From 489eaa45cc6c40cef99973ff9d0536f20b0efbbc Mon Sep 17 00:00:00 2001
From: Trammell Hudson <hudson@trmm.net>
Date: Sun, 15 May 2022 18:16:16 +0000
Subject: [PATCH] nginx: cache hedgedoc files and images if possible; ignore
 cache directive on static site

---
 nginx/docker-compose.yaml                       |  1 +
 nginx/nginx/nginx.conf                          |  7 +++++++
 nginx/nginx/templates/000-default.conf.template | 13 ++++++++++++-
 nginx/nginx/templates/docs.conf.template        |  4 ++++
 4 files changed, 24 insertions(+), 1 deletion(-)

diff --git a/nginx/docker-compose.yaml b/nginx/docker-compose.yaml
index b6c48c4..11e78f8 100644
--- a/nginx/docker-compose.yaml
+++ b/nginx/docker-compose.yaml
@@ -13,6 +13,7 @@ services:
       - ../html:/var/www/html:ro
       - ../data/certbot/www:/var/www/certbot:ro
       - ../data/certbot/conf:/etc/letsencrypt:ro
+      - ../data/nginx/cache:/data/nginx/cache:rw
       - /home:/home:ro
     env_file:
       -  ../env.production
diff --git a/nginx/nginx/nginx.conf b/nginx/nginx/nginx.conf
index 8453aee..80bcd49 100644
--- a/nginx/nginx/nginx.conf
+++ b/nginx/nginx/nginx.conf
@@ -56,6 +56,13 @@ http {
 	# gzip_http_version 1.1;
 	# gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
 
+	proxy_cache_path
+		/data/nginx/cache
+		keys_zone=mycache:10m
+		loader_threshold=300
+		loader_files=200
+		max_size=200m;
+
 	##
 	# Virtual Host Configs
 	##
diff --git a/nginx/nginx/templates/000-default.conf.template b/nginx/nginx/templates/000-default.conf.template
index 83d9b9d..ac070b9 100644
--- a/nginx/nginx/templates/000-default.conf.template
+++ b/nginx/nginx/templates/000-default.conf.template
@@ -56,12 +56,23 @@ server {
 	# normal pages go to hedgedoc static site (need to define ports in the env)
 	# need to rewrite the CSP so that it allows reframing from the main site
 	location / {
+		proxy_cache mycache;
+		add_header X-Cache-Status $upstream_cache_status;
+		proxy_ignore_headers Cache-Control;
+
 		proxy_hide_header Content-Security-Policy;
 		add_header Content-Security-Policy "script-src 'self' 'unsafe-inline' 'unsafe-eval' *.${DOMAIN_NAME}; frame-src 'self' *.${DOMAIN_NAME}; object-src 'self'; base-uri 'self' *.${DOMAIN_NAME}";
 		proxy_pass http://host.docker.internal:3000/s$request_uri;
+		proxy_cache_valid any 1m;
+
 	}
 	# while javascript and config stuff goes to non-static hedgedoc site
-	location ~ ^/(js|build|config) {
+	location ~ ^/(js|build|config$) {
+		proxy_cache mycache;
+		add_header X-Cache-Status $upstream_cache_status;
+		proxy_ignore_headers Cache-Control;
+		proxy_cache_valid any 1m;
+
 		proxy_pass http://host.docker.internal:3000$request_uri;
 	}
 
diff --git a/nginx/nginx/templates/docs.conf.template b/nginx/nginx/templates/docs.conf.template
index 9601aba..930ade8 100644
--- a/nginx/nginx/templates/docs.conf.template
+++ b/nginx/nginx/templates/docs.conf.template
@@ -20,6 +20,10 @@ server {
 
 	proxy_read_timeout 1800s;
 
+	proxy_cache mycache;
+	proxy_cache_valid any 1m;
+	add_header X-Cache-Status $upstream_cache_status;
+
 	# required to avoid HTTP 411: see Issue #1486 (https://github.com/dotcloud/docker/issues/1486)
 	chunked_transfer_encoding on;