7x31
/
nginxconfig.io
mirror of https://github.com/digitalocean/nginxconfig.io.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Only set reuseport once per ip:port pair

This commit is contained in:
MattIPv4 2021-06-25 23:05:17 +01:00
parent 49b41706e3
commit ca22f74f02
3 changed files with 62 additions and 34 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
src/nginxconfig/generators/conf/nginx.conf.js
View File

@ -222,9 +222,10 @@ export default (domains, global) => {
// Single file configs // Single file configs
if (!global.tools.modularizedStructure.computed) { if (!global.tools.modularizedStructure.computed) {
const ipPortPairs = new Set();
for (const domain of domains) { for (const domain of domains) {
config.http.push([`# ${domain.server.domain.computed}`, '']); config.http.push([`# ${domain.server.domain.computed}`, '']);
config.http.push(...websiteConf(domain, domains, global)); config.http.push(...websiteConf(domain, domains, global, ipPortPairs));
} }
} }

89
src/nginxconfig/generators/conf/website.conf.js
View File

@ -56,56 +56,75 @@ const sslConfig = (domain, global) => {
return config; return config;
}; };
const httpsListen = (domain, global) => { const httpsListen = (domain, global, ipPortPairs) => {
const config = []; const config = [];
// Check if reuseport needs to be set
const ipPortV4 = `${domain.server.listenIpv4.computed === '*' ? '' : `${domain.server.listenIpv4.computed}:`}443`;
const reusePortV4 = global.https.portReuse.computed && !ipPortPairs.has(ipPortV4);
if (reusePortV4) ipPortPairs.add(ipPortV4);
// HTTPS // HTTPS
config.push(['listen', config.push(['listen',
`${domain.server.listenIpv4.computed === '*' ? '' : `${domain.server.listenIpv4.computed}:`}443 ssl${domain.https.http2.computed ? ' http2' : ''}${global.https.portReuse.computed ? ' reuseport' : ''}`]); `${ipPortV4} ssl${domain.https.http2.computed ? ' http2' : ''}${reusePortV4 ? ' reuseport' : ''}`]);
// HTTP/3 // HTTP/3
if (domain.https.http3.computed) if (domain.https.http3.computed)
config.push(['listen', config.push(['listen', `${ipPortV4} http3`]);
`${domain.server.listenIpv4.computed === '*' ? '' : `${domain.server.listenIpv4.computed}:`}443 http3`]);
// v6 // v6
if (domain.server.listenIpv6.computed) if (domain.server.listenIpv6.computed) {
config.push(['listen', // Check if reuseport needs to be set
`[${domain.server.listenIpv6.computed}]:443 ssl${domain.https.http2.computed ? ' http2' : ''}${global.https.portReuse.computed ? ' reuseport' : ''}`]); const ipPortV6 = `[${domain.server.listenIpv6.computed}]:443`;
const reusePortV6 = global.https.portReuse.computed && !ipPortPairs.has(ipPortV6);
if (reusePortV6) ipPortPairs.add(ipPortV6);
// v6 HTTP/3 // HTTPS
if (domain.server.listenIpv6.computed && domain.https.http3.computed)
config.push(['listen', config.push(['listen',
`[${domain.server.listenIpv6.computed}]:443 http3`]); `${ipPortV6} ssl${domain.https.http2.computed ? ' http2' : ''}${reusePortV6 ? ' reuseport' : ''}`]);
// HTTP/3
if (domain.https.http3.computed)
config.push(['listen', `${ipPortV6} http3`]);
}
return config; return config;
}; };
const httpListen = domain => { const httpListen = (domain, global, ipPortPairs) => {
const config = []; const config = [];
// Not HTTPS // Check if reuseport needs to be set
config.push(['listen', const ipPortV4 = `${domain.server.listenIpv4.computed === '*' ? '' : `${domain.server.listenIpv4.computed}:`}80`;
`${domain.server.listenIpv4.computed === '*' ? '' : `${domain.server.listenIpv4.computed}:`}80`]); const reusePortV4 = global.https.portReuse.computed && !ipPortPairs.has(ipPortV4);
if (reusePortV4) ipPortPairs.add(ipPortV4);
// v4
config.push(['listen', `${ipPortV4}${reusePortV4 ? ' reuseport' : ''}`]);
// v6 // v6
if (domain.server.listenIpv6.computed) if (domain.server.listenIpv6.computed) {
config.push(['listen', `[${domain.server.listenIpv6.computed}]:80`]); // Check if reuseport needs to be set
const ipPortV6 = `[${domain.server.listenIpv6.computed}]:80`;
const reusePortV6 = global.https.portReuse.computed && !ipPortPairs.has(ipPortV6);
if (reusePortV6) ipPortPairs.add(ipPortV6);
config.push(['listen', `${ipPortV6}${reusePortV6 ? ' reuseport' : ''}`]);
}
return config; return config;
}; };
const listenConfig = (domain, global) => { const listenConfig = (domain, global, ipPortPairs) => {
if (domain.https.https.computed) return httpsListen(domain, global); if (domain.https.https.computed) return httpsListen(domain, global, ipPortPairs);
return httpListen(domain); return httpListen(domain, global, ipPortPairs);
}; };
const httpRedirectConfig = (domain, global, ipPortPairs, domainName, redirectDomain) => {
const httpRedirectConfig = (domain, global, domainName, redirectDomain) => {
// Build the server config on its own before adding it to the parent config // Build the server config on its own before adding it to the parent config
const config = []; const config = [];
config.push(...httpListen(domain)); config.push(...httpListen(domain, global, ipPortPairs));
config.push(['server_name', domainName]); config.push(['server_name', domainName]);
if (domain.https.certType.computed === 'letsEncrypt') { if (domain.https.certType.computed === 'letsEncrypt') {
@ -130,7 +149,7 @@ const httpRedirectConfig = (domain, global, domainName, redirectDomain) => {
return config; return config;
}; };
export default (domain, domains, global) => { export default (domain, domains, global, ipPortPairs) => {
// Use kv so we can use the same key multiple times // Use kv so we can use the same key multiple times
const config = []; const config = [];
@ -138,10 +157,12 @@ export default (domain, domains, global) => {
const serverConfig = []; const serverConfig = [];
// Not HTTPS or not force HTTPS // Not HTTPS or not force HTTPS
if (!domain.https.https.computed || !domain.https.forceHttps.computed) serverConfig.push(...httpListen(domain)); if (!domain.https.https.computed || !domain.https.forceHttps.computed)
serverConfig.push(...httpListen(domain, global, ipPortPairs));
// HTTPS // HTTPS
if (domain.https.https.computed) serverConfig.push(...httpsListen(domain, global)); if (domain.https.https.computed)
serverConfig.push(...httpsListen(domain, global, ipPortPairs));
serverConfig.push(['server_name', serverConfig.push(['server_name',
`${domain.server.wwwSubdomain.computed ? 'www.' : ''}${domain.server.domain.computed}`]); `${domain.server.wwwSubdomain.computed ? 'www.' : ''}${domain.server.domain.computed}`]);
@ -340,7 +361,7 @@ export default (domain, domains, global) => {
// Build the server config on its own before adding it to the parent config // Build the server config on its own before adding it to the parent config
const cdnConfig = []; const cdnConfig = [];
cdnConfig.push(...listenConfig(domain, global)); cdnConfig.push(...listenConfig(domain, global, ipPortPairs));
cdnConfig.push(['server_name', `cdn.${domain.server.domain.computed}`]); cdnConfig.push(['server_name', `cdn.${domain.server.domain.computed}`]);
cdnConfig.push(['root', `${domain.server.path.computed}${domain.server.documentRoot.computed}`]); cdnConfig.push(['root', `${domain.server.path.computed}${domain.server.documentRoot.computed}`]);
@ -383,7 +404,7 @@ export default (domain, domains, global) => {
// Build the server config on its own before adding it to the parent config // Build the server config on its own before adding it to the parent config
const redirectConfig = []; const redirectConfig = [];
redirectConfig.push(...listenConfig(domain, global)); redirectConfig.push(...listenConfig(domain, global, ipPortPairs));
redirectConfig.push(['server_name', redirectConfig.push(['server_name',
`${domain.server.wwwSubdomain.computed ? '' : '*'}.${domain.server.domain.computed}`]); `${domain.server.wwwSubdomain.computed ? '' : '*'}.${domain.server.domain.computed}`]);
@ -403,17 +424,21 @@ export default (domain, domains, global) => {
// Add the redirect config to the parent config now its built // Add the redirect config to the parent config now its built
config.push(['# HTTP redirect', '']); config.push(['# HTTP redirect', '']);
if (domain.server.wwwSubdomain.computed && !domain.server.redirectSubdomains.computed) { if (domain.server.wwwSubdomain.computed && !domain.server.redirectSubdomains.computed) {
config.push(['server', httpRedirectConfig(domain, global, domain.server.domain.computed, config.push(['server', httpRedirectConfig(domain, global, ipPortPairs,
domain.server.domain.computed, `www.${domain.server.domain.computed}`)]);
config.push(['server', httpRedirectConfig(domain, global, ipPortPairs,
`www.${domain.server.domain.computed}`)]); `www.${domain.server.domain.computed}`)]);
config.push(['server', httpRedirectConfig(domain, global, `www.${domain.server.domain.computed}`)]);
} else if (!domain.server.wwwSubdomain.computed && !domain.server.redirectSubdomains.computed) { } else if (!domain.server.wwwSubdomain.computed && !domain.server.redirectSubdomains.computed) {
config.push(['server', httpRedirectConfig(domain, global, domain.server.domain.computed)]); config.push(['server', httpRedirectConfig(domain, global, ipPortPairs,
domain.server.domain.computed)]);
} }
if (domain.server.cdnSubdomain.computed) { if (domain.server.cdnSubdomain.computed) {
config.push(['server', httpRedirectConfig(domain, global, `cdn.${domain.server.domain.computed}`)]); config.push(['server', httpRedirectConfig(domain, global, ipPortPairs,
`cdn.${domain.server.domain.computed}`)]);
} }
if (domain.server.redirectSubdomains.computed) { if (domain.server.redirectSubdomains.computed) {
config.push(['server', httpRedirectConfig(domain, global, `.${domain.server.domain.computed}`, config.push(['server', httpRedirectConfig(domain, global, ipPortPairs,
`.${domain.server.domain.computed}`,
`${domain.server.wwwSubdomain.computed ? 'www.' : '' }${domain.server.domain.computed}`)]); `${domain.server.wwwSubdomain.computed ? 'www.' : '' }${domain.server.domain.computed}`)]);
} }
} }

4
src/nginxconfig/generators/index.js
View File

@ -57,8 +57,10 @@ export default (domains, global) => {
// Modularised configs // Modularised configs
if (global.tools.modularizedStructure.computed) { if (global.tools.modularizedStructure.computed) {
// Domain config // Domain config
const sitesDir = `sites-${global.tools.symlinkVhost.computed ? 'available' : 'enabled'}`;
const ipPortPairs = new Set();
for (const domain of domains) { for (const domain of domains) {
files[`sites-${global.tools.symlinkVhost.computed ? 'available' : 'enabled'}/${domain.server.domain.computed}.conf`] = toConf(websiteConf(domain, domains, global)); files[`${sitesDir}/${domain.server.domain.computed}.conf`] = toConf(websiteConf(domain, domains, global, ipPortPairs));
} }
// Let's encrypt // Let's encrypt