pixelfed: allow direct sending of files from storage directory

bookwyrm/nginx.conf

@@ -20,16 +20,6 @@ server {
     client_body_buffer_size     10M;
     client_max_body_size        10M;
 
-    set $skip_cache 0;
-    if ($request_method = POST) {
-        set $skip_cache 1;
-    }
-
-    if ($http_cookie ~* "session") {
-        set $skip_cache 1;
-    }
-
-
     location ~ ^/(login[^-/]|password-reset|resend-link|2fa-check) {
         limit_req zone=loginlimit;
 
@@ -50,12 +40,13 @@ server {
     location / {
         proxy_cache mycache;
         add_header X-Cache-Status $upstream_cache_status;
-        proxy_ignore_headers Cache-Control Set-Cookie;
+        proxy_ignore_headers Cache-Control Set-Cookie Expires;
         #proxy_ignore_headers Cache-Control;
 
-	# logged in sessions and other reasons to bypass the cache
-	proxy_no_cache      $skip_cache;
-	proxy_cache_bypass  $skip_cache;
+	# logged in sessions and PUT bypass the cache
+	proxy_cache_methods GET HEAD;
+	proxy_no_cache      $cookie_session;
+	proxy_cache_bypass  $cookie_session;
   
         proxy_cache_valid any 1m;
 
@@ -67,12 +58,12 @@ server {
 
     location /images/ {
         alias /bookwyrm/app/images/;
-        access_log off;
+        #access_log off;
     }
 
     location /static/ {
         alias /bookwyrm/app/static/;
-        access_log off;
+        #access_log off;
     }
 
     include /etc/nginx/includes/ssl.conf;

nginx/Dockerfile

@@ -1,14 +1,15 @@
 FROM alpine
 RUN apk update
-RUN echo "building" \
+RUN echo "image update" \
     && apk add \
 	nginx \
-	collectd \
-	collectd-nginx \
 	nginx-mod-http-vts \
 	gettext \
 	curl \
 	openssl \
+    && echo "packages installed"
+
+RUN echo "configuring" \
     && mkdir -p \
 	/etc/nginx/modules-enabled \
 	/etc/nginx/conf.d \
@@ -17,6 +18,8 @@ RUN echo "building" \
 # forward request and error logs to docker log collector
     && ln -sf /dev/stdout /var/log/nginx/access.log \
     && ln -sf /dev/stderr /var/log/nginx/error.log \
+    && sed -i -e 's/nginx:x:101:102/nginx:x:33:33/' '/etc/passwd' \
+    && chown -R 33:33 /var/lib/nginx \
     && echo "Done"
 
 COPY ["docker-entrypoint.d/*", "/docker-entrypoint.d/" ]

nginx/default.conf

@@ -1,5 +1,12 @@
 vhost_traffic_status_zone;
 
+log_format cache_log '$server_name $upstream_cache_status - '
+	'$remote_addr [$time_local] '
+	'"$request" $status $body_bytes_sent '
+	'"$http_referer" "$http_user_agent" '
+	'$upstream_response_time $request_time';
+access_log /var/log/nginx/access.log cache_log;
+
 server {
 	listen 80 default_server;
 

nginx/docker-entrypoint.d/01-collectd.sh

@@ -1,12 +0,0 @@
-#!/bin/sh -x
-touch /started
-
-#cat >> /etc/collectd/collectd.conf <<EOF
-cat /etc/collectd/collectd.conf - > /tmp/conf <<EOF
-LoadPlugin nginx
-<Plugin "nginx">
-    URL "http://localhost:80/nginx_status"
-</Plugin>
-EOF
-
-#collectd

nginx/etc/nginx.conf

@@ -66,6 +66,11 @@ http {
 		loader_files=200
 		max_size=200m;
 
+	# use the accept header since some activitypub servers
+	# have both HTML and JSON on the same URI
+        proxy_cache_key $scheme$proxy_host$uri$is_args$args$http_accept;
+
+
 	##
 	# Virtual Host Configs
 	##

pixelfed.yaml

@@ -79,9 +79,11 @@ services:
       - ./pixelfed/env.production
 
   # add the subdomain nginx configuration into the nginx volume
+  # as well as the storage directory for direct sendfile of static data
   nginx:
     volumes:
       - ./pixelfed/nginx.conf:/etc/nginx/templates/pixelfed.conf.template:ro
+      - ./data/pixelfed/storage:/pixelfed/storage:ro
 
   # add the subdomain client secrets to the keycloak-setup volume
   keycloak:

pixelfed/nginx.conf

@@ -13,7 +13,29 @@ server {
 
 	proxy_read_timeout 1800s;
 
+# "GET /storage/m/_v2/502109601351254017/a48ad3dc0-89cf68/8vRxOkz65vOO/h4LB3lmyWrcyMxwcKeyJ8WTf3sEv3RVM8q5UYqA8.jpg HTTP/1.0"
+# should go to data/pixelfed/storage/app/public/m/_v2/502109601351254017/a48ad3dc0-89cf68/8vRxOkz65vOO/h4LB3lmyWrcyMxwcKeyJ8WTf3sEv3RVM8q5UYqA8.jpg
+# mapped to /pixelfed/storage
+
+	location /storage/ {
+        	add_header X-Cache-Status STATIC;
+		alias /pixelfed/storage/app/public/;
+		#access_log off;
+	}
+
 	location / {
+        	proxy_cache mycache;
+        	add_header X-Cache-Status $upstream_cache_status;
+
+		# PHP adds an Expires header that is causing cache miss
+        	proxy_ignore_headers Cache-Control Set-Cookie Expires;
+        	proxy_cache_valid any 1m;
+
+		# logged in sessions and PUT bypass the cache
+		proxy_cache_methods GET HEAD;
+		proxy_no_cache      $cookie_rl_user_id;
+		proxy_cache_bypass  $cookie_rl_user_id;
+  
 		proxy_pass http://pixelfed-app/;
 		#proxy_pass http://172.17.0.1:8080/;
 		proxy_set_header Host $host;