From ca22f74f02cf045a3a0bab3670039cd1a8f9aaa7 Mon Sep 17 00:00:00 2001 From: MattIPv4 Date: Fri, 25 Jun 2021 23:05:17 +0100 Subject: [PATCH] Only set reuseport once per ip:port pair --- src/nginxconfig/generators/conf/nginx.conf.js | 3 +- .../generators/conf/website.conf.js | 89 ++++++++++++------- src/nginxconfig/generators/index.js | 4 +- 3 files changed, 62 insertions(+), 34 deletions(-) diff --git a/src/nginxconfig/generators/conf/nginx.conf.js b/src/nginxconfig/generators/conf/nginx.conf.js index 48acc00..3ff1b82 100644 --- a/src/nginxconfig/generators/conf/nginx.conf.js +++ b/src/nginxconfig/generators/conf/nginx.conf.js @@ -222,9 +222,10 @@ export default (domains, global) => { // Single file configs if (!global.tools.modularizedStructure.computed) { + const ipPortPairs = new Set(); for (const domain of domains) { config.http.push([`# ${domain.server.domain.computed}`, '']); - config.http.push(...websiteConf(domain, domains, global)); + config.http.push(...websiteConf(domain, domains, global, ipPortPairs)); } } diff --git a/src/nginxconfig/generators/conf/website.conf.js b/src/nginxconfig/generators/conf/website.conf.js index 419c177..1d67aef 100644 --- a/src/nginxconfig/generators/conf/website.conf.js +++ b/src/nginxconfig/generators/conf/website.conf.js @@ -56,56 +56,75 @@ const sslConfig = (domain, global) => { return config; }; -const httpsListen = (domain, global) => { +const httpsListen = (domain, global, ipPortPairs) => { const config = []; + // Check if reuseport needs to be set + const ipPortV4 = `${domain.server.listenIpv4.computed === '*' ? '' : `${domain.server.listenIpv4.computed}:`}443`; + const reusePortV4 = global.https.portReuse.computed && !ipPortPairs.has(ipPortV4); + if (reusePortV4) ipPortPairs.add(ipPortV4); + // HTTPS config.push(['listen', - `${domain.server.listenIpv4.computed === '*' ? '' : `${domain.server.listenIpv4.computed}:`}443 ssl${domain.https.http2.computed ? ' http2' : ''}${global.https.portReuse.computed ? ' reuseport' : ''}`]); + `${ipPortV4} ssl${domain.https.http2.computed ? ' http2' : ''}${reusePortV4 ? ' reuseport' : ''}`]); // HTTP/3 if (domain.https.http3.computed) - config.push(['listen', - `${domain.server.listenIpv4.computed === '*' ? '' : `${domain.server.listenIpv4.computed}:`}443 http3`]); + config.push(['listen', `${ipPortV4} http3`]); // v6 - if (domain.server.listenIpv6.computed) - config.push(['listen', - `[${domain.server.listenIpv6.computed}]:443 ssl${domain.https.http2.computed ? ' http2' : ''}${global.https.portReuse.computed ? ' reuseport' : ''}`]); + if (domain.server.listenIpv6.computed) { + // Check if reuseport needs to be set + const ipPortV6 = `[${domain.server.listenIpv6.computed}]:443`; + const reusePortV6 = global.https.portReuse.computed && !ipPortPairs.has(ipPortV6); + if (reusePortV6) ipPortPairs.add(ipPortV6); - // v6 HTTP/3 - if (domain.server.listenIpv6.computed && domain.https.http3.computed) + // HTTPS config.push(['listen', - `[${domain.server.listenIpv6.computed}]:443 http3`]); + `${ipPortV6} ssl${domain.https.http2.computed ? ' http2' : ''}${reusePortV6 ? ' reuseport' : ''}`]); + + // HTTP/3 + if (domain.https.http3.computed) + config.push(['listen', `${ipPortV6} http3`]); + } return config; }; -const httpListen = domain => { +const httpListen = (domain, global, ipPortPairs) => { const config = []; - // Not HTTPS - config.push(['listen', - `${domain.server.listenIpv4.computed === '*' ? '' : `${domain.server.listenIpv4.computed}:`}80`]); + // Check if reuseport needs to be set + const ipPortV4 = `${domain.server.listenIpv4.computed === '*' ? '' : `${domain.server.listenIpv4.computed}:`}80`; + const reusePortV4 = global.https.portReuse.computed && !ipPortPairs.has(ipPortV4); + if (reusePortV4) ipPortPairs.add(ipPortV4); + + // v4 + config.push(['listen', `${ipPortV4}${reusePortV4 ? ' reuseport' : ''}`]); // v6 - if (domain.server.listenIpv6.computed) - config.push(['listen', `[${domain.server.listenIpv6.computed}]:80`]); + if (domain.server.listenIpv6.computed) { + // Check if reuseport needs to be set + const ipPortV6 = `[${domain.server.listenIpv6.computed}]:80`; + const reusePortV6 = global.https.portReuse.computed && !ipPortPairs.has(ipPortV6); + if (reusePortV6) ipPortPairs.add(ipPortV6); + + config.push(['listen', `${ipPortV6}${reusePortV6 ? ' reuseport' : ''}`]); + } return config; }; -const listenConfig = (domain, global) => { - if (domain.https.https.computed) return httpsListen(domain, global); - return httpListen(domain); +const listenConfig = (domain, global, ipPortPairs) => { + if (domain.https.https.computed) return httpsListen(domain, global, ipPortPairs); + return httpListen(domain, global, ipPortPairs); }; - -const httpRedirectConfig = (domain, global, domainName, redirectDomain) => { +const httpRedirectConfig = (domain, global, ipPortPairs, domainName, redirectDomain) => { // Build the server config on its own before adding it to the parent config const config = []; - config.push(...httpListen(domain)); + config.push(...httpListen(domain, global, ipPortPairs)); config.push(['server_name', domainName]); if (domain.https.certType.computed === 'letsEncrypt') { @@ -130,7 +149,7 @@ const httpRedirectConfig = (domain, global, domainName, redirectDomain) => { return config; }; -export default (domain, domains, global) => { +export default (domain, domains, global, ipPortPairs) => { // Use kv so we can use the same key multiple times const config = []; @@ -138,10 +157,12 @@ export default (domain, domains, global) => { const serverConfig = []; // Not HTTPS or not force HTTPS - if (!domain.https.https.computed || !domain.https.forceHttps.computed) serverConfig.push(...httpListen(domain)); + if (!domain.https.https.computed || !domain.https.forceHttps.computed) + serverConfig.push(...httpListen(domain, global, ipPortPairs)); // HTTPS - if (domain.https.https.computed) serverConfig.push(...httpsListen(domain, global)); + if (domain.https.https.computed) + serverConfig.push(...httpsListen(domain, global, ipPortPairs)); serverConfig.push(['server_name', `${domain.server.wwwSubdomain.computed ? 'www.' : ''}${domain.server.domain.computed}`]); @@ -340,7 +361,7 @@ export default (domain, domains, global) => { // Build the server config on its own before adding it to the parent config const cdnConfig = []; - cdnConfig.push(...listenConfig(domain, global)); + cdnConfig.push(...listenConfig(domain, global, ipPortPairs)); cdnConfig.push(['server_name', `cdn.${domain.server.domain.computed}`]); cdnConfig.push(['root', `${domain.server.path.computed}${domain.server.documentRoot.computed}`]); @@ -383,7 +404,7 @@ export default (domain, domains, global) => { // Build the server config on its own before adding it to the parent config const redirectConfig = []; - redirectConfig.push(...listenConfig(domain, global)); + redirectConfig.push(...listenConfig(domain, global, ipPortPairs)); redirectConfig.push(['server_name', `${domain.server.wwwSubdomain.computed ? '' : '*'}.${domain.server.domain.computed}`]); @@ -403,17 +424,21 @@ export default (domain, domains, global) => { // Add the redirect config to the parent config now its built config.push(['# HTTP redirect', '']); if (domain.server.wwwSubdomain.computed && !domain.server.redirectSubdomains.computed) { - config.push(['server', httpRedirectConfig(domain, global, domain.server.domain.computed, + config.push(['server', httpRedirectConfig(domain, global, ipPortPairs, + domain.server.domain.computed, `www.${domain.server.domain.computed}`)]); + config.push(['server', httpRedirectConfig(domain, global, ipPortPairs, `www.${domain.server.domain.computed}`)]); - config.push(['server', httpRedirectConfig(domain, global, `www.${domain.server.domain.computed}`)]); } else if (!domain.server.wwwSubdomain.computed && !domain.server.redirectSubdomains.computed) { - config.push(['server', httpRedirectConfig(domain, global, domain.server.domain.computed)]); + config.push(['server', httpRedirectConfig(domain, global, ipPortPairs, + domain.server.domain.computed)]); } if (domain.server.cdnSubdomain.computed) { - config.push(['server', httpRedirectConfig(domain, global, `cdn.${domain.server.domain.computed}`)]); + config.push(['server', httpRedirectConfig(domain, global, ipPortPairs, + `cdn.${domain.server.domain.computed}`)]); } if (domain.server.redirectSubdomains.computed) { - config.push(['server', httpRedirectConfig(domain, global, `.${domain.server.domain.computed}`, + config.push(['server', httpRedirectConfig(domain, global, ipPortPairs, + `.${domain.server.domain.computed}`, `${domain.server.wwwSubdomain.computed ? 'www.' : '' }${domain.server.domain.computed}`)]); } } diff --git a/src/nginxconfig/generators/index.js b/src/nginxconfig/generators/index.js index 83e75f9..0479b29 100644 --- a/src/nginxconfig/generators/index.js +++ b/src/nginxconfig/generators/index.js @@ -57,8 +57,10 @@ export default (domains, global) => { // Modularised configs if (global.tools.modularizedStructure.computed) { // Domain config + const sitesDir = `sites-${global.tools.symlinkVhost.computed ? 'available' : 'enabled'}`; + const ipPortPairs = new Set(); for (const domain of domains) { - files[`sites-${global.tools.symlinkVhost.computed ? 'available' : 'enabled'}/${domain.server.domain.computed}.conf`] = toConf(websiteConf(domain, domains, global)); + files[`${sitesDir}/${domain.server.domain.computed}.conf`] = toConf(websiteConf(domain, domains, global, ipPortPairs)); } // Let's encrypt