Page MenuHomeDevCentral

D3295.diff
No OneTemporary

D3295.diff

diff --git a/roles/paas-docker/containers/penpot_web.sls b/roles/paas-docker/containers/penpot_web.sls
--- a/roles/paas-docker/containers/penpot_web.sls
+++ b/roles/paas-docker/containers/penpot_web.sls
@@ -41,6 +41,10 @@
file.directory:
- makedirs: True
+/srv/{{ container["realm"] }}/cache:
+ file.directory:
+ - makedirs: True
+
penpot_{{ container["realm"] }}_public_content:
cmd.run:
- name: |
@@ -65,6 +69,15 @@
selinux_context_penpot_public_data_applied:
selinux.fcontext_policy_applied:
- name: /srv/{{ container["realm"] }}/public
+
+selinux_context_penpot_cache_data:
+ selinux.fcontext_policy_present:
+ - name: /srv/{{ container["realm"] }}/cache
+ - sel_type: httpd_cache_t
+
+selinux_context_penpot_cache_data_applied:
+ selinux.fcontext_policy_applied:
+ - name: /srv/{{ container["realm"] }}/cache
{% endif %}
# -------------------------------------------------------------
diff --git a/roles/paas-docker/nginx/files/vhosts/penpot_web.conf b/roles/paas-docker/nginx/files/vhosts/penpot_web.conf
--- a/roles/paas-docker/nginx/files/vhosts/penpot_web.conf
+++ b/roles/paas-docker/nginx/files/vhosts/penpot_web.conf
@@ -11,6 +11,15 @@
# and will be lost if the state is redeployed.
# </auto-generated>
+# -------------------------------------------------------------
+# Proxy cache
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+proxy_cache_path /srv/{{ args["realm"] }}/cache levels=2:2 keys_zone=penpot:20m;
+proxy_cache_methods GET HEAD;
+proxy_cache_valid any 48h;
+proxy_cache_key "$host$request_uri";
+
# -------------------------------------------------------------
# Application - {{ fqdn }}
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
@@ -69,6 +78,29 @@
error_page 301 302 307 = @handle_redirect;
}
+ location /internal/gfonts/css {
+ resolver 8.8.8.8 8.8.4.4;
+ proxy_pass https://fonts.googleapis.com/css?$args;
+ proxy_hide_header Access-Control-Allow-Origin;
+ proxy_hide_header Cross-Origin-Resource-Policy;
+ proxy_hide_header Link;
+ proxy_hide_header Alt-Svc;
+ proxy_hide_header Cache-Control;
+ proxy_hide_header Expires;
+
+ proxy_ignore_headers Set-Cookie Vary Cache-Control Expires;
+
+ proxy_set_header User-Agent "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.0.0 Safari/537.36";
+ proxy_set_header Host "fonts.googleapis.com";
+ proxy_set_header Accept "*/*";
+
+ proxy_cache penpot;
+
+ add_header Access-Control-Allow-Origin $http_origin;
+ add_header Cache-Control max-age=86400;
+ add_header X-Cache-Status $upstream_cache_status;
+ }
+
location /internal/assets {
internal;
alias /srv/{{ args["realm"] }}/assets;
@@ -90,6 +122,32 @@
}
location / {
+ location ~ ^/internal/gfonts/font/(?<font_file>.+) {
+ resolver 8.8.8.8 8.8.4.4;
+ proxy_pass https://fonts.gstatic.com/s/$font_file;
+
+ proxy_hide_header Access-Control-Allow-Origin;
+ proxy_hide_header Cross-Origin-Resource-Policy;
+ proxy_hide_header Link;
+ proxy_hide_header Alt-Svc;
+ proxy_hide_header Cache-Control;
+ proxy_hide_header Expires;
+ proxy_hide_header Cross-Origin-Opener-Policy;
+ proxy_hide_header Report-To;
+
+ proxy_ignore_headers Set-Cookie Vary Cache-Control Expires;
+
+ proxy_set_header User-Agent "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.0.0 Safari/537.36";
+ proxy_set_header Host "fonts.gstatic.com";
+ proxy_set_header Accept "*/*";
+
+ proxy_cache penpot;
+
+ add_header Access-Control-Allow-Origin $http_origin;
+ add_header Cache-Control max-age=86400;
+ add_header X-Cache-Status $upstream_cache_status;
+ }
+
location ~* \.(js|css).*$ {
add_header Cache-Control "max-age=86400" always; # 24 hours
}
@@ -97,7 +155,16 @@
location ~* \.(html).*$ {
add_header Cache-Control "no-cache, max-age=0" always;
}
+
+ location ~ ^/(/|css|fonts|images|js|wasm) {
+ }
+
+ location ~ ^/[^/]+/(.*)$ {
+ return 301 " /404";
+ }
+
root /srv/{{ args["realm"] }}/public;
+ try_files $uri /index.html$is_args$args =404;
}
root /var/wwwroot-502/_default;

File Metadata

Mime Type
text/plain
Expires
Tue, Nov 26, 07:04 (19 h, 29 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
2264184
Default Alt Text
D3295.diff (4 KB)

Event Timeline