make nginx use keep alive to upstreams

Zoey2936 · Zoey2936 · commit a44fa7c4aed9 · 2026-04-04T19:57:08.000+02:00
diff --git a/.github/workflows/lint-and-format.yml b/.github/workflows/lint-and-format.yml
@@ -37,7 +37,7 @@ jobs:
       - name: nginxbeautifier
         run: |
           pnpm add -g nginxbeautifier
-          nginxbeautifier -s 4 -r rootfs/usr/local/nginx/conf
+          nginxbeautifier -s 2 -r rootfs/usr/local/nginx/conf
       - name: push changes
         run: |
           git add -A
diff --git a/backend/internal/nginx.js b/backend/internal/nginx.js
@@ -132,12 +132,13 @@ const internalNginx = {
 		const renderEngine = utils.getRenderEngine();
 		let renderedLocations = "";
 
-		for (const location of host.locations) {
+		for (const [idx, location] of (host.locations || []).entries()) {
 			if (location.npmplus_enabled === false) {
 				continue;
 			}
 
 			if (
+				location.forward_host &&
 				location.forward_host.indexOf("/") > -1 &&
 				!location.forward_host.startsWith("/") &&
 				!location.forward_host.startsWith("unix")
@@ -148,12 +149,75 @@ const internalNginx = {
 				location.forward_path = `/${split.join("/")}`;
 			}
 
+			location.forward_upstream_name = `upstream_${host.id}_location_${idx}`;
 			renderedLocations += await renderEngine.parseAndRender(template, location);
 		}
 
 		return renderedLocations;
 	},
 
+	/**
+	 * Generates upstream blocks for main host and custom locations
+	 * @param   {Object}  host
+	 * @returns {Promise}
+	 */
+	renderUpstreams: async (host) => {
+		let template;
+
+		try {
+			template = await readFile(`${__dirname}/../templates/_upstream.conf`, {
+				encoding: "utf8",
+			});
+		} catch (err) {
+			throw new errs.ConfigurationError(err.message);
+		}
+
+		const renderEngine = utils.getRenderEngine();
+		let renderedUpstreams = "";
+
+		if (["http", "https", "grpc", "grpcs"].includes(host.forward_scheme)) {
+			if (
+				host.forward_host &&
+				host.forward_host.indexOf("/") > -1 &&
+				!host.forward_host.startsWith("/") &&
+				!host.forward_host.startsWith("unix")
+			) {
+				const split = host.forward_host.split("/");
+				host.forward_host = split.shift();
+				host.forward_path = `/${split.join("/")}`;
+			}
+
+			host.forward_upstream_name = `upstream_${host.id}`;
+			renderedUpstreams += await renderEngine.parseAndRender(template, host);
+		}
+
+		for (const [idx, location] of (host.locations || []).entries()) {
+			if (location.npmplus_enabled === false) {
+				continue;
+			}
+
+			if (!["http", "https", "grpc", "grpcs"].includes(location.forward_scheme)) {
+				continue;
+			}
+
+			if (
+				location.forward_host &&
+				location.forward_host.indexOf("/") > -1 &&
+				!location.forward_host.startsWith("/") &&
+				!location.forward_host.startsWith("unix")
+			) {
+				const split = location.forward_host.split("/");
+				location.forward_host = split.shift();
+				location.forward_path = `/${split.join("/")}`;
+			}
+
+			location.forward_upstream_name = `upstream_${host.id}_location_${idx}`;
+			renderedUpstreams += await renderEngine.parseAndRender(template, location);
+		}
+
+		return renderedUpstreams;
+	},
+
 	/**
 	 * @param   {String}  host_type
 	 * @param   {Object}  host
@@ -175,14 +239,25 @@ const internalNginx = {
 			throw new errs.ConfigurationError(err.message);
 		}
 
-		// For redirection hosts, if the scheme is not http or https, set it to $scheme
+		host.env = process.env;
+
 		if (
-			nice_host_type === "redirection_host" &&
-			["http", "https"].indexOf(host.forward_scheme.toLowerCase()) === -1
+			host.forward_host &&
+			host.forward_host.indexOf("/") > -1 &&
+			!host.forward_host.startsWith("/") &&
+			!host.forward_host.startsWith("unix")
 		) {
-			host.forward_scheme = "$scheme";
+			const split = host.forward_host.split("/");
+			host.forward_host = split.shift();
+			host.forward_path = `/${split.join("/")}`;
 		}
 
+		if (host.domain_names) {
+			host.server_names = host.domain_names.map((domain_name) => domainToASCII(domain_name) || domain_name);
+		}
+
+		host.upstreams = await internalNginx.renderUpstreams(host);
+
 		if (host.locations) {
 			_.map(host.locations, (location) => {
 				if (location.npmplus_auth_request === "anubis") {
@@ -208,32 +283,14 @@ const internalNginx = {
 			host.locations = await internalNginx.renderLocations(host);
 		}
 
-		if (
-			host.forward_host &&
-			host.forward_host.indexOf("/") > -1 &&
-			!host.forward_host.startsWith("/") &&
-			!host.forward_host.startsWith("unix")
-		) {
-			const split = host.forward_host.split("/");
-
-			host.forward_host = split.shift();
-			host.forward_path = `/${split.join("/")}`;
-		}
-
-		if (host.domain_names) {
-			host.server_names = host.domain_names.map((domain_name) => domainToASCII(domain_name) || domain_name);
-		}
-
-		host.env = process.env;
-
 		try {
 			const config_text = await renderEngine.parseAndRender(template, host);
 
 			await writeFile(filename, config_text, { encoding: "utf8" });
 			debug(logger, "Wrote config:", filename);
 
 			if (process.env.DISABLE_NGINX_BEAUTIFIER === "false") {
-				await utils.execFile("nginxbeautifier", ["-s", "4", filename]).catch(() => {});
+				await utils.execFile("nginxbeautifier", ["-s", "2", filename]).catch(() => {});
 			}
 
 			return true;
diff --git a/backend/migrations/20260404150850_revert_redirect_auto_scheme.js b/backend/migrations/20260404150850_revert_redirect_auto_scheme.js
@@ -0,0 +1,46 @@
+import { migrate as logger } from "../logger.js";
+
+const migrateName = "revert_redirect_auto_scheme";
+
+/**
+ * Migrate
+ *
+ * @see https://knexjs.org/guide/migrations.html#migration-api
+ *
+ * @param   {Object} knex
+ * @returns {Promise}
+ */
+const up = (knex) => {
+	logger.info(`[${migrateName}] Migrating Up...`);
+
+	return knex.schema
+		.table("redirection_host", async (table) => {
+			// change the column default from auto to $scheme
+			await table.string("forward_scheme").notNull().defaultTo("$scheme").alter();
+			await knex("redirection_host").where("forward_scheme", "auto").update({ forward_scheme: "$scheme" });
+		})
+		.then(() => {
+			logger.info(`[${migrateName}] redirection_host Table altered`);
+		});
+};
+
+/**
+ * Undo Migrate
+ *
+ * @param   {Object} knex
+ * @returns {Promise}
+ */
+const down = (knex) => {
+	logger.info(`[${migrateName}] Migrating Down...`);
+
+	return knex.schema
+		.table("redirection_host", async (table) => {
+			await table.string("forward_scheme").notNull().defaultTo("auto").alter();
+			await knex("redirection_host").where("forward_scheme", "$scheme").update({ forward_scheme: "auto" });
+		})
+		.then(() => {
+			logger.info(`[${migrateName}] redirection_host Table altered`);
+		});
+};
+
+export { up, down };
diff --git a/backend/templates/_proxy_host_custom_location.conf b/backend/templates/_proxy_host_custom_location.conf
@@ -17,19 +17,17 @@ location {{ location_type }}{{ path }} {
 
   {% if forward_scheme == "http" or forward_scheme == "https" %}
 
-    set $upstream {{ forward_host }};
     include proxy-headers.conf;
     {% if npmplus_upstream_compression != true %}proxy_set_header Accept-Encoding "";{% endif %}
     {% if npmplus_proxy_request_buffering == true and npmplus_crowdsec_appsec == true %}proxy_request_buffering off;{% endif %}
     {% if npmplus_proxy_response_buffering == true %}proxy_buffering off;{% endif %}
-    proxy_pass {{ forward_scheme }}://{% if forward_path != null %}{{ forward_host }}{% else %}$upstream{% endif %}{% if forward_port != null %}:{{ forward_port }}{% endif %}{% if forward_path != null %}{{ forward_path }}{% else %}$request_uri{% endif %};
+    proxy_pass {{ forward_scheme }}://{{ forward_upstream_name }}{% if forward_path != null %}{{ forward_path }}{% else %}$request_uri{% endif %};
 
   {% elsif forward_scheme == "grpc" or forward_scheme == "grpcs" %}
 
-    set $upstream {{ forward_host }};
     include grpc-headers.conf;
     {% if npmplus_upstream_compression != true %}grpc_set_header Accept-Encoding "";{% endif %}
-    grpc_pass {{ forward_scheme }}://{% if forward_path != null %}{{ forward_host }}{% else %}$upstream{% endif %}{% if forward_port != null %}:{{ forward_port }}{% endif %}{% if forward_path != null %}{{ forward_path }}{% else %}$request_uri{% endif %};
+    grpc_pass {{ forward_scheme }}://{{ forward_upstream_name }}{% if forward_path != null %}{{ forward_path }}{% else %}$request_uri{% endif %};
 
   {% elsif forward_scheme == "path" %}
 
diff --git a/backend/templates/_upstream.conf b/backend/templates/_upstream.conf
@@ -0,0 +1,4 @@
+upstream {{ forward_upstream_name }} {
+  zone upstream_{{ id }} 64k;
+  server {{ forward_host }}{% if forward_port != null %}:{{ forward_port }}{% endif %} resolve;
+}
diff --git a/backend/templates/proxy_host.conf b/backend/templates/proxy_host.conf
@@ -5,6 +5,8 @@
 {% assign forward_host_last_char = forward_host | slice: -1 -%}
 
 {% if enabled %}
+  {{ upstreams }}
+
   server {
     {% include "_common.conf" %}
 
@@ -47,19 +49,17 @@
 
       {% if forward_scheme == "http" or forward_scheme == "https" %}
 
-        set $upstream {{ forward_host }};
         include proxy-headers.conf;
         {% if npmplus_upstream_compression != true %}proxy_set_header Accept-Encoding "";{% endif %}
         {% if npmplus_proxy_request_buffering == true and npmplus_crowdsec_appsec == true %}proxy_request_buffering off;{% endif %}
         {% if npmplus_proxy_response_buffering == true %}proxy_buffering off;{% endif %}
-        proxy_pass {{ forward_scheme }}://{% if forward_path != null %}{{ forward_host }}{% else %}$upstream{% endif %}{% if forward_port != null %}:{{ forward_port }}{% endif %}{% if forward_path != null %}{{ forward_path }}{% else %}$request_uri{% endif %};
+        proxy_pass {{ forward_scheme }}://{{ forward_upstream_name }}{% if forward_path != null %}{{ forward_path }}{% else %}$request_uri{% endif %};
 
       {% elsif forward_scheme == "grpc" or forward_scheme == "grpcs" %}
 
-        set $upstream {{ forward_host }};
         include grpc-headers.conf;
         {% if npmplus_upstream_compression != true %}grpc_set_header Accept-Encoding "";{% endif %}
-        grpc_pass {{ forward_scheme }}://{% if forward_path != null %}{{ forward_host }}{% else %}$upstream{% endif %}{% if forward_port != null %}:{{ forward_port }}{% endif %}{% if forward_path != null %}{{ forward_path }}{% else %}$request_uri{% endif %};
+        grpc_pass {{ forward_scheme }}://{{ forward_upstream_name }}{% if forward_path != null %}{{ forward_path }}{% else %}$request_uri{% endif %};
 
       {% elsif forward_scheme == "path" %}
 
diff --git a/backend/templates/stream.conf b/backend/templates/stream.conf
@@ -4,6 +4,12 @@
 # --------------------------------------------------------------------------
 
 {% if enabled %}
+
+  upstream upstream_{{ id }} {
+    zone upstream_{{ id }} 64k;
+    server {{ forwarding_host }}{% if forwarding_port != "" %}:{{ forwarding_port }}{% endif %} resolve;
+  }
+
   {% if tcp_forwarding %}
     server {
       listen {{ env.IPV4_BINDING }}:{{ incoming_port }}{% if certificate and certificate_id > 0 %} ssl{% endif %} reuseport deferred so_keepalive=on;
@@ -42,8 +48,7 @@
         {% endif %}
       {% endif %}
 
-      set $upstream {{ forwarding_host }};
-      proxy_pass $upstream{% if forwarding_port != "" %}:{{ forwarding_port }}{% endif %};
+      proxy_pass upstream_{{ id }};
 
       {{ npmplus_advanced_config }}
 
@@ -58,8 +63,7 @@
       listen {{ env.IPV4_BINDING }}:{{ incoming_port }} udp reuseport;
       {% if env.DISABLE_IPV6 == "false" %}listen {{ env.IPV6_BINDING }}:{{ incoming_port }} udp reuseport;{% endif %}
 
-      set $upstream {{ forwarding_host }};
-      proxy_pass $upstream{% if forwarding_port != "" %}:{{ forwarding_port }}{% endif %};
+      proxy_pass upstream_{{ id }};
 
       {{ npmplus_advanced_config }}
 
diff --git a/frontend/src/modals/RedirectionHostModal.tsx b/frontend/src/modals/RedirectionHostModal.tsx
@@ -176,9 +176,7 @@ const RedirectionHostModal = EasyModal.create(({ id, visible, remove }: Props) =
 																		required
 																		{...field}
 																	>
-																		<option value="auto">
-																			<T id="auto" />
-																		</option>
+																		<option value="$scheme">keep</option>
 																		<option value="http">http</option>
 																		<option value="https">https</option>
 																	</select>
diff --git a/rootfs/usr/local/bin/envs.sh b/rootfs/usr/local/bin/envs.sh
@@ -804,7 +804,7 @@ if [ "$GOA" = "true" ] && [ "$LOGROTATE" = "false" ]; then
 fi
 
 
-export TV="12"
+export TV="13"
 if [ ! -s /data/npmplus/env.sha512sum ] || [ "$(cat /data/npmplus/env.sha512sum)" != "$( (grep "env\.[A-Z0-9_]\+" -roh /app/templates | sed "s|env.||g" | sort | uniq | xargs printenv; echo "$TV") | tr -d "\n" | sha512sum | cut -d" " -f1)" ]; then
     echo "At least one env or the template version changed, all hosts will be regenerated. Please make sure to read the changelog."
     export REGENERATE_ALL="true"
diff --git a/rootfs/usr/local/nginx/conf/conf.d/goaccess.conf.disabled b/rootfs/usr/local/nginx/conf/conf.d/goaccess.conf.disabled
@@ -6,6 +6,10 @@ server {
     return 444;
 }
 
+upstream goaccess {
+    server unix:/run/goaccess.sock;
+}
+
 server {
     listen 0.0.0.0:91 ssl bind reuseport deferred multipath so_keepalive=on default_server;
     listen [::]:91 ssl bind reuseport deferred multipath so_keepalive=on default_server;
@@ -38,7 +42,7 @@ server {
         include proxy-headers.conf;
         proxy_set_header Accept-Encoding "";
         if ($http_upgrade = "websocket") {
-            proxy_pass http://unix:/run/goaccess.sock:$request_uri;
+            proxy_pass http://goaccess$request_uri;
         }
 
         root /tmp/goa;
diff --git a/rootfs/usr/local/nginx/conf/conf.d/npmplus.conf b/rootfs/usr/local/nginx/conf/conf.d/npmplus.conf
diff --git a/rootfs/usr/local/nginx/conf/nginx.conf b/rootfs/usr/local/nginx/conf/nginx.conf
diff --git a/rootfs/usr/local/nginx/conf/noindex-nofollow.conf b/rootfs/usr/local/nginx/conf/noindex-nofollow.conf
