cloud-node-container/configs/nginx.conf

user nginx;
worker_processes 1; # Single worker for memory efficiency
worker_rlimit_nofile 1024;
error_log /var/log/nginx/error.log warn; # Less verbose logging
pid /run/nginx.pid;

events {
    worker_connections 512; # Reduced for memory efficiency
    use epoll;
    multi_accept on;
}

http {
    # Memory-optimized settings
    client_body_buffer_size 16k;
    client_header_buffer_size 1k;
    client_max_body_size 8m;
    large_client_header_buffers 2 1k;
    
    # Real IP configuration for HAProxy
    set_real_ip_from 10.0.0.0/8;     # Private network range
    set_real_ip_from 172.16.0.0/12;  # Private network range
    set_real_ip_from 192.168.0.0/16; # Private network range
    set_real_ip_from 127.0.0.1;      # Localhost
    real_ip_header X-Forwarded-For;
    real_ip_recursive on;
    
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main buffer=16k flush=2m;

    sendfile            on;
    tcp_nopush          on;
    tcp_nodelay         on;
    keepalive_timeout   30; # Reduced from 65
    keepalive_requests  100;
    types_hash_max_size 1024; # Reduced from 2048
    server_tokens       off;

    include             /etc/nginx/mime.types;
    default_type        application/octet-stream;

    # Optimized gzip compression
    gzip on;
    gzip_vary on;
    gzip_min_length 1024;
    gzip_comp_level 2; # Lower compression for less CPU/memory usage
    gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;

    include /etc/nginx/conf.d/*.conf;
}