From f183a1172d07888ff7d3a40cb9fe80c4fd492ead Mon Sep 17 00:00:00 2001
From: Sam Al-Sapti <sam@sapti.me>
Date: Sat, 10 Feb 2024 16:30:33 +0100
Subject: [PATCH] Disable request buffering in NGINX

---
 .../apps/templates/nginx/conf.d/ipfs.conf.j2  | 35 ++++++++++++-------
 .../templates/nginx/conf.d/monerod.conf.j2    | 18 ++++++----
 .../templates/nginx/conf.d/nextcloud.conf.j2  | 28 +++++++--------
 3 files changed, 46 insertions(+), 35 deletions(-)

diff --git a/roles/apps/templates/nginx/conf.d/ipfs.conf.j2 b/roles/apps/templates/nginx/conf.d/ipfs.conf.j2
index c7c012a..028d1ff 100644
--- a/roles/apps/templates/nginx/conf.d/ipfs.conf.j2
+++ b/roles/apps/templates/nginx/conf.d/ipfs.conf.j2
@@ -2,16 +2,21 @@
 # THIS FILE IS MANAGED BY ANSIBLE
 
 server {
-    listen 8080;
     server_name {{ apps_vars.ipfs.domain }};
+    listen 8080;
+
+    set $upstream http://ipfs:5001;
+
+    proxy_set_header Host              $host;
+    proxy_set_header X-Real-IP         $remote_addr;
+    proxy_set_header X-Forwarded-For   $proxy_add_x_forwarded_for;
+    proxy_set_header X-Forwarded-Proto "https";
+
+    proxy_buffering         off;
+    proxy_request_buffering off;
 
     location / {
-        set $upstream http://ipfs:5001;
         proxy_pass $upstream;
-
-        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-        proxy_set_header X-Forwarded-Proto "https";
-        proxy_set_header X-Real-IP $remote_addr;
     }
 }
 
@@ -19,13 +24,17 @@ server {
     listen 8080;
     server_name ~^([\w-]+\.(ipfs|ipns)\.)?{{ apps_vars.ipfs.gateway_domain | replace('.', '\.') }}$;
 
-    location / {
-        set $upstream http://ipfs:8080;
-        proxy_pass $upstream;
+    set $upstream http://ipfs:8080;
 
-        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-        proxy_set_header X-Forwarded-Proto "https";
-        proxy_set_header X-Real-IP $remote_addr;
-        proxy_set_header Host $host;
+    proxy_set_header Host              $host;
+    proxy_set_header X-Real-IP         $remote_addr;
+    proxy_set_header X-Forwarded-For   $proxy_add_x_forwarded_for;
+    proxy_set_header X-Forwarded-Proto "https";
+
+    proxy_buffering         off;
+    proxy_request_buffering off;
+
+    location / {
+        proxy_pass $upstream;
     }
 }
diff --git a/roles/apps/templates/nginx/conf.d/monerod.conf.j2 b/roles/apps/templates/nginx/conf.d/monerod.conf.j2
index 182e8da..d69ebcb 100644
--- a/roles/apps/templates/nginx/conf.d/monerod.conf.j2
+++ b/roles/apps/templates/nginx/conf.d/monerod.conf.j2
@@ -2,16 +2,20 @@
 # THIS FILE IS MANAGED BY ANSIBLE
 
 server {
-    listen 8080;
     server_name {{ apps_vars.monerod.domain }};
+    listen 8080;
+
+    set $upstream http://monerod:18089;
+
+    proxy_set_header Host              $host;
+    proxy_set_header X-Real-IP         $remote_addr;
+    proxy_set_header X-Forwarded-For   $proxy_add_x_forwarded_for;
+    proxy_set_header X-Forwarded-Proto "https";
+
+    proxy_buffering         off;
+    proxy_request_buffering off;
 
     location / {
-        set $upstream http://monerod:18089;
         proxy_pass $upstream;
-
-        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-        proxy_set_header X-Forwarded-Proto "https";
-        proxy_set_header X-Real-IP $remote_addr;
-        proxy_set_header Host $host;
     }
 }
diff --git a/roles/apps/templates/nginx/conf.d/nextcloud.conf.j2 b/roles/apps/templates/nginx/conf.d/nextcloud.conf.j2
index 4d004ec..d327c07 100644
--- a/roles/apps/templates/nginx/conf.d/nextcloud.conf.j2
+++ b/roles/apps/templates/nginx/conf.d/nextcloud.conf.j2
@@ -2,26 +2,30 @@
 # THIS FILE IS MANAGED BY ANSIBLE
 
 server {
-    listen 8080;
     server_name {{ apps_vars.nextcloud.domain }};
+    listen 8080;
+
+    set $upstream http://nextcloud:80;
+
+    proxy_set_header Host              $host;
+    proxy_set_header X-Real-IP         $remote_addr;
+    proxy_set_header X-Forwarded-For   $proxy_add_x_forwarded_for;
+    proxy_set_header X-Forwarded-Proto "https";
+
+    proxy_buffering         off;
+    proxy_request_buffering off;
 
     location / {
-        set $upstream http://nextcloud:80;
         proxy_pass $upstream;
 
-        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-        proxy_set_header X-Forwarded-Proto "https";
-        proxy_set_header X-Real-IP $remote_addr;
-        proxy_set_header Host $host;
-
         # WebSocket support
         proxy_http_version 1.1;
-        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Upgrade    $http_upgrade;
         proxy_set_header Connection $connection_upgrade;
 
         # Options required by Nextcloud
         client_body_buffer_size 512k;
-        client_max_body_size 0;
+        client_max_body_size    0;
 
         # UnifiedPush
         proxy_connect_timeout 10m;
@@ -31,13 +35,7 @@ server {
 
     # UnifiedPush Matrix gateway
     location /_matrix/push/v1/notify {
-        set $upstream http://nextcloud:80;
         proxy_pass $upstream/index.php/apps/uppush/gateway/matrix;
-
-        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-        proxy_set_header X-Forwarded-Proto "https";
-        proxy_set_header X-Real-IP $remote_addr;
-        proxy_set_header Host $host;
     }
 
     # CalDAV & CardDAV