diff --git a/reverse_proxy/CLAUDE.md b/reverse_proxy/CLAUDE.md index 2bba9e3..92fc112 100644 --- a/reverse_proxy/CLAUDE.md +++ b/reverse_proxy/CLAUDE.md @@ -75,8 +75,9 @@ Rate limits are applied per zone and configured for low-traffic scenarios (< 12 - Access: https://metrics.ralsina.me - Authentication: username `metrics`, password stored in `.htpasswd` -- Real-time updates via WebSocket +- Static HTML generation (updates every 60 seconds for memory efficiency) - Logs location: `/var/log/nginx/access.log` +- Note: Real-time WebSocket disabled to reduce memory usage on 256MB containers ## Important Notes diff --git a/reverse_proxy/Dockerfile b/reverse_proxy/Dockerfile index d4b09b2..4ec7a81 100644 --- a/reverse_proxy/Dockerfile +++ b/reverse_proxy/Dockerfile @@ -14,7 +14,7 @@ COPY . ./ # https://docs.docker.com/develop/develop-images/multistage-build/#use-multi-stage-builds FROM alpine:latest -RUN apk update && apk add --no-cache ca-certificates iptables ip6tables nginx goaccess curl python3 py3-pip +RUN apk update && apk add --no-cache ca-certificates nginx goaccess curl # Copy binary to production image COPY --from=builder /app/start.sh /app/start.sh diff --git a/reverse_proxy/goaccess.sh b/reverse_proxy/goaccess.sh index 39ae00c..77160dc 100755 --- a/reverse_proxy/goaccess.sh +++ b/reverse_proxy/goaccess.sh @@ -19,31 +19,18 @@ touch /var/log/nginx/access.log echo "Starting GoAccess..." -# Start GoAccess with real-time WebSocket support -# Remove unsupported options and use valid ones -goaccess /var/log/nginx/access.log \ - --log-format=COMBINED \ - --real-time-html \ - --ws-url=wss://metrics.ralsina.me/ws \ - --daemonize \ - --output=/usr/share/nginx/html/goaccess/index.html & +# Use static HTML generation for lower memory usage +# Generate every 60 seconds to reduce memory pressure +echo "Starting GoAccess with low-memory static mode..." +while true; do + goaccess /var/log/nginx/access.log \ + --log-format='%h - %^ [%d:%t %^] "%r" %s %b "%R" "%u" rt=%T uct=%^ uht=%^ urt=%^' \ + --date-format='%d/%b/%Y' \ + --time-format='%H:%M:%S' \ + --output=/usr/share/nginx/html/goaccess/index.html + echo "Generated static report at $(date)" + sleep 60 +done & -# Get the PID GOACCESS_PID=$! -echo "GoAccess started with PID: $GOACCESS_PID" - -# Wait a moment and check if it's still running -sleep 3 -if kill -0 $GOACCESS_PID 2>/dev/null; then - echo "GoAccess is running successfully" -else - echo "GoAccess failed to start, trying static HTML method..." - # Alternative: generate static HTML every 30 seconds - while true; do - goaccess /var/log/nginx/access.log \ - --log-format=COMBINED \ - --output=/usr/share/nginx/html/goaccess/index.html - echo "Generated static report at $(date)" - sleep 30 - done & -fi \ No newline at end of file +echo "GoAccess static generator started with PID: $GOACCESS_PID" \ No newline at end of file diff --git a/reverse_proxy/nginx.conf b/reverse_proxy/nginx.conf index 675ca7b..9fc7ffe 100644 --- a/reverse_proxy/nginx.conf +++ b/reverse_proxy/nginx.conf @@ -3,6 +3,21 @@ map $upstream_http_access_control_allow_origin $allow_origin { '' "*"; } +# Nginx memory optimizations for low-memory environments (added to main config) + +# Custom log format that captures real IP from X-Forwarded-For +# Use the first IP from X-Forwarded-For if available, otherwise use remote_addr +map $http_x_forwarded_for $real_ip { + default $remote_addr; + ~*^([^,]+) $1; +} + +log_format forward_for '$real_ip - $remote_user [$time_local] ' + '"$request" $status $body_bytes_sent ' + '"$http_referer" "$http_user_agent" ' + 'rt=$request_time uct="$upstream_connect_time" ' + 'uht="$upstream_header_time" urt="$upstream_response_time"'; + # Rate limiting zones for bot protection limit_req_zone $binary_remote_addr zone=global:10m rate=10r/s; limit_req_zone $binary_remote_addr zone=post_requests:10m rate=3r/s; @@ -23,6 +38,21 @@ map $http_user_agent $is_unknown_ua { ~*^insomnia 1; } +# Use custom log format with real IP tracking +access_log /var/log/nginx/access.log forward_for buffer=32k; + +# HTTP-level memory optimizations (within http context) +# Reduce connection timeouts and buffer sizes +keepalive_timeout 30; +keepalive_requests 50; +client_body_timeout 15; +client_header_timeout 15; +send_timeout 15; +reset_timedout_connection on; +client_body_buffer_size 1k; +client_header_buffer_size 1k; +large_client_header_buffers 2 1k; + server { listen 0.0.0.0:8080;