Skip to content

Commit 90c92aa

Browse files
KONFeatureKONFeature
committed
⚡️ Better wallet + listener nginx conf, faster load time
1 parent 73e9121 commit 90c92aa

File tree

3 files changed

+84
-5
lines changed

3 files changed

+84
-5
lines changed

apps/listener/nginx.conf

Lines changed: 14 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -2,6 +2,19 @@ server {
22
listen 80;
33
server_name localhost;
44

5+
# Enable sendfile for efficient file serving
6+
sendfile on;
7+
tcp_nopush on;
8+
tcp_nodelay on;
9+
10+
# Cache open file descriptors (improves performance significantly)
11+
# inactive=20s means unused files are removed after 20s
12+
# This is safe during deployments because each pod has its own cache
13+
open_file_cache max=1000 inactive=20s;
14+
open_file_cache_valid 30s;
15+
open_file_cache_min_uses 2;
16+
open_file_cache_errors on;
17+
518
# Use X-Forwarded-Proto from ingress, fallback to $scheme
619
set $real_scheme $scheme;
720
if ($http_x_forwarded_proto = 'https') {
@@ -12,6 +25,7 @@ server {
1225
gzip on;
1326
gzip_vary on;
1427
gzip_min_length 1024;
28+
gzip_comp_level 6;
1529
gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript application/x-font-ttf font/opentype image/svg+xml image/x-icon;
1630

1731
# Security headers optimized for iframe-only usage

apps/wallet/nginx.conf

Lines changed: 14 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -2,10 +2,24 @@ server {
22
listen 80;
33
server_name localhost;
44

5+
# Enable sendfile for efficient file serving
6+
sendfile on;
7+
tcp_nopush on;
8+
tcp_nodelay on;
9+
10+
# Cache open file descriptors (improves performance significantly)
11+
# inactive=20s means unused files are removed after 20s
12+
# This is safe during deployments because each pod has its own cache
13+
open_file_cache max=1000 inactive=20s;
14+
open_file_cache_valid 30s;
15+
open_file_cache_min_uses 2;
16+
open_file_cache_errors on;
17+
518
# Enable gzip compression
619
gzip on;
720
gzip_vary on;
821
gzip_min_length 1024;
22+
gzip_comp_level 6;
923
gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript application/x-font-ttf font/opentype image/svg+xml image/x-icon;
1024

1125
# Security headers

infra/gcp/wallet.ts

Lines changed: 56 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -157,13 +157,37 @@ export const listenerService = new KubernetesService(
157157
image: imageRefs.listener,
158158
ports: [{ containerPort: 80 }],
159159
resources: {
160-
limits: { cpu: "10m", memory: "64Mi" },
161-
requests: { cpu: "1m", memory: "8Mi" },
160+
limits: { cpu: "100m", memory: "128Mi" },
161+
requests: { cpu: "10m", memory: "32Mi" },
162162
},
163163
env: Object.entries(walletEnv).map(([name, value]) => ({
164164
name,
165165
value,
166166
})),
167+
// Readiness probe - ensures pod is ready before receiving traffic
168+
readinessProbe: {
169+
httpGet: {
170+
path: "/listener/",
171+
port: 80,
172+
},
173+
initialDelaySeconds: 2,
174+
periodSeconds: 5,
175+
timeoutSeconds: 2,
176+
successThreshold: 1,
177+
failureThreshold: 3,
178+
},
179+
// Liveness probe - restarts pod if nginx crashes
180+
livenessProbe: {
181+
httpGet: {
182+
path: "/listener/",
183+
port: 80,
184+
},
185+
initialDelaySeconds: 10,
186+
periodSeconds: 10,
187+
timeoutSeconds: 2,
188+
successThreshold: 1,
189+
failureThreshold: 3,
190+
},
167191
},
168192
],
169193
},
@@ -209,13 +233,37 @@ export const walletService = new KubernetesService(
209233
image: imageRefs.wallet,
210234
ports: [{ containerPort: 80 }],
211235
resources: {
212-
limits: { cpu: "10m", memory: "64Mi" },
213-
requests: { cpu: "1m", memory: "8Mi" },
236+
limits: { cpu: "100m", memory: "128Mi" },
237+
requests: { cpu: "10m", memory: "32Mi" },
214238
},
215239
env: Object.entries(walletEnv).map(([name, value]) => ({
216240
name,
217241
value,
218242
})),
243+
// Readiness probe - ensures pod is ready before receiving traffic
244+
readinessProbe: {
245+
httpGet: {
246+
path: "/",
247+
port: 80,
248+
},
249+
initialDelaySeconds: 2,
250+
periodSeconds: 5,
251+
timeoutSeconds: 2,
252+
successThreshold: 1,
253+
failureThreshold: 3,
254+
},
255+
// Liveness probe - restarts pod if nginx crashes
256+
livenessProbe: {
257+
httpGet: {
258+
path: "/",
259+
port: 80,
260+
},
261+
initialDelaySeconds: 10,
262+
periodSeconds: 10,
263+
timeoutSeconds: 2,
264+
successThreshold: 1,
265+
failureThreshold: 3,
266+
},
219267
},
220268
],
221269
},
@@ -243,8 +291,11 @@ export const walletService = new KubernetesService(
243291
],
244292
// No rewrite needed - listener nginx handles /listener prefix internally
245293
customAnnotations: {
246-
"nginx.ingress.kubernetes.io/proxy-buffering": "off",
247294
"nginx.ingress.kubernetes.io/proxy-body-size": "10m",
295+
// Enable buffering for better performance with static assets
296+
"nginx.ingress.kubernetes.io/proxy-buffering": "on",
297+
"nginx.ingress.kubernetes.io/proxy-buffers-number": "4",
298+
"nginx.ingress.kubernetes.io/proxy-buffer-size": "8k",
248299
},
249300
},
250301
},

0 commit comments

Comments
 (0)