Nginx#
Nginx can be deployed in front of Quetz to improve performances when using local storage.
Note
When using S3
or Azure
as file storage, packages are served directly from the cloud.
Using Nginx won’t make much difference in that case.
Configuration#
Here is an example configuration to use Nginx in front of Quetz:
worker_processes 1;
pid /tmp/nginx.pid;
events {
worker_connections 1024;
}
http {
map $cache $control {
1 "max-age=1200";
}
map $uri $cache {
~*\.(json)$ 1;
}
proxy_temp_path /tmp/proxy_temp;
client_body_temp_path /tmp/client_temp;
fastcgi_temp_path /tmp/fastcgi_temp;
uwsgi_temp_path /tmp/uwsgi_temp;
scgi_temp_path /tmp/scgi_temp;
include mime.types;
default_type application/octet-stream;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
gzip on;
gzip_types application/json;
client_max_body_size 100m;
upstream quetz {
server 127.0.0.1:8000;
}
server {
listen 8080;
add_header Cache-Control $control;
server_name localhost;
location / {
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_redirect off;
proxy_buffering off;
proxy_pass http://quetz;
}
location /files/channels/ {
# path for channels
alias /quetz-deployment/channels/;
secure_link $arg_md5,$arg_expires;
secure_link_md5 "$secure_link_expires$file_name mysecrettoken";
if ($secure_link = "") { return 403; }
if ($secure_link = "0") { return 410; }
}
}
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
}
Requests for files under /files/channels/
will be served by Nginx. Note the
optional secure_link and secure_link_md5 configuration. This enables expiring,
authenticated links. To use these links (important with private channels) you
will need to set the same secret in the quetz config
[local_store]
redirect_enabled = true
redirect_endpoint = "/files"
redirect_secret = "mysecrettoken" # this has to correspond with nginx config!
redirect_expiration = 3600 # expire link after 3600 seconds (1 hour)
All other requests are passed to the Quetz application, which is running locally on port 8000 in this example.
Warning
This configuration disables any authentication to access files under the channels
directory. This isn’t an issue if you only have public channels.
Authentication for private channels hasn’t been implemented yet.
client_max_body_size#
The default maximum allowed size of the client request body is 1MB. Don’t forget to increase it to upload bigger packages. Request Entity Too Large (413) will be returned otherwise.
client_max_body_size 100m;
Compress json files#
Nginx can be configured to automatically compress json files using:
gzip on;
gzip_types application/json;
Add cache-control header for json files#
It’s possible to add cache-control header for json files.
For the repodata.json
file to be cached by conda, max-age
can be added
to the header by Nginx when serving json files.
Under the http
section:
map $cache $control {
1 "max-age=1200";
}
map $uri $cache {
~*\.(json)$ 1;
}
Under the server
section:
add_header Cache-Control $control;
Note that the same value will be used for all channels.