user www-data; worker_processes 4; error_log /dev/stderr; pid /var/run/nginx.pid; events { worker_connections 1024; } http { include /etc/nginx/mime.types; log_format 2 '$http_x_forwarded_for - $remote_user [$time_local] ' '"$request" $status $body_bytes_sent $upstream_cache_status "$http_referer" ' '"$http_user_agent"' ; log_format kv 'site="$server_name" server="$host" dest_port="$server_port" dest_ip="$server_addr" ' 'src="$remote_addr" src_ip="$realip_remote_addr" user="$remote_user" ' 'time_local="$time_local" protocol="$server_protocol" status="$status" ' 'cache_status="$upstream_cache_status" bytes_out="$bytes_sent" bytes_in="$upstream_bytes_received" ' 'http_referer="$http_referer" http_user_agent="$http_user_agent" ' 'nginx_version="$nginx_version" http_x_forwarded_for="$http_x_forwarded_for" ' 'http_x_header="$http_x_header" uri_query="$query_string" uri_path="$uri" ' 'http_method="$request_method" response_time="$upstream_response_time" ' 'cookie="$http_cookie" request_time="$request_time" category="$sent_http_content_type" https="$https"'; access_log /dev/stdout kv; default_type application/octet-stream; sendfile on; tcp_nodelay on; tcp_nopush off; reset_timedout_connection on; server_tokens off; # Cache 100G worth of packages for up to 1 month proxy_cache_path /var/lib/nginx/pypi levels=1:2 keys_zone=pypi:16m inactive=1M max_size=100G; # Multiple server definitions makes nginx retry on errors upstream pypi { server pypi.org:443; server pypi.org:443; keepalive 16; } # Multiple server definitions makes nginx retry on errors upstream pypi-files { server files.pythonhosted.org:443; server files.pythonhosted.org:443; keepalive 16; } gzip on; gzip_types application/json text/css text/javascript; gzip_proxied any; gzip_vary on; server { listen 80 default_server; server_name %%PYPI_HOSTNAME%%; root /var/www; proxy_cache pypi; proxy_cache_key $uri; proxy_cache_lock on; proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504; proxy_http_version 1.1; proxy_set_header Host pypi.org; proxy_set_header Connection ""; proxy_set_header Accept-Encoding ""; proxy_ssl_name pypi.org; proxy_ssl_server_name on; # Rewrite any http redirects to use relative to proxy proxy_redirect ~https?://pypi.org(.*) $1; location / { # Replace any reference to actual pypi w/ caching proxy sub_filter 'https://pypi.org' $scheme://$host; sub_filter 'https://files.pythonhosted.org' $scheme://%%PYPI_FILES_HOSTNAME%%; sub_filter_once off; sub_filter_types '*'; proxy_pass https://pypi; proxy_cache off; } location ^~ /simple { sub_filter 'https://pypi.org' $scheme://$host; sub_filter 'https://files.pythonhosted.org' $scheme://%%PYPI_FILES_HOSTNAME%%; sub_filter_types '*'; sub_filter_once off; # Make sure URI ends with / rewrite ^(.*[^/])$ $1/ break; add_header X-Cache2 $upstream_cache_status; proxy_cache_valid any 5m; proxy_pass https://pypi; } } server { listen 80; server_name %%PYPI_FILES_HOSTNAME%%; root /var/www; proxy_cache pypi; proxy_cache_key $uri; proxy_cache_lock on; proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504; proxy_http_version 1.1; proxy_set_header Host files.pythonhosted.org; proxy_set_header Connection ""; proxy_set_header Accept-Encoding ""; proxy_ssl_name files.pythonhosted.org; proxy_ssl_server_name on; # Rewrite any http redirects to use relative to proxy proxy_redirect ~https?://files.pythonhosted.org(.*) $1; location / { # Replace any reference to actual pypi w/ caching proxy sub_filter 'https://files.pythonhosted.org' $scheme://%%PYPI_FILES_HOSTNAME%%; sub_filter_once off; sub_filter_types '*'; proxy_pass https://pypi-files; proxy_cache off; } location ^~ /packages { add_header X-Cache2 $upstream_cache_status; proxy_cache_valid any 1M; proxy_pass https://pypi-files; } } }