|
|
|
@ -20,50 +20,58 @@ server { |
|
|
|
|
client_body_buffer_size 10M; |
|
|
|
|
client_max_body_size 10M; |
|
|
|
|
|
|
|
|
|
location ~ ^/(login[^-/]|password-reset|resend-link|2fa-check) { |
|
|
|
|
limit_req zone=loginlimit; |
|
|
|
|
|
|
|
|
|
proxy_pass http://bookwyrm-web:8000; |
|
|
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; |
|
|
|
|
proxy_set_header Host $host; |
|
|
|
|
proxy_redirect off; |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
location ~ ^/(api|oidc|preferences) { |
|
|
|
|
proxy_pass http://bookwyrm-web:8000; |
|
|
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; |
|
|
|
|
proxy_set_header Host $host; |
|
|
|
|
proxy_redirect off; |
|
|
|
|
access_log off; |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
location / { |
|
|
|
|
# store responses to anonymous users for up to 1 minute |
|
|
|
|
proxy_cache mycache; |
|
|
|
|
proxy_cache_valid any 1m; |
|
|
|
|
add_header X-Cache-Status $upstream_cache_status; |
|
|
|
|
|
|
|
|
|
# ignore the set cookie header when deciding to |
|
|
|
|
# store a response in the cache |
|
|
|
|
proxy_ignore_headers Cache-Control Set-Cookie Expires; |
|
|
|
|
#proxy_ignore_headers Cache-Control; |
|
|
|
|
|
|
|
|
|
# logged in sessions and PUT bypass the cache |
|
|
|
|
# PUT requests always bypass the cache |
|
|
|
|
# logged in sessions also do not populate the cache |
|
|
|
|
# to avoid serving personal data to anonymous users |
|
|
|
|
proxy_cache_methods GET HEAD; |
|
|
|
|
proxy_no_cache $cookie_session; |
|
|
|
|
proxy_cache_bypass $cookie_session; |
|
|
|
|
|
|
|
|
|
proxy_cache_valid any 1m; |
|
|
|
|
proxy_no_cache $cookie_sessionid; |
|
|
|
|
proxy_cache_bypass $cookie_sessionid; |
|
|
|
|
|
|
|
|
|
proxy_pass http://bookwyrm-web:8000; |
|
|
|
|
# tell the web container the address of the outside client |
|
|
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; |
|
|
|
|
proxy_set_header Host $host; |
|
|
|
|
proxy_redirect off; |
|
|
|
|
|
|
|
|
|
# rate limit the login or password reset pages |
|
|
|
|
location ~ ^/(login[^-/]|password-reset|resend-link|2fa-check) { |
|
|
|
|
limit_req zone=loginlimit; |
|
|
|
|
proxy_pass http://bookwyrm-web:8000; |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
location /images/ { |
|
|
|
|
alias /bookwyrm/app/images/; |
|
|
|
|
#access_log off; |
|
|
|
|
# do not log periodic polling requests from logged in users |
|
|
|
|
location /api/updates/ { |
|
|
|
|
access_log off; |
|
|
|
|
proxy_pass http://bookwyrm-web:8000; |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
# monitor the celery queues with flower, no caching enabled |
|
|
|
|
location /flower/ { |
|
|
|
|
proxy_pass http://bookwyrm-flower:8888; |
|
|
|
|
proxy_cache_bypass 1; |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
# forward any cache misses or bypass to the web container |
|
|
|
|
location / { |
|
|
|
|
proxy_pass http://bookwyrm-web:8000; |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
location /static/ { |
|
|
|
|
alias /bookwyrm/app/static/; |
|
|
|
|
#access_log off; |
|
|
|
|
# directly serve images and static files from the |
|
|
|
|
# bookwyrm filesystem using sendfile. |
|
|
|
|
# make the logs quieter by not reporting these requests |
|
|
|
|
location ~ ^/(images|static)/ { |
|
|
|
|
root /bookwyrm/app; |
|
|
|
|
try_files $uri =404; |
|
|
|
|
add_header X-Cache-Status STATIC; |
|
|
|
|
access_log off; |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
include /etc/nginx/includes/ssl.conf; |
|
|
|
|