@phenomlab said in NODEBB: Nginx error performance & High CPU:
@DownPW It’s more straightforward than it sounds, although can be confusing if you look at it for the first time. I’ve just implemented it here. Can you provide your nginx config and your config.json (remove password obviously)
Thanks
here is my nginx.conf
user www-data;
worker_processes auto;
pid /run/nginx.pid;
worker_rlimit_nofile 70000;
include /etc/nginx/modules-enabled/*.conf;
events {
# worker_connections 768;
worker_connections 4000;
#multi_accept on;
#multi_accept on;
}
http {
##
# Basic Settings
##
#client_max_body_size 10M;
#Requete maximun par ip
limit_req_zone $binary_remote_addr zone=flood:10m rate=100r/s;
#Connexions maximum par ip
limit_conn_zone $binary_remote_addr zone=ddos:1m;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
# server_tokens off;
# server_names_hash_bucket_size 64;
# server_name_in_redirect off;
include /etc/nginx/mime.types;
default_type application/octet-stream;
##
# SSL Settings
##
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;
##
# Logging Settings
##
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
##
# Gzip Settings
##
gzip on;
gzip_min_length 1000; #test Violence
gzip_proxied off; #test Violence
gzip_types text/plain application/xml text/javascript application/javascript application/x-javascript text/css application/json;
# gzip_vary on;
# gzip_proxied any;
# gzip_comp_level 6;
# gzip_buffers 16 8k;
# gzip_http_version 1.1;
# gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
##
# Virtual Host Configs
##
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
server_names_hash_bucket_size 128;
}
#mail {
# # See sample authentication script at:
# # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
#
# # auth_http localhost/auth.php;
# # pop3_capabilities "TOP" "USER";
# # imap_capabilities "IMAP4rev1" "UIDPLUS";
#
# server {
# listen localhost:110;
# protocol pop3;
# proxy on;
# }
#
# server {
# listen localhost:143;
# protocol imap;
# proxy on;
# }
#}
And my NodebB website.conf :
server {
server_name XX-XX.net www.XX-XX.net;
listen XX.XX.XX.X;
listen [XX:XX:XX:XX::];
root /home/XX-XX/nodebb;
index index.php index.htm index.html;
access_log /var/log/virtualmin/XX-XX.net_access_log;
error_log /var/log/virtualmin/XX-XX.net_error_log;
location / {
limit_req zone=flood burst=100 nodelay;
limit_conn ddos 10;
proxy_read_timeout 180;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://127.0.0.1:4567/;
proxy_redirect off;
# Socket.IO Support
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
listen XX.XX.XX.XX:XXssl http2;
listen [XX:XX:XX:XX::]:443 ssl http2;
ssl_certificate /etc/ssl/virtualmin/166195366750642/ssl.cert;
ssl_certificate_key /etc/ssl/virtualmin/166195366750642/ssl.key;
if ($scheme = http) {
rewrite ^/(?!.well-known)(.*) "https://XX-XX.net/$1" break;
}
}
and my nodebb config.json :
{
"url": "https://XX-XX.net",
"secret": "XXXXXXXXXXXXXXXX",
"database": "mongo",
"mongo": {
"host": "127.0.0.1",
"port": "27017",
"username": "XXXXXXXXXXX",
"password": "XXXXXXXXXXX",
"database": "nodebb",
"uri": ""
}
}
