lywsvip/nginx-ui
1
0
Fork 0
mirror of https://github.com/0xJacky/nginx-ui.git synced 2026-05-06 14:03:40 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
renovate/uuid-14.x
nginx-ui/app.example.ini
0xJacky 535c8efb38 fix(sitecheck): bound outbound connections and add global controls (#1608) 
The site checker created a fresh http.Transport per request and per
EnhancedSiteChecker, with Go's default Happy-Eyeballs dialer. When
server_name entries resolved to ingress services returning many A
records (ngrok, AWS ALB, Cloudflare), each sweep opened enough flows
to exhaust conntrack tables on consumer routers (UniFi).

Introduce a package-level shared http.Transport with MaxConnsPerHost=2,
MaxIdleConnsPerHost=2 and FallbackDelay=-1 (disables IPv6 dial races),
plumb it through SiteChecker and EnhancedSiteChecker, and only build a
custom client when the per-site HealthCheckConfig truly diverges on
TLS. Reuse the response body fetched by the health check for favicon
extraction so each site is hit at most once per sweep, and dedupe sites
sharing the same host:port before fan-out.

Add a [site_check] settings section (Enabled, Concurrency, Interval-
Seconds) so operators can disable the checker entirely or tune the
sweep cadence; clamp Concurrency to [1, 20] and IntervalSeconds to
>=30. Document the new section in en, zh_CN and zh_TW guides and add
sidebar entries.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-04-18 16:06:06 +08:00

116 lines
2.7 KiB
INI
Raw Permalink Blame History

[app]
PageSize = 20
JwtSecret =
[server]
Host = 0.0.0.0
Port = 9000
RunMode = debug
EnableHTTPS = false
EnableH2 = false
EnableH3 = false
[database]
Name = database
[auth]
IPWhiteList =
BanThresholdMinutes = 10
MaxAttempts = 10
[casdoor]
Endpoint =
ClientId =
ClientSecret =
CertificatePath =
Organization =
Application =
RedirectUri =
[oidc]
ClientId =
ClientSecret =
Endpoint =
RedirectUri =
Scopes =
Identifier =
[cert]
Email =
CADir =
RenewalInterval = 7
RecursiveNameservers =
HTTPChallengePort = 9180
[cluster]
Node = http://10.0.0.1:9000?name=node1&node_secret=my-node-secret&enabled=true
Node = http://10.0.0.2:9000?name=node2&node_secret=my-node-secret&enabled=true
Node = http://10.0.0.3?name=node3&node_secret=my-node-secret&enabled=true
[crypto]
Secret =
[http]
GithubProxy = https://mirror.ghproxy.com/
InsecureSkipVerify = false
WebSocketTrustedOrigins =
[logrotate]
Enabled = false
CMD = logrotate /etc/logrotate.d/nginx
Interval = 1440
[nginx]
AccessLogPath = /var/log/nginx/access.log
ErrorLogPath = /var/log/nginx/error.log
LogDirWhiteList = /var/log/nginx
ConfigDir =
PIDPath =
TestConfigCmd =
ReloadCmd = nginx -s reload
RestartCmd = start-stop-daemon --start --quiet --pidfile /var/run/nginx.pid --exec /usr/sbin/nginx
[nginx_log]
; Enable or disable nginx access log indexing and analytics.
; When disabled, the UI will still work but log search/analytics features are turned off
; and CPU usage will be significantly lower.
IndexingEnabled = false
IndexPath =
; Interval (in minutes) for incremental indexing job.
; This controls how often nginx-ui scans access logs for new data and performs
; incremental indexing. Lower values keep analytics closer to real-time but
; increase background CPU usage. Higher values reduce CPU usage at the cost
; of more stale analytics data. Values <= 0 fall back to the default 15 minutes.
IncrementalIndexInterval = 15
[node]
Name = Local
Secret =
SkipInstallation = false
Demo = false
[openai]
BaseUrl =
Token =
Proxy =
Model = gpt-4o
APIType =
EnableCodeCompletion = false
CodeCompletionModel = gpt-4o-mini
[site_check]
; Enable or disable the periodic Site Checker that probes every server_name.
Enabled = true
; Maximum concurrent health checks per sweep. Clamped to [1, 20].
Concurrency = 5
; Interval between sweeps, in seconds. Minimum 30.
IntervalSeconds = 300
[terminal]
StartCmd = bash
[webauthn]
RPDisplayName = Nginx UI
RPID = localhost
RPOrigins = http://localhost:3002,http://127.0.0.1:3002,http://192.168.31.158:3002,http://example.com
Reference in New Issue View Git Blame Copy Permalink