civodul pushed a commit to branch master
in repository maintenance.
commit 43a55862ecfa0c626db18831a0e62ac48905059c
Author: Ludovic Courtès <l...@gnu.org>
Date: Mon Jun 3 17:11:43 2019 +0200
nginx: berlin: Define locations for 'guix publish'.
* hydra/nginx/berlin.scm (%publish-locations): New variable.
(%berlin-locations): Use it.
---
hydra/nginx/berlin.scm | 299 +++++++++++++++++++++++++------------------------
1 file changed, 151 insertions(+), 148 deletions(-)
diff --git a/hydra/nginx/berlin.scm b/hydra/nginx/berlin.scm
index 877c602..af7a9e4 100644
--- a/hydra/nginx/berlin.scm
+++ b/hydra/nginx/berlin.scm
@@ -24,6 +24,128 @@
(define %publish-url "http://localhost:3000";)
+(define %publish-locations
+ ;; Nginx locations for 'guix publish'.
+ (list (nginx-location-configuration
+ (uri "/nix-cache-info")
+ (body
+ (list
+ (string-append
+ "proxy_pass " %publish-url "/nix-cache-info;")
+ ;; Cache this file since that's always the first thing we ask
+ ;; for.
+ "proxy_cache static;"
+ "proxy_cache_valid 200 100d;" ; cache hits for a looong time.
+ "proxy_cache_valid any 5m;" ; cache misses/others for 5 min.
+ "proxy_ignore_client_abort on;"
+
+ ;; We need to hide and ignore the Set-Cookie header to enable
+ ;; caching.
+ "proxy_hide_header Set-Cookie;"
+ "proxy_ignore_headers Set-Cookie;")))
+
+ (nginx-location-configuration
+ (uri "/nar/")
+ (body
+ (list
+ (string-append "proxy_pass " %publish-url ";")
+ "client_body_buffer_size 256k;"
+
+ ;; Be more tolerant of delays when fetching a nar.
+ "proxy_read_timeout 60s;"
+ "proxy_send_timeout 60s;"
+
+ ;; Enable caching for nar files, to avoid reconstructing and
+ ;; recompressing archives.
+ "proxy_cache nar;"
+ "proxy_cache_valid 200 30d;" ; cache hits for 1 month
+ "proxy_cache_valid 504 3m;" ; timeout, when hydra.gnu.org is
overloaded
+ "proxy_cache_valid any 1h;" ; cache misses/others for 1h.
+
+ "proxy_ignore_client_abort on;"
+
+ ;; Nars are already compressed.
+ "gzip off;"
+
+ ;; We need to hide and ignore the Set-Cookie header to enable
+ ;; caching.
+ "proxy_hide_header Set-Cookie;"
+ "proxy_ignore_headers Set-Cookie;"
+
+ ;; Provide a 'content-length' header so that 'guix
+ ;; substitute-binary' knows upfront how much it is downloading.
+ ;; "add_header Content-Length $body_bytes_sent;"
+ )))
+
+ (nginx-location-configuration
+ (uri "~ \\.narinfo$")
+ (body
+ (list
+ ;; Since 'guix publish' has its own caching, and since it relies
+ ;; on the atime of cached narinfos to determine whether a
+ ;; narinfo can be removed from the cache, don't do any caching
+ ;; here.
+ (string-append "proxy_pass " %publish-url ";")
+
+ ;; For HTTP pipelining. This has a dramatic impact on
+ ;; performance.
+ "client_body_buffer_size 128k;"
+
+ ;; Narinfos requests are short, serve many of them on a
+ ;; connection.
+ "keepalive_requests 600;"
+
+ ;; Do not tolerate slowness of hydra.gnu.org when fetching
+ ;; narinfos: better return 504 quickly than wait forever.
+ "proxy_connect_timeout 2s;"
+ "proxy_read_timeout 2s;"
+ "proxy_send_timeout 2s;"
+
+ ;; 'guix publish --ttl' produces a 'Cache-Control' header for
+ ;; use by 'guix substitute'. Let it through rather than use
+ ;; nginx's "expire" directive since the expiration time defined
+ ;; by 'guix publish' is the right one.
+ "proxy_pass_header Cache-Control;"
+
+ "proxy_ignore_client_abort on;"
+
+ ;; We need to hide and ignore the Set-Cookie header to enable
+ ;; caching.
+ "proxy_hide_header Set-Cookie;"
+ "proxy_ignore_headers Set-Cookie;")))
+
+ (nginx-location-configuration
+ (uri "/log/")
+ (body
+ (list
+ (string-append "proxy_pass " %publish-url ";")
+
+ ;; Enable caching for build logs.
+ "proxy_cache logs;"
+ "proxy_cache_valid 200 60d;" ; cache hits.
+ "proxy_cache_valid 504 3m;" ; timeout, when hydra.gnu.org is
overloaded
+ "proxy_cache_valid any 1h;" ; cache misses/others.
+
+ "proxy_ignore_client_abort on;"
+
+ ;; We need to hide and ignore the Set-Cookie header to enable
+ ;; caching.
+ "proxy_hide_header Set-Cookie;"
+ "proxy_ignore_headers Set-Cookie;")))
+
+ ;; Content-addressed files served by 'guix publish'.
+ (nginx-location-configuration
+ (uri "/file/")
+ (body
+ (list
+ (string-append "proxy_pass " %publish-url ";")
+
+ "proxy_cache cas;"
+ "proxy_cache_valid 200 200d;" ; cache hits
+ "proxy_cache_valid any 5m;" ; cache misses/others
+
+ "proxy_ignore_client_abort on;")))))
+
(define %tls-settings
(list
;; Make sure SSL is disabled.
@@ -38,154 +160,35 @@
"ssl_dhparam /etc/dhparams.pem;"))
(define %berlin-locations
- (list
- ;; Cuirass.
- (nginx-location-configuration
- (uri "/")
- (body (list "proxy_pass http://localhost:8081;";)))
-
- (nginx-location-configuration
- (uri "/static")
- (body
- (list
- "proxy_pass http://localhost:8081;";
- ;; Let browsers cache this for a while.
- "expires 10d;"
- ;; Cache quite aggressively.
- "proxy_cache static;"
- "proxy_cache_valid 200 5d;"
- "proxy_cache_valid any 10m;"
- "proxy_ignore_client_abort on;")))
-
- (nginx-location-configuration
- (uri "/berlin.guixsd.org-export.pub")
- (body
- (list "root /var/www/guix;")))
-
- (nginx-location-configuration
- (uri "/nix-cache-info")
- (body
- (list
- (string-append
- "proxy_pass " %publish-url "/nix-cache-info;")
- ;; Cache this file since that's always the first thing we ask
- ;; for.
- "proxy_cache static;"
- "proxy_cache_valid 200 100d;" ; cache hits for a looong time.
- "proxy_cache_valid any 5m;" ; cache misses/others for 5 min.
- "proxy_ignore_client_abort on;"
-
- ;; We need to hide and ignore the Set-Cookie header to enable
- ;; caching.
- "proxy_hide_header Set-Cookie;"
- "proxy_ignore_headers Set-Cookie;")))
-
- (nginx-location-configuration
- (uri "/nar/")
- (body
- (list
- (string-append "proxy_pass " %publish-url ";")
- "client_body_buffer_size 256k;"
-
- ;; Be more tolerant of delays when fetching a nar.
- "proxy_read_timeout 60s;"
- "proxy_send_timeout 60s;"
-
- ;; Enable caching for nar files, to avoid reconstructing and
- ;; recompressing archives.
- "proxy_cache nar;"
- "proxy_cache_valid 200 30d;" ; cache hits for 1 month
- "proxy_cache_valid 504 3m;" ; timeout, when hydra.gnu.org is overloaded
- "proxy_cache_valid any 1h;" ; cache misses/others for 1h.
-
- "proxy_ignore_client_abort on;"
-
- ;; Nars are already compressed.
- "gzip off;"
-
- ;; We need to hide and ignore the Set-Cookie header to enable
- ;; caching.
- "proxy_hide_header Set-Cookie;"
- "proxy_ignore_headers Set-Cookie;"
-
- ;; Provide a 'content-length' header so that 'guix
- ;; substitute-binary' knows upfront how much it is downloading.
- ;; "add_header Content-Length $body_bytes_sent;"
- )))
-
- (nginx-location-configuration
- (uri "~ \\.narinfo$")
- (body
- (list
- ;; Since 'guix publish' has its own caching, and since it relies
- ;; on the atime of cached narinfos to determine whether a
- ;; narinfo can be removed from the cache, don't do any caching
- ;; here.
- (string-append "proxy_pass " %publish-url ";")
-
- ;; For HTTP pipelining. This has a dramatic impact on
- ;; performance.
- "client_body_buffer_size 128k;"
-
- ;; Narinfos requests are short, serve many of them on a
- ;; connection.
- "keepalive_requests 600;"
-
- ;; Do not tolerate slowness of hydra.gnu.org when fetching
- ;; narinfos: better return 504 quickly than wait forever.
- "proxy_connect_timeout 2s;"
- "proxy_read_timeout 2s;"
- "proxy_send_timeout 2s;"
-
- ;; 'guix publish --ttl' produces a 'Cache-Control' header for
- ;; use by 'guix substitute'. Let it through rather than use
- ;; nginx's "expire" directive since the expiration time defined
- ;; by 'guix publish' is the right one.
- "proxy_pass_header Cache-Control;"
-
- "proxy_ignore_client_abort on;"
-
- ;; We need to hide and ignore the Set-Cookie header to enable
- ;; caching.
- "proxy_hide_header Set-Cookie;"
- "proxy_ignore_headers Set-Cookie;")))
-
- (nginx-location-configuration
- (uri "/log/")
- (body
- (list
- (string-append "proxy_pass " %publish-url ";")
-
- ;; Enable caching for build logs.
- "proxy_cache logs;"
- "proxy_cache_valid 200 60d;" ; cache hits.
- "proxy_cache_valid 504 3m;" ; timeout, when hydra.gnu.org is overloaded
- "proxy_cache_valid any 1h;" ; cache misses/others.
-
- "proxy_ignore_client_abort on;"
-
- ;; We need to hide and ignore the Set-Cookie header to enable
- ;; caching.
- "proxy_hide_header Set-Cookie;"
- "proxy_ignore_headers Set-Cookie;")))
-
- ;; Content-addressed files served by 'guix publish'.
- (nginx-location-configuration
- (uri "/file/")
- (body
- (list
- (string-append "proxy_pass " %publish-url ";")
-
- "proxy_cache cas;"
- "proxy_cache_valid 200 200d;" ; cache hits
- "proxy_cache_valid any 5m;" ; cache misses/others
-
- "proxy_ignore_client_abort on;")))
-
- ;; For use by Certbot.
- (nginx-location-configuration
- (uri "/.well-known")
- (body (list "root /var/www;")))))
+ (append %publish-locations
+ (list
+ ;; Cuirass.
+ (nginx-location-configuration
+ (uri "/")
+ (body (list "proxy_pass http://localhost:8081;";)))
+
+ (nginx-location-configuration
+ (uri "/static")
+ (body
+ (list
+ "proxy_pass http://localhost:8081;";
+ ;; Let browsers cache this for a while.
+ "expires 10d;"
+ ;; Cache quite aggressively.
+ "proxy_cache static;"
+ "proxy_cache_valid 200 5d;"
+ "proxy_cache_valid any 10m;"
+ "proxy_ignore_client_abort on;")))
+
+ (nginx-location-configuration
+ (uri "/berlin.guixsd.org-export.pub")
+ (body
+ (list "root /var/www/guix;")))
+
+ ;; For use by Certbot.
+ (nginx-location-configuration
+ (uri "/.well-known")
+ (body (list "root /var/www;"))))))
(define %berlin-servers
(list
