From 43a824dee275862d48415567cbad414d4d2b4ba0 Mon Sep 17 00:00:00 2001 From: Trammell Hudson Date: Tue, 6 Dec 2022 13:49:38 +0000 Subject: [PATCH] bookwyrm: update nginx to use latest pullrequest and map /flower --- bookwyrm.yaml | 4 +-- bookwyrm/nginx.conf | 72 +++++++++++++++++++++++++-------------------- 2 files changed, 41 insertions(+), 35 deletions(-) diff --git a/bookwyrm.yaml b/bookwyrm.yaml index 004d5ee..7644fc2 100644 --- a/bookwyrm.yaml +++ b/bookwyrm.yaml @@ -107,10 +107,8 @@ services: bookwyrm-flower: container_name: bookwyrm-flower image: osresearch/bookwyrm:oidc - command: celery -A celerywyrm flower --basic_auth=admin:${BOOKWYRM_ADMIN_PASSWORD} + command: celery -A celerywyrm flower --basic_auth=admin:${BOOKWYRM_ADMIN_PASSWORD} --url_prefix=flower env_file: bookwyrm/env -# ports: -# - ${FLOWER_PORT}:${FLOWER_PORT} volumes: - ./data/bookwyrm/static_volume:/app/static - ./data/bookwyrm/media_volume:/app/images diff --git a/bookwyrm/nginx.conf b/bookwyrm/nginx.conf index d430ab1..6c55bfe 100644 --- a/bookwyrm/nginx.conf +++ b/bookwyrm/nginx.conf @@ -20,50 +20,58 @@ server { client_body_buffer_size 10M; client_max_body_size 10M; + # store responses to anonymous users for up to 1 minute + proxy_cache mycache; + proxy_cache_valid any 1m; + add_header X-Cache-Status $upstream_cache_status; + + # ignore the set cookie header when deciding to + # store a response in the cache + proxy_ignore_headers Cache-Control Set-Cookie Expires; + + # PUT requests always bypass the cache + # logged in sessions also do not populate the cache + # to avoid serving personal data to anonymous users + proxy_cache_methods GET HEAD; + proxy_no_cache $cookie_sessionid; + proxy_cache_bypass $cookie_sessionid; + + # tell the web container the address of the outside client + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header Host $host; + proxy_redirect off; + + # rate limit the login or password reset pages location ~ ^/(login[^-/]|password-reset|resend-link|2fa-check) { limit_req zone=loginlimit; - proxy_pass http://bookwyrm-web:8000; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header Host $host; - proxy_redirect off; } - location ~ ^/(api|oidc|preferences) { - proxy_pass http://bookwyrm-web:8000; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header Host $host; - proxy_redirect off; + # do not log periodic polling requests from logged in users + location /api/updates/ { access_log off; + proxy_pass http://bookwyrm-web:8000; } - location / { - proxy_cache mycache; - add_header X-Cache-Status $upstream_cache_status; - proxy_ignore_headers Cache-Control Set-Cookie Expires; - #proxy_ignore_headers Cache-Control; - - # logged in sessions and PUT bypass the cache - proxy_cache_methods GET HEAD; - proxy_no_cache $cookie_session; - proxy_cache_bypass $cookie_session; - - proxy_cache_valid any 1m; - - proxy_pass http://bookwyrm-web:8000; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header Host $host; - proxy_redirect off; + # monitor the celery queues with flower, no caching enabled + location /flower/ { + proxy_pass http://bookwyrm-flower:8888; + proxy_cache_bypass 1; } - location /images/ { - alias /bookwyrm/app/images/; - #access_log off; + # forward any cache misses or bypass to the web container + location / { + proxy_pass http://bookwyrm-web:8000; } - location /static/ { - alias /bookwyrm/app/static/; - #access_log off; + # directly serve images and static files from the + # bookwyrm filesystem using sendfile. + # make the logs quieter by not reporting these requests + location ~ ^/(images|static)/ { + root /bookwyrm/app; + try_files $uri =404; + add_header X-Cache-Status STATIC; + access_log off; } include /etc/nginx/includes/ssl.conf;