diff --git a/README.md b/README.md index 4c723aa0..881cf2ef 100644 --- a/README.md +++ b/README.md @@ -1670,10 +1670,16 @@ some reverse proxies (such as [Caddy](https://caddyserver.com/)) can automatical for improved security (and a 10% performance boost) consider listening on a unix-socket with `-i unix:770:www:/tmp/party.sock` (permission `770` means only members of group `www` can access it) -example webserver configs: +example webserver / reverse-proxy configs: -* [nginx config](contrib/nginx/copyparty.conf) -- entire domain/subdomain -* [apache2 config](contrib/apache/copyparty.conf) -- location-based +* [apache config](contrib/apache/copyparty.conf) +* caddy uds: `caddy reverse-proxy --from :8080 --to unix///dev/shm/party.sock` +* caddy tcp: `caddy reverse-proxy --from :8081 --to http://127.0.0.1:3923` +* [haproxy config](contrib/haproxy/copyparty.conf) +* [lighttpd subdomain](contrib/lighttpd/subdomain.conf) -- entire domain/subdomain +* [lighttpd subpath](contrib/lighttpd/subpath.conf) -- location-based (not optimal, but in case you need it) +* [nginx config](contrib/nginx/copyparty.conf) -- recommended +* [traefik config](contrib/traefik/copyparty.yaml) ### real-ip @@ -1685,6 +1691,38 @@ if you (and maybe everybody else) keep getting a message that says `thank you fo for most common setups, there should be a helpful message in the server-log explaining what to do, but see [docs/xff.md](docs/xff.md) if you want to learn more, including a quick hack to **just make it work** (which is **not** recommended, but hey...) +### reverse-proxy performance + +most reverse-proxies support connecting to copyparty either using uds/unix-sockets (`/dev/shm/party.sock`, faster/recommended) or using tcp (`127.0.0.1`) + +with copyparty listening on a uds / unix-socket / unix-domain-socket and the reverse-proxy connecting to that: + +| index.html | upload | download | software | +| ------------ | ----------- | ----------- | -------- | +| 28'900 req/s | 6'900 MiB/s | 7'400 MiB/s | no-proxy | +| 18'750 req/s | 3'500 MiB/s | 2'370 MiB/s | haproxy | +| 9'900 req/s | 3'750 MiB/s | 2'200 MiB/s | caddy | +| 18'700 req/s | 2'200 MiB/s | 1'570 MiB/s | nginx | +| 9'700 req/s | 1'750 MiB/s | 1'830 MiB/s | apache | +| 9'900 req/s | 1'300 MiB/s | 1'470 MiB/s | lighttpd | + +when connecting the reverse-proxy to `127.0.0.1` instead (the basic and/or old-fasioned way), speeds are a bit worse: + +| index.html | upload | download | software | +| ------------ | ----------- | ----------- | -------- | +| 21'200 req/s | 5'700 MiB/s | 6'700 MiB/s | no-proxy | +| 14'500 req/s | 1'700 MiB/s | 2'170 MiB/s | haproxy | +| 11'100 req/s | 2'750 MiB/s | 2'000 MiB/s | traefik | +| 8'400 req/s | 2'300 MiB/s | 1'950 MiB/s | caddy | +| 13'400 req/s | 1'100 MiB/s | 1'480 MiB/s | nginx | +| 8'400 req/s | 1'000 MiB/s | 1'000 MiB/s | apache | +| 6'500 req/s | 1'270 MiB/s | 1'500 MiB/s | lighttpd | + +in summary, `haproxy > caddy > traefik > nginx > apache > lighttpd`, and use uds when possible (traefik does not support it yet) + +* if these results are bullshit because my config exampels are bad, please submit corrections! + + ## prometheus metrics/stats can be enabled at URL `/.cpr/metrics` for grafana / prometheus / etc (openmetrics 1.0.0) diff --git a/contrib/README.md b/contrib/README.md index ad4de004..896a575f 100644 --- a/contrib/README.md +++ b/contrib/README.md @@ -53,5 +53,10 @@ init-scripts to start copyparty as a service * [`openrc/copyparty`](openrc/copyparty) # Reverse-proxy -copyparty has basic support for running behind another webserver -* [`nginx/copyparty.conf`](nginx/copyparty.conf) +copyparty supports running behind another webserver +* [`apache/copyparty.conf`](apache/copyparty.conf) +* [`haproxy/copyparty.conf`](haproxy/copyparty.conf) +* [`lighttpd/subdomain.conf`](lighttpd/subdomain.conf) +* [`lighttpd/subpath.conf`](lighttpd/subpath.conf) +* [`nginx/copyparty.conf`](nginx/copyparty.conf) -- recommended +* [`traefik/copyparty.yaml`](traefik/copyparty.yaml) diff --git a/contrib/apache/copyparty.conf b/contrib/apache/copyparty.conf index c36e42c1..49ea2bad 100644 --- a/contrib/apache/copyparty.conf +++ b/contrib/apache/copyparty.conf @@ -1,14 +1,29 @@ -# when running copyparty behind a reverse proxy, -# the following arguments are recommended: +# if you would like to use unix-sockets (recommended), +# you must run copyparty with one of the following: # -# -i 127.0.0.1 only accept connections from nginx +# -i unix:777:/dev/shm/party.sock +# -i unix:777:/dev/shm/party.sock,127.0.0.1 # # if you are doing location-based proxying (such as `/stuff` below) # you must run copyparty with --rp-loc=stuff # # on fedora/rhel, remember to setsebool -P httpd_can_network_connect 1 + LoadModule proxy_module modules/mod_proxy.so -ProxyPass "/stuff" "http://127.0.0.1:3923/stuff" -# do not specify ProxyPassReverse + RequestHeader set "X-Forwarded-Proto" expr=%{REQUEST_SCHEME} +# NOTE: do not specify ProxyPassReverse + + +## +## then, enable one of the below: + +# use subdomain proxying to unix-socket (best) +ProxyPass "/" "unix:///dev/shm/party.sock|http://whatever/" + +# use subdomain proxying to 127.0.0.1 (slower) +#ProxyPass "/" "http://127.0.0.1:3923/" + +# use subpath proxying to 127.0.0.1 (slow and maybe buggy) +#ProxyPass "/stuff" "http://127.0.0.1:3923/stuff" diff --git a/contrib/haproxy/copyparty.conf b/contrib/haproxy/copyparty.conf new file mode 100644 index 00000000..9e61e388 --- /dev/null +++ b/contrib/haproxy/copyparty.conf @@ -0,0 +1,24 @@ +# this config is essentially two separate examples; +# +# foo1 connects to copyparty using tcp, and +# foo2 uses unix-sockets for 27% higher performance +# +# to use foo2 you must run copyparty with one of the following: +# +# -i unix:777:/dev/shm/party.sock +# -i unix:777:/dev/shm/party.sock,127.0.0.1 + +defaults + mode http + option forwardfor + timeout connect 1s + timeout client 610s + timeout server 610s + +listen foo1 + bind *:8081 + server srv1 127.0.0.1:3923 maxconn 512 + +listen foo2 + bind *:8082 + server srv1 /dev/shm/party.sock maxconn 512 diff --git a/contrib/lighttpd/subdomain.conf b/contrib/lighttpd/subdomain.conf new file mode 100644 index 00000000..bbdd9566 --- /dev/null +++ b/contrib/lighttpd/subdomain.conf @@ -0,0 +1,24 @@ +# example usage for benchmarking: +# +# taskset -c 1 lighttpd -Df ~/dev/copyparty/contrib/lighttpd/subdomain.conf +# +# lighttpd can connect to copyparty using either tcp (127.0.0.1) +# or a unix-socket, but unix-sockets are 37% faster because +# lighttpd doesn't reuse tcp connections, so we're doing unix-sockets +# +# this means we must run copyparty with one of the following: +# +# -i unix:777:/dev/shm/party.sock +# -i unix:777:/dev/shm/party.sock,127.0.0.1 +# +# on fedora/rhel, remember to setsebool -P httpd_can_network_connect 1 + +server.port = 80 +server.document-root = "/var/empty" +server.upload-dirs = ( "/dev/shm", "/tmp" ) +server.modules = ( "mod_proxy" ) +proxy.forwarded = ( "for" => 1, "proto" => 1 ) +proxy.server = ( "" => ( ( "host" => "/dev/shm/party.sock" ) ) ) + +# if you really need to use tcp instead of unix-sockets, do this instead: +#proxy.server = ( "" => ( ( "host" => "127.0.0.1", "port" => "3923" ) ) ) diff --git a/contrib/lighttpd/subpath.conf b/contrib/lighttpd/subpath.conf new file mode 100644 index 00000000..38cee83f --- /dev/null +++ b/contrib/lighttpd/subpath.conf @@ -0,0 +1,31 @@ +# example usage for benchmarking: +# +# taskset -c 1 lighttpd -Df ~/dev/copyparty/contrib/lighttpd/subpath.conf +# +# lighttpd can connect to copyparty using either tcp (127.0.0.1) +# or a unix-socket, but unix-sockets are 37% faster because +# lighttpd doesn't reuse tcp connections, so we're doing unix-sockets +# +# this means we must run copyparty with one of the following: +# +# -i unix:777:/dev/shm/party.sock +# -i unix:777:/dev/shm/party.sock,127.0.0.1 +# +# also since this example proxies a subpath instead of the +# recommended subdomain-proxying, we must also specify this: +# +# --rp-loc files +# +# on fedora/rhel, remember to setsebool -P httpd_can_network_connect 1 + +server.port = 80 +server.document-root = "/var/empty" +server.upload-dirs = ( "/dev/shm", "/tmp" ) +server.modules = ( "mod_proxy" ) +$HTTP["url"] =~ "^/files" { + proxy.forwarded = ( "for" => 1, "proto" => 1 ) + proxy.server = ( "" => ( ( "host" => "/dev/shm/party.sock" ) ) ) + + # if you really need to use tcp instead of unix-sockets, do this instead: + #proxy.server = ( "" => ( ( "host" => "127.0.0.1", "port" => "3923" ) ) ) +} diff --git a/contrib/nginx/copyparty.conf b/contrib/nginx/copyparty.conf index 92efb756..a0b81935 100644 --- a/contrib/nginx/copyparty.conf +++ b/contrib/nginx/copyparty.conf @@ -36,9 +36,9 @@ upstream cpp_uds { # but there must be at least one unix-group which both # nginx and copyparty is a member of; if that group is # "www" then run copyparty with the following args: - # -i unix:770:www:/tmp/party.sock + # -i unix:770:www:/dev/shm/party.sock - server unix:/tmp/party.sock fail_timeout=1s; + server unix:/dev/shm/party.sock fail_timeout=1s; keepalive 1; } @@ -61,6 +61,10 @@ server { client_max_body_size 0; proxy_buffering off; proxy_request_buffering off; + # improve download speed from 600 to 1500 MiB/s + proxy_buffers 32 8k; + proxy_buffer_size 16k; + proxy_busy_buffers_size 24k; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; diff --git a/contrib/traefik/copyparty.yaml b/contrib/traefik/copyparty.yaml new file mode 100644 index 00000000..7831d612 --- /dev/null +++ b/contrib/traefik/copyparty.yaml @@ -0,0 +1,12 @@ +# ./traefik --experimental.fastproxy=true --entrypoints.web.address=:8080 --providers.file.filename=copyparty.yaml + +http: + services: + service-cpp: + loadBalancer: + servers: + - url: "http://127.0.0.1:3923/" + routers: + my-router: + rule: "PathPrefix(`/`)" + service: service-cpp