From 52fdc2614bf703c17c550df75832830440043965 Mon Sep 17 00:00:00 2001
From: Dominik Pschenitschni <dpschen@noreply.kolaente.de>
Date: Sat, 2 Apr 2022 16:12:47 +0000
Subject: [PATCH] feat: nginx improvements (#1545)

Co-authored-by: Dominik Pschenitschni <mail@celement.de>
Reviewed-on: https://kolaente.dev/vikunja/frontend/pulls/1545
Reviewed-by: konrad <k@knt.li>
Co-authored-by: Dominik Pschenitschni <dpschen@noreply.kolaente.de>
Co-committed-by: Dominik Pschenitschni <dpschen@noreply.kolaente.de>
---
 nginx.conf | 145 ++++++++++++++++++++++++++++++++---------------------
 1 file changed, 88 insertions(+), 57 deletions(-)

diff --git a/nginx.conf b/nginx.conf
index 9b0674b72..56e34e81b 100644
--- a/nginx.conf
+++ b/nginx.conf
@@ -6,79 +6,110 @@ pid        /var/run/nginx.pid;
 
 
 events {
-    worker_connections  1024;
+	worker_connections  1024;
 }
 
 
 http {
-    include       /etc/nginx/mime.types;
-    default_type  application/octet-stream;
+	include       /etc/nginx/mime.types;
+	default_type  application/octet-stream;
 
-    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
-                      '$status $body_bytes_sent "$http_referer" '
-                      '"$http_user_agent" "$http_x_forwarded_for"';
+	types {
+		application/manifest+json webmanifest;
+	}
 
-    access_log  /var/log/nginx/access.log  main;
+	log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
+					  '$status $body_bytes_sent "$http_referer" '
+					  '"$http_user_agent" "$http_x_forwarded_for"';
 
-    sendfile        on;
-    #tcp_nopush     on;
+	access_log  /var/log/nginx/access.log  main;
 
-    keepalive_timeout  65;
+	sendfile        on;
+	#tcp_nopush     on;
 
-    gzip  on;
-    gzip_disable "msie6";
+	keepalive_timeout  65;
 
-    gzip_vary on;
-    gzip_proxied any;
-    gzip_comp_level 6;
-    gzip_buffers 16 8k;
-    gzip_http_version 1.1;
-    gzip_min_length 256;
-    gzip_types text/plain text/css application/json application/x-javascript application/javascript text/xml application/xml application/xml+rss text/javascript application/vnd.ms-fontobject application/x-font-ttf font/opentype image/svg+xml image/x-icon audio/wav;
+	gzip  on;
 
-    map_hash_max_size 128;
-    map_hash_bucket_size 128;
+	gzip_vary on;
+	gzip_proxied any;
+	gzip_comp_level 6;
+	gzip_buffers 16 8k;
+	gzip_http_version 1.1;
+	gzip_min_length 256;
+	gzip_types
+		text/plain
+		text/css
+		application/json
+		application/x-javascript
+		application/javascript
+		text/xml
+		application/xml
+		application/xml+rss
+		text/javascript
+		application/vnd.ms-fontobject
+		application/x-font-ttf
+		font/opentype
+		image/svg+xml
+		image/x-icon
+		audio/wav;
 
-    # Expires map
-    map $sent_http_content_type $expires {
-        default                       off;
-        text/html                     max;
-        text/css                      max;
-        application/javascript        max;
-        text/javascript               max;
-        application/vnd.ms-fontobject max;
-        application/x-font-ttf        max;
-        font/opentype                 max;
-        font/woff2                    max;
-        image/svg+xml                 max;
-        image/x-icon                  max;
-        audio/wav                     max;
-        ~image/                       max;
-        ~font/                        max;
-    }
+	map_hash_max_size 128;
+	map_hash_bucket_size 128;
 
-    server {
-        listen 80;
-        listen 81  default_server http2 proxy_protocol; ## Needed when behind HAProxy with SSL termination + HTTP/2 support
+	# Expires map
+	map $sent_http_content_type $expires {
+		default                       off;
+		text/css                      max;
+		application/javascript        max;
+		text/javascript               max;
+		application/vnd.ms-fontobject max;
+		application/x-font-ttf        max;
+		font/opentype                 max;
+		font/woff2                    max;
+		image/svg+xml                 max;
+		image/x-icon                  max;
+		audio/wav                     max;
+		~images/                      max;
+		~font/                        max;
+	}
 
-        server_name  _;
+	server {
+		listen 80;
+		listen 81  default_server http2 proxy_protocol; ## Needed when behind HAProxy with SSL termination + HTTP/2 support
 
-        expires $expires;
+		server_name  _;
 
-        location ~* .(txt|webmanifest|css|js|mjs|map|svg|jpg|jpeg|png|ico|ttf|woff|woff2|wav)$ {
-            root   /usr/share/nginx/html;
-            try_files $uri $uri/ =404;
-        }
+		expires $expires;
 
-        location / {
-            root   /usr/share/nginx/html;
-            try_files $uri $uri/ /index.html;
-            index  index.html;
-        }
+		root   /usr/share/nginx/html;
 
-        error_page   500 502 503 504  /50x.html;
-        location = /50x.html {
-            root   /usr/share/nginx/html;
-        }
-    }
+		# all assets contain hash in filename, cache forever
+		location ^~ /assets/ {
+			add_header Cache-Control "public, max-age=31536000, s-maxage=31536000, immutable";
+			try_files $uri =404;
+		}
+
+		# all workbox scripts are compiled with hash in filename, cache forever3
+		location ^~ /workbox- {
+			add_header Cache-Control "public, max-age=31536000, s-maxage=31536000, immutable";
+			try_files $uri =404;
+		}
+
+		# assume that everything else is handled by the application router, by injecting the index.html.
+		location / {
+			autoindex off;
+			expires off;
+			add_header Cache-Control "public, max-age=0, s-maxage=0, must-revalidate" always;
+			try_files $uri /index.html =404;
+		}
+
+		location ~* .(txt|webmanifest|css|js|mjs|map|svg|jpg|jpeg|png|ico|ttf|woff|woff2|wav)$ {
+			try_files $uri $uri/ =404;
+		}
+
+		error_page   500 502 503 504  /50x.html;
+		location = /50x.html {
+		}
+	}
 }