Commit graph

23 commits

Author SHA1 Message Date
Joseph Schorr
ef167ab7e3 Rate limit the catalog endpoint by auth token and IP address 2018-06-05 18:24:31 -04:00
Jimmy Zelinskie
e542de7e65 nginx: temporarily disable catalog for production 2018-06-05 16:06:10 -04:00
Joseph Schorr
e20295f573 Fix Kubernetes config provider for recent changes in Kub API
Kubernetes secret volumes are now mounted as read-only, so we have to write the files *only* via the Kub API

Fixes https://jira.coreos.com/browse/QUAY-911
2018-04-22 17:22:28 +03:00
Joseph Schorr
9f996a8745 Change worker processes to be auto set based on CPU count
Fixes https://jira.coreos.com/browse/QS-109
2018-01-10 11:10:57 -05:00
Jimmy Zelinskie
e36bf25a5e nginx: rate limit 1r/s
This reduces our rate limiting down to to 1 request per second.
2017-12-13 13:15:32 -05:00
Joseph Schorr
bd67eaf856 Make SSL more resilient and cached 2017-09-05 18:02:07 -04:00
Alec Merdler
fb7df1e568 fixed 502 route in Nginx config 2017-07-27 14:45:18 -04:00
Antoine Legrand
cdb3722c17 Use $QUAYPATH and $QUAYDIR in conf and init files 2017-07-05 16:23:54 +02:00
Joseph Schorr
bf51ec20e8 Disable gzip on HEAD requests in v2 endpoints
nginx's gzip module will ignore the content-length header on the HEAD request and try to gzip the body.... but there is no body, so it simply writes no header at all.

Code to turn this off was based off of https://trac.nginx.org/nginx/ticket/261
2017-05-03 18:27:45 -04:00
Jimmy Zelinskie
f6a785c1b5 conf/nginx: add cnr path 2017-03-23 13:06:22 -04:00
Joseph Schorr
dd35677712 Add configurable maximum layer size in nginx 2017-03-21 13:14:11 -04:00
Evan Cordell
41033ae05d fix typo 2017-02-23 19:03:26 -05:00
Evan Cordell
ecd441269b Pass host to apostille (required for k8s ingress) 2017-02-23 18:29:02 -05:00
Evan Cordell
16ec19d356 Add dnsmasq so nginx will allow an upstream service to not block startup 2017-02-23 14:38:16 -05:00
Evan Cordell
9affe193db Add support for tuf metadata endpoints 2017-02-23 14:38:16 -05:00
Jake Moshenko
51ba68d135 Configure nginx to gzip our svg and js files. 2016-11-29 09:30:52 -05:00
Joseph Schorr
2726405ea5 Enable full debuggable logs on non-proxy protocol nginx config
Fixes #2037
2016-11-28 16:29:35 -05:00
Joseph Schorr
5109f4a04e Change read timeout on WAMP to 5 min 2016-11-01 16:07:17 -04:00
Joseph Schorr
460137779f Switch proxy resolver to use the local resolv.conf values 2016-09-29 11:13:41 +02:00
Joseph Schorr
dd2e086a20 Add feature flag to force all direct download URLs to be proxied
Fixes #1667
2016-09-29 11:13:41 +02:00
Joseph Schorr
d34650976a Set the proxy_read_timeout for the builder web socket to be much higher
We rarely send data from the build manager to the builder, so this should make sure nginx doesn't accidentally kill the connection

Fixes #1782
2016-09-27 12:37:26 +02:00
Jimmy Zelinskie
46e11894d7 nginx: fix paths to stack 2016-08-13 13:53:04 -04:00
Jimmy Zelinskie
6a681bb748 move nginx 2016-08-10 16:14:54 -04:00