cygnal/support/nginx/cyclassist.conf
Phyks (Lucas Verney) 903ad14bbc Add a service worker and cache assets
Assets are served from the local cache preferably. They are fetched from
the network if not available. This new addition also enables the "Add to
homescreen" in Chrome/Chromium.

Fix #22.
2018-10-26 14:15:56 +02:00

77 lines
2.3 KiB
Plaintext

# Define API rate limitation
limit_req_zone $binary_remote_addr zone=cycloAPI:10m rate=1r/s;# UWSGI proxy pass
# Define the server to use upstream, here we assume we serve Cyclassist using
# UWSGI.
upstream _cyclassist {
server unix:/run/uwsgi/app/cyclassist/socket;
}
# Expires map, to ensure correct caching of the assets.
map $sent_http_content_type $expires {
default off;
text/html epoch;
text/css max;
application/javascript max;
~image/ max;
}
server {
listen 443 ssl http2;
server_name SERVER_NAME;
root /var/www/cyclassist/dist;
access_log /var/log/nginx/cyclo-access.log combined;
error_log /var/log/nginx/cyclo-error.log warn;
ssl on;
ssl_certificate /etc/letsencrypt/live/cyclo.phyks.me/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/cyclo.phyks.me/privkey.pem;
# Tweak the SSL ciphers and so on, see https://wiki.mozilla.org/Security/Server_Side_TLS.
# Enable GZIP
gzip on;
gzip_disable "msie6";
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_buffers 16 8k;
gzip_http_version 1.1;
gzip_min_length 256;
gzip_types text/plain text/css application/json application/javascript application/x-javascript text/xml application/xml application/xml+rss text/javascript application/vnd.ms-fontobject application/x-font-ttf font/opentype image/svg+xml image/x-icon;
# Cache control
expires $expires;
location ~* \.(?:woff2?|eot|ttf|otf?g) {
expires max; # Max caching for font files
}
# No caching for the service worker file
location = /sw.js {
add_header Last-Modified $date_gmt;
add_header Cache-Control 'no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';
if_modified_since off;
expires off;
etag off;
}
# Proxy pass the API calls to the server part
location /api {
limit_req zone=cycloAPI burst=3 nodelay; # Add rate-limiting on top of the API
include uwsgi_params;
uwsgi_pass _cyclassist;
}
}
server {
listen 80;
server_name SERVER_NAME;
root /dev/null;
include /etc/nginx/snippets/common_vhost.conf;
return 301 https://$server_name$request_uri; # Redirect to HTTPS
}