cygnal/support/nginx/cyclassist.conf

# Define API rate limitation
limit_req_zone $binary_remote_addr zone=cycloAPI:10m rate=1r/s;# UWSGI proxy pass

# Define the server to use upstream, here we assume we serve Cyclassist using
# UWSGI.
upstream _cyclassist {
    server unix:/run/uwsgi/app/cyclassist/socket;
}

# Expires map, to ensure correct caching of the assets.
map $sent_http_content_type $expires {
    default                    off;
    text/html                  epoch;
    text/css                   max;
    application/javascript     max;
    ~image/                    max;
}

server {
    listen 443 ssl http2;
    server_name SERVER_NAME;
    root /var/www/cyclassist/dist;

    access_log  /var/log/nginx/cyclo-access.log combined;
    error_log   /var/log/nginx/cyclo-error.log warn;

    ssl                  on;
    ssl_certificate      /etc/letsencrypt/live/cyclo.phyks.me/fullchain.pem;
    ssl_certificate_key  /etc/letsencrypt/live/cyclo.phyks.me/privkey.pem;
    # Tweak the SSL ciphers and so on, see https://wiki.mozilla.org/Security/Server_Side_TLS.

    # Enable GZIP
    gzip on;
    gzip_disable "msie6";
    gzip_vary on;
    gzip_proxied any;
    gzip_comp_level 6;
    gzip_buffers 16 8k;
    gzip_http_version 1.1;
    gzip_min_length 256;
    gzip_types text/plain text/css application/json application/javascript application/x-javascript text/xml application/xml application/xml+rss text/javascript application/vnd.ms-fontobject application/x-font-ttf font/opentype image/svg+xml image/x-icon;

    # Cache control
    expires $expires;
    location ~* \.(?:woff2?|eot|ttf|otf?g) {
        expires max;  # Max caching for font files
    }

    # No caching for the service worker file
    location = /sw.js {
        add_header Last-Modified $date_gmt;
        add_header Cache-Control 'no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';
        if_modified_since off;
        expires off;
        etag off;
    }

    # Proxy pass the API calls to the server part
    location /api {
        limit_req zone=cycloAPI burst=3 nodelay; # Add rate-limiting on top of the API
        include uwsgi_params;
        uwsgi_pass _cyclassist;
    }
}


server {
    listen      80;
    server_name SERVER_NAME;

    root /dev/null;

    include /etc/nginx/snippets/common_vhost.conf;

    return 301 https://$server_name$request_uri;  # Redirect to HTTPS
}
Improve documentation. Fix #45. 2018-10-16 15:42:55 +02:00			`# Define API rate limitation`
Update nginx config 2018-07-18 15:07:40 +02:00			`limit_req_zone $binary_remote_addr zone=cycloAPI:10m rate=1r/s;# UWSGI proxy pass`

Improve documentation. Fix #45. 2018-10-16 15:42:55 +02:00			`# Define the server to use upstream, here we assume we serve Cyclassist using`
			`# UWSGI.`
Add basic configuration files for nginx and uwsgi 2018-07-11 16:58:50 +02:00			`upstream _cyclassist {`
			`server unix:/run/uwsgi/app/cyclassist/socket;`
			`}`

Improve documentation. Fix #45. 2018-10-16 15:42:55 +02:00			`# Expires map, to ensure correct caching of the assets.`
Add basic configuration files for nginx and uwsgi 2018-07-11 16:58:50 +02:00			`map $sent_http_content_type $expires {`
			`default off;`
			`text/html epoch;`
			`text/css max;`
			`application/javascript max;`
			`~image/ max;`
			`}`

			`server {`
			`listen 443 ssl http2;`
			`server_name SERVER_NAME;`
			`root /var/www/cyclassist/dist;`

			`access_log /var/log/nginx/cyclo-access.log combined;`
			`error_log /var/log/nginx/cyclo-error.log warn;`

			`ssl on;`
			`ssl_certificate /etc/letsencrypt/live/cyclo.phyks.me/fullchain.pem;`
			`ssl_certificate_key /etc/letsencrypt/live/cyclo.phyks.me/privkey.pem;`
			`# Tweak the SSL ciphers and so on, see https://wiki.mozilla.org/Security/Server_Side_TLS.`

			`# Enable GZIP`
			`gzip on;`
			`gzip_disable "msie6";`
			`gzip_vary on;`
			`gzip_proxied any;`
			`gzip_comp_level 6;`
			`gzip_buffers 16 8k;`
			`gzip_http_version 1.1;`
			`gzip_min_length 256;`
			`gzip_types text/plain text/css application/json application/javascript application/x-javascript text/xml application/xml application/xml+rss text/javascript application/vnd.ms-fontobject application/x-font-ttf font/opentype image/svg+xml image/x-icon;`

			`# Cache control`
			`expires $expires;`
			`location ~* \.(?:woff2?\|eot\|ttf\|otf?g) {`
Fix comment error in nginx support file 2018-07-13 18:45:00 +02:00			`expires max; # Max caching for font files`
Add basic configuration files for nginx and uwsgi 2018-07-11 16:58:50 +02:00			`}`

Add a service worker and cache assets Assets are served from the local cache preferably. They are fetched from the network if not available. This new addition also enables the "Add to homescreen" in Chrome/Chromium. Fix #22. 2018-10-25 16:50:38 +02:00			`# No caching for the service worker file`
			`location = /sw.js {`
			`add_header Last-Modified $date_gmt;`
			`add_header Cache-Control 'no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';`
			`if_modified_since off;`
			`expires off;`
			`etag off;`
			`}`

Add basic configuration files for nginx and uwsgi 2018-07-11 16:58:50 +02:00			`# Proxy pass the API calls to the server part`
			`location /api {`
Improve documentation. Fix #45. 2018-10-16 15:42:55 +02:00			`limit_req zone=cycloAPI burst=3 nodelay; # Add rate-limiting on top of the API`
Add basic configuration files for nginx and uwsgi 2018-07-11 16:58:50 +02:00			`include uwsgi_params;`
			`uwsgi_pass _cyclassist;`
			`}`
			`}`


			`server {`
			`listen 80;`
			`server_name SERVER_NAME;`

			`root /dev/null;`

			`include /etc/nginx/snippets/common_vhost.conf;`

			`return 301 https://$server_name$request_uri; # Redirect to HTTPS`
			`}`