기존 클플 프로 플랜을 쓰다가, 국내 CDN을 쓰고싶어 리버스 프록시를 통해 아마존 라이트세일에 직접 구성했습니다.
그런데 오히려 클플 미국 LAX 잡힐때 보다 사이트 속도(특히 TTBF)가 더 느리더라구요...
아래는 설정 파일인데 혹시 제가 잘못한 부분이 있을까요? ㅠㅠ
1. test.com.conf
proxy_cache_path /tmp/nginx levels=2:2 keys_zone=nginx_cache:512m inactive=30d; proxy_cache_key "$host$request_uri"; server { listen 80; server_name test.com www.test.com; return 301 https://$host$request_uri; } server { listen 443 ssl http2; server_name test.com www.test.com; server_tokens off; charset utf-8; ssl_certificate "/etc/letsencrypt/live/test.com/fullchain.pem"; ssl_certificate_key "/etc/letsencrypt/live/test.com/privkey.pem"; ssl_dhparam "/etc/ssl/certs/dhparam.pem"; ssl_stapling on; ssl_stapling_verify on; location / { # 로그파일 설정 access_log off; # 리버스 프록시 설정 include proxy_params; proxy_pass https://서버IP:443; } location /socket.io/ { proxy_pass http://서버IP:3000; proxy_http_version 1.1; proxy_read_timeout 24h; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "Upgrade"; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } # css, js, html, ico, 이미지들 location ~* \.(?:scss|less|zip|js|css|webp|doc|csv|pdf|pls|ls|ppt|ps|class|jar|swf|ejs|fav|txt|m3u8|jpg|jpeg|gif|ico|png|bmp|pict|tif|tiff|webp|eps|ttf|eot|woff|woff2|otf|svg|svgz|mp4|m4a|m4v|mov|ts|wav|mp3|wma|ogg|midi|mid)$ { # 로그파일 설정 access_log off; # 캐시 설정 proxy_cache nginx_cache; add_header X-Proxy-Cache $upstream_cache_status; add_header Cache-Control "public"; expires max; # 리버스 프록시 설정 include proxy_params; proxy_pass https://서버IP:443; } }
2. proxy_params
proxy_redirect off; proxy_pass_header Server; proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Scheme $scheme; proxy_ssl_session_reuse on; proxy_request_buffering off;
3. ssl-common.conf
# SSL ciphers and protocols ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS'; ssl_protocols TLSv1.3 TLSv1.2; ssl_prefer_server_ciphers on; # SSL session cache ssl_session_cache shared:SSL:20m; ssl_session_timeout 4h; ssl_session_tickets off; # Resolver for OCSP stapling resolver 127.0.0.53 1.1.1.1 8.8.8.8 valid=300s ipv6=off; resolver_timeout 5s;
본서버가 국내가 아닌 해외라면 오히려 느려질 수도 잇을 것 같습니다.