I noticed that my v3 instance of NodeBB in test was so much slower than live, but was using the same database etc. On closer inspection, the nginx configuration needed a tweak, so I’m posting my settings here so others can benefit from it. Note, that various aspects have been redacted for obvious privacy and security reasons, and to this end, you will need to substitute these values for those that exist in your own environment.
server {
# Ensure you put your server name here, such as example.com www.example.com etc.
server_name sservername;
listen x.x.x.x:443 ssl http2;
access_log /path/to/access.log;
error_log /path/to/error.log;
ssl_certificate /path/to/ssl.combined;
ssl_certificate_key /path/to/ssl.key;
# You may not need the below values, so feel free to remove these if not required
rewrite ^\Q/mail/config-v1.1.xml\E(.*) $scheme://$host/cgi-bin/autoconfig.cgi$1 break;
rewrite ^\Q/.well-known/autoconfig/mail/config-v1.1.xml\E(.*) $scheme://$host/cgi-bin/autoconfig.cgi$1 break;
rewrite ^\Q/AutoDiscover/AutoDiscover.xml\E(.*) $scheme://$host/cgi-bin/autoconfig.cgi$1 break;
rewrite ^\Q/Autodiscover/Autodiscover.xml\E(.*) $scheme://$host/cgi-bin/autoconfig.cgi$1 break;
rewrite ^\Q/autodiscover/autodiscover.xml\E(.*) $scheme://$host/cgi-bin/autoconfig.cgi$1 break;
# You may not need the above values, so feel free to remove these if not required
client_body_buffer_size 10K;
client_header_buffer_size 1k;
client_max_body_size 8m;
large_client_header_buffers 4 4k;
client_body_timeout 12;
client_header_timeout 12;
keepalive_timeout 15;
send_timeout 10;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_redirect off;
# Socket.io Support
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
gzip on;
gzip_disable "msie6";
gzip_vary on;
gzip_proxied any;
gzip_min_length 1024;
gzip_comp_level 6;
gzip_buffers 16 8k;
gzip_http_version 1.1;
gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
add_header X-XSS-Protection "1; mode=block";
add_header X-Download-Options "noopen" always;
add_header Content-Security-Policy "upgrade-insecure-requests" always;
add_header Referrer-Policy 'no-referrer' always;
add_header Permissions-Policy "accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()" always;
# This is the string that will show in the headers if requested, so you can put what you want in here. Keep it clean :)
add_header X-Powered-By "<whatever you want here>" always;
add_header X-Permitted-Cross-Domain-Policies "none" always;
location / {
# Don't forget to change the port to the one you use. I have a non-standard one :)
proxy_pass http://127.0.0.1:5000;
}
location @nodebb {
# Don't forget to change the port to the one you use. I have a non-standard one :)
proxy_pass http://127.0.0.1:5000;
}
location ~ ^/assets/(.*) {
root /path/to/nodebb/;
try_files /build/public/$1 /public/$1 @nodebb;
add_header Cache-Control "max-age=31536000";
}
location /plugins/ {
root /path/to/nodebb/build/public/;
try_files $uri @nodebb;
add_header Cache-Control "max-age=31536000";
}
if ($scheme = http) {
# Ensure you set your actual domain here
rewrite ^/(?!.well-known)(.*) https://yourdomain/$1 break;
}
}
I’ve added comments at the obvious places where you need to make changes. Depending on how your server is configured, and it’s capabilities, this should improve performance no end.
Don’t use insane levels in the below section
client_body_buffer_size 10K;
client_header_buffer_size 1k;
client_max_body_size 8m;
large_client_header_buffers 4 4k;
client_body_timeout 12;
client_header_timeout 12;
keepalive_timeout 15;
send_timeout 10;
Keep to these values, and if anything, adjust them DOWN to suit your server.
Author of OGProxy, Swatch, Threaded, Card, and most of Sudonix's bugs…
Further configuration changes can be made to the nginx core itself, although my recommendation here is to leave this alone unless you are sure you know what you are doing.
undefined phenomlab marked this topic as a regular topic on
hi @phenomlab , is there any reason that you do not use 4567?
Additionally, do you scale your forum up to 3 ports?
@crazycells hi - no security reason, or anything specific in this case. However, the nginx.conf I posted was from my Dev environment which uses this port as a way of not interfering with production.
And yes, I use clustering on this site with three instances.
