chore: nginx optimisations

ansible/www-standalone/resources/config/nodejs.org

@@ -23,10 +23,17 @@ server {
  # These directives prevent our server from continuously attempting to open the same requested files on disk
  # Open file descriptors and basic metadata for each file requested gets cached
  # For specific location blocks, such as /dist, we also cache file not found (404) and other disk errors
- open_file_cache max=100000 inactive=300s;
- open_file_cache_valid 120s;
- open_file_cache_min_uses 2;
- open_file_cache_errors off;
+ open_file_cache max=500 inactive=5m;
+ open_file_cache_valid 2m;
+ open_file_cache_min_uses 1;
+ open_file_cache_errors on;
+
+ # This limits the number of connections to the server by creating a maximum amount of concurrent connections
+ # We limit the number of concurrent connections to be 5000
+ # This can be fine-tuned; See https://docs.nginx.com/nginx/admin-guide/security-controls/controlling-access-proxied-http/
+ limit_conn_zone $server_name zone=limitconnserver:10m;
+ limit_conn_status 429;
+ limit_conn limitconnserver 5000;
 
  root /home/www/nodejs;
  default_type text/plain;
@@ -62,9 +69,9 @@ server {
  # We use ^~ to tell NGINX not to process any other location directive or rewrite after this match
  location ^~ /dist {
  alias /home/dist/nodejs/release;
+
  autoindex on;
  default_type text/plain;
- open_file_cache_errors on;
 
  location ~ \.json$ {
  add_header access-control-allow-origin *;
@@ -96,10 +103,17 @@ server {
  # These directives prevent our server from continuously attempting to open the same requested files on disk
  # Open file descriptors and basic metadata for each file requested gets cached
  # For specific location blocks, such as /dist, we also cache file not found (404) and other disk errors
- open_file_cache max=100000 inactive=300s;
- open_file_cache_valid 120s;
- open_file_cache_min_uses 2;
- open_file_cache_errors off;
+ open_file_cache max=500 inactive=5m;
+ open_file_cache_valid 2m;
+ open_file_cache_min_uses 1;
+ open_file_cache_errors on;
+
+ # This limits the number of connections to the server by creating a maximum amount of concurrent connections
+ # We limit the number of concurrent connections to be 5000
+ # This can be fine-tuned; See https://docs.nginx.com/nginx/admin-guide/security-controls/controlling-access-proxied-http/
+ limit_conn_zone $server_name zone=limitconnserver:10m;
+ limit_conn_status 429;
+ limit_conn limitconnserver 5000;
 
  # We set a default language to "en". This is used for the Localized 404 pages
  set $lang en;
@@ -186,7 +200,6 @@ server {
  alias /home/dist/nodejs/release;
  autoindex on;
  default_type text/plain;
- open_file_cache_errors on;
 
  # This rewrite is done to redirect legacy /dist/staging requests to /dist directly
  rewrite ^/dist/staging/(.*)$ /dist/$1 permanent;
@@ -280,11 +293,6 @@ server {
  # as set by the @english_fallback location block
  # Otherwise, this will fallback to $lang being "en" as defined numerous lines above
  location @localized_404 {
- # We disable caching of 404 pages as we always want Cloudflare to check if the file now exists
- # Some 404s may be caused by the server reaching maximum concurrent file system open() requests
- # Disabling cache allows Cloudflare to re-evaluate the same $uri once our server recovers and then properly cache it
- add_header Cache-Control "private, no-store, max-age=0" always;
-
  # If this was a rewritten i18n request from @english_fallback, use the localized 404
  # If there is no 404 page for that locale, fallback to the English 404
  # As a last resort, fallback to NGINX's default 404. This should never happen, and will emit a [crit]