass http://update2.FreeBSD.org; } } server { listen *:8013; listen [::]:8013; server_name localhost; location / { proxy_pass http://update5.FreeBSD.org; } } server { listen *:8014; listen [::]:8014; server_name localhost; location / { proxy_pass http://update4.FreeBSD.org; } } }