diff --git a/docker/web/Dockerfile b/docker/web/Dockerfile index cf267ee0..f270a619 100644 --- a/docker/web/Dockerfile +++ b/docker/web/Dockerfile @@ -9,6 +9,7 @@ RUN apk add --no-cache gettext curl perl && opm get jkeys089/lua-resty-hmac=0.06 COPY docker/web/aws-signature.lua /etc/nginx/lua COPY docker/web/nginx.conf /tmp/docker.nginx RUN envsubst '$APP_DIR $S3_SCHEME $S3_HOST $S3_PORT $S3_BUCKET' < /tmp/docker.nginx > /etc/nginx/conf.d/default.conf && \ + mkdir -p /var/www/cache/tmp && \ echo 'env AWS_ACCESS_KEY_ID;' >> /usr/local/openresty/nginx/conf/nginx.conf && \ echo 'env AWS_SECRET_ACCESS_KEY;' >> /usr/local/openresty/nginx/conf/nginx.conf EXPOSE 80 diff --git a/docker/web/nginx.conf b/docker/web/nginx.conf index 788c9ee5..26dc7af3 100644 --- a/docker/web/nginx.conf +++ b/docker/web/nginx.conf @@ -45,6 +45,8 @@ init_by_lua_block { end } +proxy_cache_path /var/www/cache levels=1:2 keys_zone=s3-cache:8m max_size=1000m inactive=600m; + server { listen 80 default; listen [::]:80; @@ -54,10 +56,13 @@ server { client_max_body_size 125000000; client_body_buffer_size 128k; - location ~ ^/img/view/(.+)/([0-9]+).*\.([A-Za-z0-9]+)$ { - rewrite ^/img/view/(.+)/([0-9]+).*\.([A-Za-z0-9]+)$ "/$S3_BUCKET/images/$1/$2/full.$3" break; + location /$S3_BUCKET { + internal; + access_by_lua "sign_aws_request()"; proxy_pass "$S3_SCHEME://$S3_HOST:$S3_PORT"; + proxy_cache s3-cache; + proxy_cache_valid 1h; proxy_hide_header Content-Type; proxy_ssl_server_name on; @@ -68,51 +73,34 @@ server { location ~ ^/img/download/(.+)/([0-9]+).*\.([A-Za-z0-9]+)$ { rewrite ^/img/download/(.+)/([0-9]+).*\.([A-Za-z0-9]+)$ "/$S3_BUCKET/images/$1/$2/full.$3" break; + access_by_lua "sign_aws_request()"; proxy_pass "$S3_SCHEME://$S3_HOST:$S3_PORT"; + proxy_cache s3-cache; + proxy_cache_valid 1h; proxy_hide_header Content-Type; proxy_ssl_server_name on; - expires max; + expires max; add_header Cache-Control public; add_header Content-Type $custom_content_type; add_header Content-Disposition "attachment"; } - location ~ ^/img/(.+)$ { - rewrite ^/img/(.+)$ "/$S3_BUCKET/images/$1" break; - access_by_lua "sign_aws_request()"; - proxy_pass "$S3_SCHEME://$S3_HOST:$S3_PORT"; - proxy_hide_header Content-Type; - proxy_ssl_server_name on; + location ~ ^/img/view/(.+)/([0-9]+).*\.([A-Za-z0-9]+)$ { + rewrite ^/img/view/(.+)/([0-9]+).*\.([A-Za-z0-9]+)$ "/$S3_BUCKET/images/$1/$2/full.$3" last; + } - expires max; - add_header Cache-Control public; - add_header Content-Type $custom_content_type; + location ~ ^/img/(.+)$ { + rewrite ^/img/(.+)$ "/$S3_BUCKET/images/$1" last; } location ~ ^/spns/(.+) { - rewrite ^/spns/(.+)$ "/$S3_BUCKET/adverts/$1" break; - access_by_lua "sign_aws_request()"; - proxy_pass "$S3_SCHEME://$S3_HOST:$S3_PORT"; - proxy_hide_header Content-Type; - proxy_ssl_server_name on; - - expires max; - add_header Cache-Control public; - add_header Content-Type $custom_content_type; + rewrite ^/spns/(.+)$ "/$S3_BUCKET/adverts/$1" last; } location ~ ^/avatars/(.+) { - rewrite ^/avatars/(.+)$ "/$S3_BUCKET/avatars/$1" break; - access_by_lua "sign_aws_request()"; - proxy_pass "$S3_SCHEME://$S3_HOST:$S3_PORT"; - proxy_hide_header Content-Type; - proxy_ssl_server_name on; - - expires max; - add_header Cache-Control public; - add_header Content-Type $custom_content_type; + rewrite ^/avatars/(.+)$ "/$S3_BUCKET/avatars/$1" last; } # The following two location blocks use an -img suffix to avoid @@ -120,27 +108,11 @@ server { # is not necessary since assets will be on a distinct domain. location ~ ^/badge-img/(.+) { - rewrite ^/badge-img/(.+)$ "/$S3_BUCKET/badges/$1" break; - access_by_lua "sign_aws_request()"; - proxy_pass "$S3_SCHEME://$S3_HOST:$S3_PORT"; - proxy_hide_header Content-Type; - proxy_ssl_server_name on; - - expires max; - add_header Cache-Control public; - add_header Content-Type $custom_content_type; + rewrite ^/badge-img/(.+)$ "/$S3_BUCKET/badges/$1" last; } location ~ ^/tag-img/(.+) { - rewrite ^/tag-img/(.+)$ "/$S3_BUCKET/tags/$1" break; - access_by_lua "sign_aws_request()"; - proxy_pass "$S3_SCHEME://$S3_HOST:$S3_PORT"; - proxy_hide_header Content-Type; - proxy_ssl_server_name on; - - expires max; - add_header Cache-Control public; - add_header Content-Type $custom_content_type; + rewrite ^/tag-img/(.+)$ "/$S3_BUCKET/tags/$1" last; } location / {