nginx: enable tcp fastopen by default

2023-09-03 22:45:47 +02:00 · 2023-09-03 22:45:47 +02:00 · 3fb7ff1861
parent 6474e59c30
commit 3fb7ff1861
1 changed files with 15 additions and 0 deletions
--- a/config/default.nix
+++ b/config/default.nix
@ -202,6 +202,21 @@
        proxy_set_header X-Real-IP       $proxy_protocol_addr;
        proxy_set_header X-Forwarded-For $proxy_protocol_addr;
      '';
+      virtualHosts."_".listen = let
+        extraParameters = [
+          "reuseport"
+
+          # net.core.somaxconn is set to 4096
+          # see https://www.nginx.com/blog/tuning-nginx/#:~:text=to%20a%20value-,greater%20than%20512,-%2C%20change%20the%20backlog
+          "backlog=1024"
+
+          "deferred"
+          "fastopen=256" # requires nginx to be compiled with -DTCP_FASTOPEN=23
+        ];
+      in lib.mkDefault [
+        { addr = "[::]"; port = 80; inherit extraParameters; }
+        { addr = "[::]"; port = 443; ssl = true; inherit extraParameters; }
+      ];
    };

    openssh = {