diff --git a/docs/admin/getting-started/container/docker-compose/docker-external-proxy.md b/docs/admin/getting-started/container/docker-compose/docker-external-proxy.md index eb5a0a7f..9395d412 100644 --- a/docs/admin/getting-started/container/docker-compose/docker-external-proxy.md +++ b/docs/admin/getting-started/container/docker-compose/docker-external-proxy.md @@ -178,7 +178,7 @@ server { # OpenCloud server { - listen 443 ssl; + listen 443 ssl http2; server_name cloud.YOUR.DOMAIN; ssl_certificate /etc/letsencrypt/live/cloud.YOUR.DOMAIN/fullchain.pem; @@ -197,6 +197,23 @@ server { # Prevent nginx from trying other upstreams proxy_next_upstream off; + # Increase max upload size (required for Tus — without this, uploads over 1 MB fail) + client_max_body_size 10M; + + # Disable buffering - essential for SSE + proxy_buffering off; + proxy_request_buffering off; + + # Extend timeouts for long connections + proxy_read_timeout 3600s; + proxy_send_timeout 3600s; + keepalive_requests 100000; + keepalive_timeout 5m; + http2_max_concurrent_streams 512; + + # Prevent nginx from trying other upstreams + proxy_next_upstream off; + location / { proxy_pass http://127.0.0.1:9200; proxy_set_header Host $host; @@ -208,46 +225,51 @@ server { # Collabora server { - listen 443 ssl; - server_name collabora.YOUR.DOMAIN; - - ssl_certificate /etc/letsencrypt/live/cloud.YOUR.DOMAIN/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/cloud.YOUR.DOMAIN/privkey.pem; - # Increase max upload size to collabora editor - client_max_body_size 10M; + listen 443 ssl http2; + server_name collabora.YOUR.DOMAIN; + + ssl_certificate /etc/letsencrypt/live/cloud.YOUR.DOMAIN/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/cloud.YOUR.DOMAIN/privkey.pem; + # Increase max upload size to collabora editor + client_max_body_size 10M; + + location / { + proxy_pass http://127.0.0.1:9980; + proxy_set_header Host $host; + } + + location ~ ^/cool/(.*)/ws$ { + proxy_pass http://127.0.0.1:9980; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + proxy_set_header Host $host; + } - location / { - proxy_pass http://127.0.0.1:9980; - proxy_set_header Host $host; - } - - location ~ ^/cool/(.*)/ws$ { - proxy_pass http://127.0.0.1:9980; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "Upgrade"; - proxy_set_header Host $host; - } } # WOPI Server server { - listen 443 ssl; - server_name wopiserver.YOUR.DOMAIN; - - ssl_certificate /etc/letsencrypt/live/cloud.YOUR.DOMAIN/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/cloud.YOUR.DOMAIN/privkey.pem; - - location / { - proxy_pass http://127.0.0.1:9300; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - } + listen 443 ssl http2; + server_name wopiserver.YOUR.DOMAIN; + + ssl_certificate /etc/letsencrypt/live/cloud.YOUR.DOMAIN/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/cloud.YOUR.DOMAIN/privkey.pem; + + location / { + proxy_pass http://127.0.0.1:9300; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + } } ``` -Thanks to [mitexleo](https://github.com/mitexleo) for the Ngnix example configuration on GitHub +:::note +We enabled HTTP/2 and increased keep-alive limits to prevent large syncs from failing and ensure stable client connections, since nginx closes connections after ~1,000 requests by default. +::: + +Thanks to [mitexleo](https://github.com/mitexleo) for the Ngnix example configuration on GitHub and [zerox80](https://github.com/zerox80) for the adjustments Enable and reload Nginx: