12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879 |
- include /etc/nginx/conf.d/server_config;
- upstream web {
- server web:8000;
- }
- server {
- access_log /var/log/nginx/access.log cache_log;
- listen 80;
- sendfile on;
- tcp_nopush on;
- tcp_nodelay on;
- keepalive_timeout 65;
- types_hash_max_size 2048;
- #include /etc/nginx/mime.types;
- #default_type application/octet-stream;
- gzip on;
- gzip_disable "msie6";
- proxy_read_timeout 1800s;
- chunked_transfer_encoding on;
- # store responses to anonymous users for up to 1 minute
- proxy_cache bookwyrm_cache;
- proxy_cache_valid any 1m;
- add_header X-Cache-Status $upstream_cache_status;
- # ignore the set cookie header when deciding to
- # store a response in the cache
- proxy_ignore_headers Cache-Control Set-Cookie Expires;
- # PUT requests always bypass the cache
- # logged in sessions also do not populate the cache
- # to avoid serving personal data to anonymous users
- proxy_cache_methods GET HEAD;
- proxy_no_cache $cookie_sessionid;
- proxy_cache_bypass $cookie_sessionid;
- # tell the web container the address of the outside client
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- proxy_set_header Host $host;
- proxy_redirect off;
- # rate limit the login or password reset pages
- location ~ ^/(login[^-/]|password-reset|resend-link|2fa-check) {
- limit_req zone=loginlimit;
- proxy_pass http://web;
- }
- # do not log periodic polling requests from logged in users
- location /api/updates/ {
- access_log off;
- proxy_pass http://web;
- }
- # forward any cache misses or bypass to the web container
- location / {
- proxy_pass http://web;
- }
- # directly serve images and static files from the
- # bookwyrm filesystem using sendfile.
- # make the logs quieter by not reporting these requests
- location ~ ^/(images|static)/ {
- root /app;
- try_files $uri =404;
- add_header X-Cache-Status STATIC;
- access_log off;
- }
- # monitor the celery queues with flower, no caching enabled
- location /flower/ {
- proxy_pass http://flower:8888;
- proxy_cache_bypass 1;
- }
- }
|