From a26ca1a90b4b2941ceecc83227565becdcbd2f2b Mon Sep 17 00:00:00 2001
From: oufmilo <44617467+oufmilo@users.noreply.github.com>
Date: Thu, 22 Dec 2022 21:07:48 +0100
Subject: [PATCH] Update nginx.conf

---
 conf/nginx.conf | 63 +++++++++++++++++++++++++++++++++++++++----------
 1 file changed, 50 insertions(+), 13 deletions(-)

diff --git a/conf/nginx.conf b/conf/nginx.conf
index 1f1945c..0d4ef5e 100644
--- a/conf/nginx.conf
+++ b/conf/nginx.conf
@@ -4,23 +4,60 @@ location __PATH__/ {
   # Path to source
   alias __FINALPATH__/ ;
 
-### Example PHP configuration (remove it if not used)
-  index index.php;
-
   # Common parameter to increase upload size limit in conjunction with dedicated php-fpm file
   #client_max_body_size 50M;
 
-  try_files $uri $uri/ index.php;
-  location ~ [^/]\.php(/|$) {
-    fastcgi_split_path_info ^(.+?\.php)(/.*)$;
-    fastcgi_pass unix:/var/run/php/php__PHPVERSION__-fpm-__NAME__.sock;
+  
+    # store responses to anonymous users for up to 1 minute
+    proxy_cache bookwyrm_cache;
+    proxy_cache_valid any 1m;
+    add_header X-Cache-Status $upstream_cache_status;
 
-    fastcgi_index index.php;
-    include fastcgi_params;
-    fastcgi_param REMOTE_USER $remote_user;
-    fastcgi_param PATH_INFO $fastcgi_path_info;
-    fastcgi_param SCRIPT_FILENAME $request_filename;
-  }
+    # ignore the set cookie header when deciding to
+    # store a response in the cache
+    proxy_ignore_headers Cache-Control Set-Cookie Expires;
+
+    # PUT requests always bypass the cache
+    # logged in sessions also do not populate the cache
+    # to avoid serving personal data to anonymous users
+    proxy_cache_methods GET HEAD;
+    proxy_no_cache      $cookie_sessionid;
+    proxy_cache_bypass  $cookie_sessionid;
+
+    # tell the web container the address of the outside client
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header Host $host;
+    proxy_redirect off;
+
+    location ~ ^/(login[^-/]|password-reset|resend-link|2fa-check) {
+        limit_req zone=loginlimit;
+        proxy_pass http://web;
+    }
+
+    # do not log periodic polling requests from logged in users
+    location /api/updates/ {
+        access_log off;
+        proxy_pass http://web;
+    }
+
+    location / {
+        proxy_pass http://127.0.0.1:__PORT__;
+    }
+  
+  try_files $uri $uri/ index.php;
+    location ~ ^/(images|static)/ {
+        root /app;
+        try_files $uri =404;
+        add_header X-Cache-Status STATIC;
+        access_log off;
+    }
+
+    # monitor the celery queues with flower, no caching enabled
+    location /flower/ {
+       proxy_pass http://flower:8888;
+       proxy_cache_bypass 1;
+    }
+  
 ### End of PHP configuration part
 
   # Include SSOWAT user panel.