Otimização de Nginx para Alta demanda de mensagem

Esta documentação técnica é destinada a usuários com alto volume de mensagens (próximo ou superior a 10.000 atendimentos por dia). As configurações de Nginx abaixo são otimizadas para melhorar a performance e a estabilidade da plataforma sob alta carga.
vim /etc/nginx/sites-available/zpro-backend

server {
  server_name api.zpro.com.br;

  location / {
# Remova CORS do upstream para evitar duplicidade
  proxy_hide_header Access-Control-Allow-Origin;
  proxy_hide_header Access-Control-Allow-Credentials;
  proxy_hide_header Access-Control-Allow-Headers;
  proxy_hide_header Access-Control-Allow-Methods;

  # Preflight
  if ($request_method = OPTIONS) {
    add_header Access-Control-Allow-Origin $cors_origin always;
    add_header Access-Control-Allow-Methods "GET, POST, PUT, PATCH, DELETE, OPTIONS" always;
    add_header Access-Control-Allow-Headers $http_access_control_request_headers always;
    add_header Access-Control-Allow-Credentials "true" always;
    add_header Access-Control-Max-Age "600" always;    # <-- 10 minutos
    add_header Vary "Origin" always;
    return 204;
  }

  # Demais respostas
  add_header Access-Control-Allow-Origin $cors_origin always;
  add_header Access-Control-Allow-Credentials "true" always;
  add_header Vary "Origin" always;

  proxy_pass [http://127.0.0.1:3000](http://127.0.0.1:3000);
  proxy_http_version 1.1;
  proxy_set_header Upgrade $http_upgrade;
  proxy_set_header Connection "upgrade";
  proxy_set_header Host $host;
  proxy_set_header X-Real-IP $remote_addr;
  proxy_set_header X-Forwarded-Proto $scheme;
  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

  proxy_read_timeout 3600s;
  proxy_send_timeout 3600s;
  proxy_connect_timeout 60s;
  client_max_body_size 800M;

  proxy_buffering on; #off
  proxy_buffers 8 16k; #del
  proxy_busy_buffers_size 64k; #del

  add_header Cache-Control "no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0" always;
  add_header Pragma "no-cache" always;
  add_header Expires "0" always;
}
    listen 443 ssl http2; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/api.zpro.com.br/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/api.zpro.com.br/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}

server {
    if ($host = api.zpro.com.br) {
        return 301 https://$host$request_uri;
    } # managed by Certbot

  server_name api.zpro.com.br;
  listen 80;
  return 301 https://$host$request_uri;
}


-------------------------------------------------------------------------------------
vim /etc/nginx/sites-available/zpro-frontend

server {
  server_name app.zpro.com.br;

    location / {
    proxy_pass [http://127.0.0.1:4444](http://127.0.0.1:4444);
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection 'upgrade';
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_cache_bypass $http_upgrade;

    proxy_read_timeout 3600s;
    proxy_send_timeout 3600s;
    proxy_connect_timeout 60s;
    client_max_body_size 800M;
    proxy_buffering off;

    add_header Cache-Control "no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0" always;
    add_header Pragma "no-cache" always;
    add_header Expires "0" always;
  }

    listen 443 ssl http2; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/app.zpro.com.br/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/app.zpro.com.br/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}

server {
    if ($host = app.zpro.com.br) {
        return 301 https://$host$request_uri;
    } # managed by Certbot

  server_name app.zpro.com.br;
    listen 80;
    return 404; # managed by Certbot
}


-------------------------------------------------------------------------------------
vim /etc/nginx/conf.d/cors_vars.conf
map $request_method $cors_methods {
    default "GET, POST, PUT, PATCH, DELETE, OPTIONS";
}

map $http_access_control_request_headers $cors_req_headers {
    default $http_access_control_request_headers;
}

-------------------------------------------------------------------------------------
vim /etc/nginx/conf.d/cors_map.conf
# Aceita http/https, com ou sem porta, para *.zpro.com.br e zpro.com.br
map $http_origin $cors_origin {
    default "";
    "~^https?://([a-z0-9-]+\.)*zpro\.com\.br(:\d+)?$" $http_origin;
}
AnteriorAtualização PróximoProjeto no Dialogflow
Atualizado há 11 horas