Kokoro-FastAPI/docker/gpu/nginx.conf

user nginx;
worker_processes auto; # Automatically adjust worker processes based on available CPUs

events {
    worker_connections 1024; # Maximum simultaneous connections per worker
    use epoll;               # Use efficient event handling for Linux
}

http {
    # Basic security headers
    add_header X-Frame-Options SAMEORIGIN always;  # Prevent clickjacking
    add_header X-Content-Type-Options nosniff always;  # Prevent MIME-type sniffing
    add_header X-XSS-Protection "1; mode=block" always; # Enable XSS protection in browsers
    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; # Enforce HTTPS
    add_header Content-Security-Policy "default-src 'self';" always; # Restrict resource loading to same origin

    # Timeouts
    sendfile on;                      # Enable sendfile for efficient file serving
    tcp_nopush on;                    # Reduce packet overhead
    tcp_nodelay on;                   # Minimize latency
    keepalive_timeout 65;             # Keep connections alive for 65 seconds
    client_max_body_size 10m;         # Limit request body size to 10MB
    client_body_timeout 12;           # Timeout for client body read
    client_header_timeout 12;         # Timeout for client header read

    # Compression
    gzip on;                          # Enable gzip compression
    gzip_disable "msie6";             # Disable gzip for old browsers
    gzip_vary on;                     # Add "Vary: Accept-Encoding" header
    gzip_proxied any;                 # Enable gzip for proxied requests
    gzip_comp_level 6;                # Compression level
    gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;

    # Load balancing upstream
    upstream backend {
        least_conn; # Use least connections load balancing strategy
        server server1:8880 max_fails=3 fail_timeout=5s; # Add health check for backend servers
        # Uncomment additional servers for scaling:
        server server2:8880 max_fails=3 fail_timeout=5s;
        server server3:8880 max_fails=3 fail_timeout=5s;
    }

    server {
        listen 80;

        # Redirect HTTP to HTTPS (optional)
        # Uncomment the lines below if SSL is configured:
        # listen 443 ssl;
        # ssl_certificate /path/to/certificate.crt;
        # ssl_certificate_key /path/to/private.key;

        location / {
            proxy_pass http://backend;              # Proxy traffic to the backend servers
            proxy_http_version 1.1;                # Use HTTP/1.1 for persistent connections
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "upgrade";
            proxy_set_header Host $host;
            proxy_set_header X-Forwarded-For $remote_addr; # Forward client IP
            proxy_cache_bypass $http_upgrade;
            proxy_read_timeout 60s;                # Adjust read timeout for backend
            proxy_connect_timeout 60s;            # Adjust connection timeout for backend
            proxy_send_timeout 60s;               # Adjust send timeout for backend
        }

        # Custom error pages
        error_page 502 503 504 /50x.html;
        location = /50x.html {
            root /usr/share/nginx/html;
        }

        # Deny access to hidden files (e.g., .git)
        location ~ /\. {
            deny all;
            access_log off;
            log_not_found off;
        }
    }
}
Renames service and expands Docker configuration Updates the service name to 'InstaVoice' and introduces multiple server services to enhance scalability. Modifies GPU resource allocation to use all available devices and adds an NGINX service for reverse proxy capabilities. Simplifies the structure for better management of the API and UI services. 2025-01-25 21:55:53 +05:30			`user nginx;`
			`worker_processes auto; # Automatically adjust worker processes based on available CPUs`

			`events {`
			`worker_connections 1024; # Maximum simultaneous connections per worker`
			`use epoll; # Use efficient event handling for Linux`
			`}`

			`http {`
			`# Basic security headers`
			`add_header X-Frame-Options SAMEORIGIN always; # Prevent clickjacking`
			`add_header X-Content-Type-Options nosniff always; # Prevent MIME-type sniffing`
			`add_header X-XSS-Protection "1; mode=block" always; # Enable XSS protection in browsers`
			`add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; # Enforce HTTPS`
			`add_header Content-Security-Policy "default-src 'self';" always; # Restrict resource loading to same origin`

			`# Timeouts`
			`sendfile on; # Enable sendfile for efficient file serving`
			`tcp_nopush on; # Reduce packet overhead`
			`tcp_nodelay on; # Minimize latency`
			`keepalive_timeout 65; # Keep connections alive for 65 seconds`
			`client_max_body_size 10m; # Limit request body size to 10MB`
			`client_body_timeout 12; # Timeout for client body read`
			`client_header_timeout 12; # Timeout for client header read`

			`# Compression`
			`gzip on; # Enable gzip compression`
			`gzip_disable "msie6"; # Disable gzip for old browsers`
			`gzip_vary on; # Add "Vary: Accept-Encoding" header`
			`gzip_proxied any; # Enable gzip for proxied requests`
			`gzip_comp_level 6; # Compression level`
			`gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;`

			`# Load balancing upstream`
			`upstream backend {`
			`least_conn; # Use least connections load balancing strategy`
			`server server1:8880 max_fails=3 fail_timeout=5s; # Add health check for backend servers`
			`# Uncomment additional servers for scaling:`
			`server server2:8880 max_fails=3 fail_timeout=5s;`
			`server server3:8880 max_fails=3 fail_timeout=5s;`
			`}`

			`server {`
			`listen 80;`

			`# Redirect HTTP to HTTPS (optional)`
			`# Uncomment the lines below if SSL is configured:`
			`# listen 443 ssl;`
			`# ssl_certificate /path/to/certificate.crt;`
			`# ssl_certificate_key /path/to/private.key;`

			`location / {`
			`proxy_pass http://backend; # Proxy traffic to the backend servers`
			`proxy_http_version 1.1; # Use HTTP/1.1 for persistent connections`
			`proxy_set_header Upgrade $http_upgrade;`
			`proxy_set_header Connection "upgrade";`
			`proxy_set_header Host $host;`
			`proxy_set_header X-Forwarded-For $remote_addr; # Forward client IP`
			`proxy_cache_bypass $http_upgrade;`
			`proxy_read_timeout 60s; # Adjust read timeout for backend`
			`proxy_connect_timeout 60s; # Adjust connection timeout for backend`
			`proxy_send_timeout 60s; # Adjust send timeout for backend`
			`}`

			`# Custom error pages`
			`error_page 502 503 504 /50x.html;`
			`location = /50x.html {`
			`root /usr/share/nginx/html;`
			`}`

			`# Deny access to hidden files (e.g., .git)`
			`location ~ /\. {`
			`deny all;`
			`access_log off;`
			`log_not_found off;`
			`}`
			`}`
			`}`