Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

nixos/nginx: add option typesHashMaxSize #341072

Merged
merged 2 commits into from
Sep 26, 2024

Conversation

Izorkin
Copy link
Contributor

@Izorkin Izorkin commented Sep 10, 2024

Description of changes

Allow to change maximum size of the types hash tables.
It is recommended to reduce the size if a custom file with mime-types is used.

Things done

  • Built on platform(s)
    • x86_64-linux
    • aarch64-linux
    • x86_64-darwin
    • aarch64-darwin
  • For non-Linux: Is sandboxing enabled in nix.conf? (See Nix manual)
    • sandbox = relaxed
    • sandbox = true
  • Tested, as applicable:
  • Tested compilation of all packages that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage
  • Tested basic functionality of all binary files (usually in ./result/bin/)
  • 24.11 Release Notes (or backporting 23.11 and 24.05 Release notes)
    • (Package updates) Added a release notes entry if the change is major or breaking
    • (Module updates) Added a release notes entry if the change is significant
    • (Module addition) Added a release notes entry if adding a new NixOS module
  • Fits CONTRIBUTING.md.

Add a 👍 reaction to pull requests you find important.

@github-actions github-actions bot added 6.topic: nixos Issues or PRs affecting NixOS modules, or package usability issues specific to NixOS 8.has: module (update) This PR changes an existing module in `nixos/` labels Sep 10, 2024
@Izorkin Izorkin force-pushed the add-nginx-typeshash-max-size branch 4 times, most recently from cec8390 to f592c64 Compare September 10, 2024 19:29
@pbsds
Copy link
Member

pbsds commented Sep 10, 2024

It is recommended to reduce the size if a custom file with mime-types is used.

source?

This strikes me like the kinda thing that explodes at runtime, not build/eval time. Can this be added to the tests?

@@ -896,6 +893,22 @@ in
'';
};

typesHashMaxSize = mkOption {
type = types.ints.positive;
default = if cfg.defaultMimeTypes == "${pkgs.mailcap}/etc/nginx/mime.types" then 2688 else 1024;
Copy link
Member

@SuperSandro2000 SuperSandro2000 Sep 10, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we should move this into a let in and deduplicate with the other option to prevent it accidentally getting out of date.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The mime.types file is rarely updated. If it is, the test will show that a change will be required.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do you mean defaultText? That option is in the very next line.

@Izorkin Izorkin force-pushed the add-nginx-typeshash-max-size branch from f592c64 to 2bf2d23 Compare September 11, 2024 09:00
@Izorkin
Copy link
Contributor Author

Izorkin commented Sep 11, 2024

source?

https://nginx.org/en/docs/hash.html

This strikes me like the kinda thing that explodes at runtime, not build/eval time. Can this be added to the tests?

I'll see what I can do.

@Izorkin Izorkin force-pushed the add-nginx-typeshash-max-size branch from 2bf2d23 to 4e5d0c3 Compare September 11, 2024 10:35
@Izorkin
Copy link
Contributor Author

Izorkin commented Sep 11, 2024

Updated test.

@Izorkin Izorkin force-pushed the add-nginx-typeshash-max-size branch from 4e5d0c3 to 093a12c Compare September 11, 2024 11:13
Copy link
Member

@pbsds pbsds left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I played a bit around with this.
If set to 1024:

vm-test-run-nginx> subtest: check optimal size of types_hash
vm-test-run-nginx> webserver: must fail: journalctl --unit nginx --grep 'could not build optimal types_hash'
vm-test-run-nginx> Test "check optimal size of types_hash" failed with error: "command `journalctl --unit nginx --grep 'could not build optimal types_hash'` unexpectedly succeeded"

if set to 4096, it passes.

if set to 16400, it passes.

How did you arrive at 2688? Is there any way to test for the max_size being too big? (assuming there is a performance penalty for that)

nixos/modules/services/web-servers/nginx/default.nix Outdated Show resolved Hide resolved
@Izorkin Izorkin force-pushed the add-nginx-typeshash-max-size branch from 093a12c to a1dac0a Compare September 12, 2024 18:50
@Izorkin
Copy link
Contributor Author

Izorkin commented Sep 12, 2024

How did you arrive at 2688? Is there any way to test for the max_size being too big? (assuming there is a performance penalty for that)

I adjusted the parameter manually, in increments of 64 and the current mime.types file in the mailcap package.
If use a smaller mime.types file, the types_hash_max_size can be reduced.

Copy link
Member

@pbsds pbsds left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, i leave it to code-owner to decide if the typesHashMaxSize limit should be this tight, and whether the types_hash test should be a (i assume) release blocker.

@wegank wegank added the 12.approvals: 1 This PR was reviewed and approved by one reputable person label Sep 13, 2024
@Izorkin
Copy link
Contributor Author

Izorkin commented Sep 25, 2024

cc @RaitoBezarius @fpletz

@Izorkin Izorkin requested review from fpletz and mweinelt September 25, 2024 06:38
Copy link
Member

@fpletz fpletz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. I think we don't need the nginx test to be a release blocker since this technically doesn't render nginx to be broken. It should only incur a small performance hit. The failing test should be enough to cover this.

@Izorkin Izorkin force-pushed the add-nginx-typeshash-max-size branch from a1dac0a to b06b3f4 Compare September 25, 2024 13:13
@Izorkin
Copy link
Contributor Author

Izorkin commented Sep 25, 2024

@fpletz is that an variant?

@fpletz
Copy link
Member

fpletz commented Sep 25, 2024

@fpletz is that an variant?

Sorry, I didn't mean any change by my review. I'm fine with either the nginx test standalone or having the nginx test in mailcap. My only intention with the review was to convey that the nginx test doesn't need to be a release blocker - if anybody feels otherwise I'm also fine with that.

@Izorkin Izorkin force-pushed the add-nginx-typeshash-max-size branch from b06b3f4 to fb91d20 Compare September 25, 2024 17:57
@Izorkin
Copy link
Contributor Author

Izorkin commented Sep 25, 2024

Updated and rebased PR.

@wegank wegank removed the 12.approvals: 1 This PR was reviewed and approved by one reputable person label Sep 26, 2024
@Izorkin Izorkin force-pushed the add-nginx-typeshash-max-size branch from fb91d20 to 9343e69 Compare September 26, 2024 07:52
@fpletz fpletz merged commit e1635a3 into NixOS:master Sep 26, 2024
23 checks passed
@Izorkin Izorkin deleted the add-nginx-typeshash-max-size branch September 26, 2024 13:42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
6.topic: nixos Issues or PRs affecting NixOS modules, or package usability issues specific to NixOS 8.has: module (update) This PR changes an existing module in `nixos/` 10.rebuild-darwin: 1-10 10.rebuild-darwin: 1 10.rebuild-linux: 1-10
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants