penpot_ynh/conf/nginx.conf

#sub_path_only rewrite ^$ / permanent;

location @handle_redirect {
    set $redirect_uri "$upstream_http_location";
    set $redirect_host "$upstream_http_x_host";
    set $redirect_cache_control "$upstream_http_cache_control";

    proxy_buffering off;

    proxy_set_header Host "$redirect_host";
    proxy_hide_header etag;
    proxy_hide_header x-amz-id-2;
    proxy_hide_header x-amz-request-id;
    proxy_hide_header x-amz-meta-server-side-encryption;
    proxy_hide_header x-amz-server-side-encryption;
    proxy_pass $redirect_uri;

    more_set_headers "x-internal-redirect: '$redirect_uri'";
    more_set_headers "x-cache-control: '$redirect_cache_control'";
    more_set_headers "cache-control: '$redirect_cache_control' -s '200 201 206 301 302 303 307 308'";
}

location /assets {
    proxy_pass http://127.0.0.1:__PORT__/assets;
    recursive_error_pages on;
    proxy_intercept_errors on;
    error_page 301 302 307 = @handle_redirect;
}

location /internal/gfonts/css {
    resolver 8.8.8.8 ipv6=off valid=30s;
    proxy_pass https://fonts.googleapis.com/css?$args;
    proxy_hide_header Access-Control-Allow-Origin;
    proxy_hide_header Cross-Origin-Resource-Policy;
    proxy_hide_header Link;
    proxy_hide_header Alt-Svc;
    proxy_hide_header Cache-Control;
    proxy_hide_header Expires;

    proxy_ignore_headers Set-Cookie Vary Cache-Control Expires;

    proxy_set_header User-Agent "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.0.0 Safari/537.36";
    proxy_set_header Host "fonts.googleapis.com";
    proxy_set_header Accept "*/*";

    more_set_headers "Access-Control-Allow-Origin: $http_origin";
    more_set_headers "Cache-Control: max-age=86400  -s '200 201 206 301 302 303 307 308'";
    more_set_headers "X-Cache-Status: $upstream_cache_status";
}

location /internal/assets/ {
    internal;
    alias __DATA_DIR__/assets/;
    more_set_headers "x-internal-redirect: '$upstream_http_x_accel_redirect'";
}

location /api/export {
    proxy_pass http://127.0.0.1:__PORT_EXPORTER__;
}

location /api {
    client_max_body_size 100M;
    proxy_pass http://127.0.0.1:__PORT__/api;
}

location /ws/notifications {
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection 'upgrade';
    proxy_pass http://127.0.0.1:__PORT__/ws/notifications;
}

location / {
    location ~ ^/internal/gfonts/font/(?<font_file>.+) {
        resolver 8.8.8.8 ipv6=off valid=30s;
        proxy_pass https://fonts.gstatic.com/s/$font_file;

        proxy_hide_header Access-Control-Allow-Origin;
        proxy_hide_header Cross-Origin-Resource-Policy;
        proxy_hide_header Link;
        proxy_hide_header Alt-Svc;
        proxy_hide_header Cache-Control;
        proxy_hide_header Expires;
        proxy_hide_header Cross-Origin-Opener-Policy;
        proxy_hide_header Report-To;

        proxy_ignore_headers Set-Cookie Vary Cache-Control Expires;

        proxy_set_header User-Agent "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.0.0 Safari/537.36";
        proxy_set_header Host "fonts.gstatic.com";
        proxy_set_header Accept "*/*";

        # proxy_cache penpot;

        more_set_headers "Access-Control-Allow-Origin: $http_origin";
        more_set_headers "Cache-Control: max-age=86400  -s '200 201 206 301 302 303 307 308'";
        more_set_headers "X-Cache-Status: $upstream_cache_status";
    }

    location ~* ^/.*\.(js|css).*$ {
        more_set_headers "Cache-Control: 'max-age=86400'"; # 24 hours
    }

    location ~* ^/.*\.(html).*$ {
        more_set_headers "Cache-Control: 'no-cache, max-age=0'";
    }
    
    location ~ ^/(/|css|fonts|images|js|wasm) {
    }
    
    location ~ ^/[^/]+/(.*)$ {
        return 301 " /404";
    }

    root __INSTALL_DIR__/frontend/;
    try_files $uri /index.html$is_args$args =404;
}