Page Menu
Home
DevCentral
Search
Configure Global Search
Log In
Files
F3779018
D3295.diff
No One
Temporary
Actions
View File
Edit File
Delete File
View Transforms
Subscribe
Mute Notifications
Award Token
Flag For Later
Size
4 KB
Referenced Files
None
Subscribers
None
D3295.diff
View Options
diff --git a/roles/paas-docker/containers/penpot_web.sls b/roles/paas-docker/containers/penpot_web.sls
--- a/roles/paas-docker/containers/penpot_web.sls
+++ b/roles/paas-docker/containers/penpot_web.sls
@@ -41,6 +41,10 @@
file.directory:
- makedirs: True
+/srv/{{ container["realm"] }}/cache:
+ file.directory:
+ - makedirs: True
+
penpot_{{ container["realm"] }}_public_content:
cmd.run:
- name: |
@@ -65,6 +69,15 @@
selinux_context_penpot_public_data_applied:
selinux.fcontext_policy_applied:
- name: /srv/{{ container["realm"] }}/public
+
+selinux_context_penpot_cache_data:
+ selinux.fcontext_policy_present:
+ - name: /srv/{{ container["realm"] }}/cache
+ - sel_type: httpd_cache_t
+
+selinux_context_penpot_cache_data_applied:
+ selinux.fcontext_policy_applied:
+ - name: /srv/{{ container["realm"] }}/cache
{% endif %}
# -------------------------------------------------------------
diff --git a/roles/paas-docker/nginx/files/vhosts/penpot_web.conf b/roles/paas-docker/nginx/files/vhosts/penpot_web.conf
--- a/roles/paas-docker/nginx/files/vhosts/penpot_web.conf
+++ b/roles/paas-docker/nginx/files/vhosts/penpot_web.conf
@@ -11,6 +11,15 @@
# and will be lost if the state is redeployed.
# </auto-generated>
+# -------------------------------------------------------------
+# Proxy cache
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+proxy_cache_path /srv/{{ args["realm"] }}/cache levels=2:2 keys_zone=penpot:20m;
+proxy_cache_methods GET HEAD;
+proxy_cache_valid any 48h;
+proxy_cache_key "$host$request_uri";
+
# -------------------------------------------------------------
# Application - {{ fqdn }}
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
@@ -69,6 +78,29 @@
error_page 301 302 307 = @handle_redirect;
}
+ location /internal/gfonts/css {
+ resolver 8.8.8.8 8.8.4.4;
+ proxy_pass https://fonts.googleapis.com/css?$args;
+ proxy_hide_header Access-Control-Allow-Origin;
+ proxy_hide_header Cross-Origin-Resource-Policy;
+ proxy_hide_header Link;
+ proxy_hide_header Alt-Svc;
+ proxy_hide_header Cache-Control;
+ proxy_hide_header Expires;
+
+ proxy_ignore_headers Set-Cookie Vary Cache-Control Expires;
+
+ proxy_set_header User-Agent "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.0.0 Safari/537.36";
+ proxy_set_header Host "fonts.googleapis.com";
+ proxy_set_header Accept "*/*";
+
+ proxy_cache penpot;
+
+ add_header Access-Control-Allow-Origin $http_origin;
+ add_header Cache-Control max-age=86400;
+ add_header X-Cache-Status $upstream_cache_status;
+ }
+
location /internal/assets {
internal;
alias /srv/{{ args["realm"] }}/assets;
@@ -90,6 +122,32 @@
}
location / {
+ location ~ ^/internal/gfonts/font/(?<font_file>.+) {
+ resolver 8.8.8.8 8.8.4.4;
+ proxy_pass https://fonts.gstatic.com/s/$font_file;
+
+ proxy_hide_header Access-Control-Allow-Origin;
+ proxy_hide_header Cross-Origin-Resource-Policy;
+ proxy_hide_header Link;
+ proxy_hide_header Alt-Svc;
+ proxy_hide_header Cache-Control;
+ proxy_hide_header Expires;
+ proxy_hide_header Cross-Origin-Opener-Policy;
+ proxy_hide_header Report-To;
+
+ proxy_ignore_headers Set-Cookie Vary Cache-Control Expires;
+
+ proxy_set_header User-Agent "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.0.0 Safari/537.36";
+ proxy_set_header Host "fonts.gstatic.com";
+ proxy_set_header Accept "*/*";
+
+ proxy_cache penpot;
+
+ add_header Access-Control-Allow-Origin $http_origin;
+ add_header Cache-Control max-age=86400;
+ add_header X-Cache-Status $upstream_cache_status;
+ }
+
location ~* \.(js|css).*$ {
add_header Cache-Control "max-age=86400" always; # 24 hours
}
@@ -97,7 +155,16 @@
location ~* \.(html).*$ {
add_header Cache-Control "no-cache, max-age=0" always;
}
+
+ location ~ ^/(/|css|fonts|images|js|wasm) {
+ }
+
+ location ~ ^/[^/]+/(.*)$ {
+ return 301 " /404";
+ }
+
root /srv/{{ args["realm"] }}/public;
+ try_files $uri /index.html$is_args$args =404;
}
root /var/wwwroot-502/_default;
File Metadata
Details
Attached
Mime Type
text/plain
Expires
Tue, Nov 26, 07:04 (19 h, 29 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
2264184
Default Alt Text
D3295.diff (4 KB)
Attached To
Mode
D3295: Update nginx front-end configuration for Penpot
Attached
Detach File
Event Timeline
Log In to Comment