## # https://github.com/icantbelieveitworks/docs/blob/master/lepus/nginx_caching_proxy.md ## user www-data; worker_processes auto; pid /run/nginx.pid; worker_rlimit_nofile 65535; events { worker_connections 32768; accept_mutex off; use epoll; } http { ## # Basic Settings ## sendfile on; tcp_nopush on; tcp_nodelay on; keepalive_timeout 30; types_hash_max_size 2048; server_tokens off; # server_names_hash_bucket_size 64; # server_name_in_redirect off; include /etc/nginx/mime.types; default_type application/octet-stream; ## # SSL Settings ## ssl_dhparam /etc/nginx/ssl/dhparam.pem; ssl_protocols TLSv1.2 TLSv1.1 TLSv1; ssl_prefer_server_ciphers on; ssl_ciphers EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA512:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:ECDH+AESGCM:ECDH+AES256:DH+AESGCM:DH+AES256:RSA+AESGCM:!aNULL:!eNULL:!LOW:!RC4:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS; ssl_session_cache shared:TLS:128m; ## # Logging Settings ## #access_log /var/log/nginx/access.log; access_log off; error_log /var/log/nginx/error.log; proxy_cache_path /var/www/cache use_temp_path=off levels=1:2 keys_zone=cache:125m inactive=30d max_size=1000g; log_format cache '$remote_addr - $host [$time_local] "$request" $status ' '$body_bytes_sent "$http_referer" ' 'rt=$request_time ut="$upstream_response_time" ' 'cs=$upstream_cache_status'; ## # Gzip Settings ## gzip on; ## # Virtual Host Configs ## include /etc/nginx/conf.d/*.conf; include /etc/nginx/sites-enabled/*; server { listen 127.0.0.1; server_name localhost; location /nginx_status { stub_status on; access_log off; allow 127.0.0.1; deny all; } } server { listen 85; keepalive_timeout 30; root /var/cache/munin/www/; location /munin/static/ { alias /etc/munin/static/; } location ^~ /munin-cgi/munin-cgi-graph/ { access_log off; fastcgi_split_path_info ^(/munin-cgi/munin-cgi-graph)(.*); fastcgi_param PATH_INFO $fastcgi_path_info; fastcgi_pass unix:/var/run/munin/fcgi-graph.sock; include fastcgi_params; } } server { # caching reverse proxy listen 80 reuseport; listen 443 ssl http2 reuseport; server_name fr2.anilibria.tv; ssl_certificate /etc/letsencrypt/live/fr2.anilibria.tv/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/fr2.anilibria.tv/privkey.pem; access_log off; location ~* \.(m3u8|ts)$ { access_log /var/log/nginx/cache-access.log cache buffer=16k; proxy_pass http://x.anilibria.tv; proxy_cache cache; proxy_cache_valid 404 302 1m; proxy_cache_valid 200 1y; proxy_ignore_headers Set-Cookie Expires Cache-Control; proxy_cache_use_stale error timeout invalid_header updating http_500 http_502 http_503 http_504; proxy_cache_lock on; proxy_cache_min_uses 1; # reduce disk load proxy_cache_revalidate on; # https://www.nginx.com/blog/tuning-nginx/ proxy_http_version 1.1; proxy_set_header Connection ""; # clean cache curl https://fr2.anilibria.tv/videos/ts/4576/0001/fff1.ts -s -I -H "9d7bfc337cb6d7221e6dfe580f542ad3:true" proxy_cache_bypass $http_9d7bfc337cb6d7221e6dfe580f542ad3; add_header X-Cache-Status $upstream_cache_status; # show cache status # dont block process # https://img.poiuty.com/img/08/e75c6adde3ee57e4bff48a3bc0b70908.png # https://img.poiuty.com/img/1d/adbe5915344c83528f0b1a6bbac2951d.png # https://nginx.org/ru/docs/http/ngx_http_core_module.html#aio # https://habrahabr.ru/post/260669/ aio threads; aio_write on; sendfile_max_chunk 512k; } location /.well-known/ { # letsencrypt root /var/www/html; } location / { return 403; } } }