-
-
Notifications
You must be signed in to change notification settings - Fork 2.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
docs: recommend disabling nginx proxy buffering #13543
Conversation
Label error. Requires exactly 1 of: changelog:.*. Found: documentation |
I used to have this disabled as well, but I don't think it's a good practice as a default config. Our goal is to provide a bare bones proxy config for the Immich-specific topics, which this isn't really part of. https://www.nginx.com/blog/avoiding-top-10-nginx-configuration-mistakes/#proxy_buffering-off |
The current default config prevents uploads that are larger than the size of the proxies tmpfs, without generating any errors in the immich logs (since the request never reaches immich). I don't think this is a good default.
How is this not immich-specific?
I have to disagree. This article is discussing configuration mistakes related to nginx deployments that serve a substantial amount of clients. It is also only about It only lists downsides about rate limiting and caching, while a reverse proxy like the one documented by us is usually used by people to do SSL termination, and nothing more. So how is this relevant? I think the immich documentation should provide a good default for the majority of users. Anyone who's doing fancy stuff with a load balancer will know what they are doing. I guess what we can argue about is whether |
My opinion is that if you are using tmpfs for your proxy (which I don't believe is the default) you should know how to manage the disk space and RAM on your proxy. Immich is not here to teach someone how to use their reverse proxy. Logs should be monitored on the reverse proxy end in addition to Immich. Maybe other maintainers will disagree, or we can add a tooltip or such. |
Depends on the distribution, the systemd default is to enable it. If you don't believe it, look at the tmp.mount unit which is enabled by default via basic.target and basic.target is required by multi-user.target. Notably, raspbian (and maybe debian based stuff?) disables this in their default installation, but many do not (NixOS, Arch, Docker(!), ...).
You and I may, but I figured others - especially beginners - might very well not. So this is why I though it would be a great addition to the docs. If you don't think so that's fine to me, I don't want to argue. |
By default, nginx buffers requests and responses to proxy servers. This means the whole body is first written to a temporary file in /tmp and then passed to the proxy when it has been received. This PR adds two options to the nginx proxy documentation to disable this buffering.
Buffering causes issues when the proxy server has a tmpfs mounted on
/tmp
(which is almost always the case) and you try uploading files larger than the tmpfs (even if the backend immich instance could handle it). The proxy request will be aborted by nginx if it cannot be stored first. Disabling the buffering also increases transfer speeds as the file will immediately be passed to immich.