From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <e@80x24.org>
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on dcvr.yhbt.net
X-Spam-Level: 
X-Spam-ASN:  
X-Spam-Status: No, score=-3.4 required=3.0 tests=ALL_TRUSTED,AWL,BAYES_00,
	DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF shortcircuit=no
	autolearn=ham autolearn_force=no version=3.4.2
Received: from localhost (dcvr.yhbt.net [127.0.0.1])
	by dcvr.yhbt.net (Postfix) with ESMTP id 333811F910
	for <meta@public-inbox.org>; Sat, 26 Nov 2022 09:55:17 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=80x24.org;
	s=selector1; t=1669456517;
	bh=K1fKRr202xYGspTWtgw5uje4aTwgRApWQdalrwkCXpU=;
	h=From:To:Subject:Date:From;
	b=Jcj4lLPCHAwuqVFg7mBO7X9AtbZj1QwkZnQ3uCZkPwdEWtcB6AzDCWzdRCDD5QTDa
	 4fgR2hHYGC+KTqezaJ3Csy5KNzFTtXV+t64A+NStOSZArLuRZbaWMF/zkc4pC251e7
	 XraXM0IawBeOqt9ssWE/tMTwd8EXjGuqzIQ4wDrs=
From: Eric Wong <e@80x24.org>
To: meta@public-inbox.org
Subject: [PATCH] examples/nginx_proxy: recommend `proxy_buffering off'
Date: Sat, 26 Nov 2022 09:55:16 +0000
Message-Id: <20221126095516.165964-1-e@80x24.org>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
List-Id: <meta.public-inbox.org>

public-inbox-httpd has always been designed to handle slow
clients efficiently via non-blocking sockets and epoll|kqueue.

Thus the proxy buffering capabilities of nginx were a needless
waste of memory and filesystem traffic and increases response
latency.

nginx does provide an HTTPS-capable reverse-proxy to talk to
varnish, however, any other HTTPS-capable reverse proxy works,
too.
---
 examples/nginx_proxy | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/examples/nginx_proxy b/examples/nginx_proxy
index d8d1e6df..754a4931 100644
--- a/examples/nginx_proxy
+++ b/examples/nginx_proxy
@@ -1,8 +1,14 @@
 # Example NGINX configuration to proxy-pass requests
-# to public-inbox-httpd or to a standalone PSGI/Plack server.
+# to varnish, public-inbox-(httpd|netd) or any PSGI/Plack server.
 # The daemon is assumed to be running locally on port 8001.
 # Adjust ssl certificate paths if you use any, or remove
 # the ssl configuration directives if you don't.
+#
+# Note: public-inbox-httpd and -netd both support HTTPS, but they
+# don't support caching which Varnish provides.  The recommended
+# setup is currently:
+#
+#   (nginx|any-HTTPS-proxy) <-> varnish <-> public-inbox-(httpd|netd)
 server {
 	server_name _;
 	listen 80;
@@ -14,6 +20,7 @@ server {
 		proxy_set_header    HOST $host;
 		proxy_set_header    X-Real-IP $remote_addr;
 		proxy_set_header    X-Forwarded-Proto $scheme;
+		proxy_buffering off; # lowers response latency
 		proxy_pass          http://127.0.0.1:8001$request_uri;
 	}