Skip to content

Commit

Permalink
chore: add static-off config
Browse files Browse the repository at this point in the history
  • Loading branch information
alexgarel committed Sep 12, 2023
1 parent 850b716 commit ad96ea3
Showing 1 changed file with 82 additions and 0 deletions.
82 changes: 82 additions & 0 deletions confs/ovh3/nginx/sites-available/static-off
Original file line number Diff line number Diff line change
@@ -0,0 +1,82 @@
# définition d'une liste d'upstream (priorité au début)
log_format combined_upstream '$remote_addr - $remote_user [$time_local] '
'"$request" $status $body_bytes_sent '
'"$http_referer" "$http_user_agent" c=$upstream_cache_status u=$upstream_addr t=$request_time';

upstream openfoodfacts {
server 10.0.0.3:443 weight=100;
server off1.openfoodfacts.org:443;

keepalive 16;
}

proxy_cache_path
/dev/shm/off-static
keys_zone=off-static:10m
levels=1:2
inactive=24h
max_size=4G;

# https://static.openfoodfacts.org
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name static.openfoodfacts.org images.openfoodfacts.org;

access_log /rpool/logs-nginx/static-access.log combined_upstream buffer=256K flush=1s;

ssl_certificate /etc/letsencrypt/live/images.openfoodfacts.org/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/images.openfoodfacts.org/privkey.pem; # managed by Certbot
ssl_trusted_certificate /etc/nginx/acme.sh/live/openfoodfacts.org/ca.pem;

ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
ssl_ecdh_curve secp384r1;
#ssl_session_cache shared:SSL:10m;
ssl_session_tickets off;
ssl_stapling on;
ssl_stapling_verify on;
resolver 9.9.9.9 8.8.8.8 valid=300s;
resolver_timeout 5s;

root /rpool/off/ ;


if ($http_referer ~* (jobothoniel.com) ) {
return 403;
}

location / {
# test en local, puis sur off1
try_files $uri @off1;
sendfile on;
sendfile_max_chunk 1m;
tcp_nopush on;

add_header Link "<http://creativecommons.org/licenses/by-sa/3.0/>; rel='license'; title='CC-BY-SA 3.0'";
add_header Access-Control-Allow-Origin *;
add_header Access-Control-Allow-Methods 'GET, POST, OPTIONS';
add_header Access-Control-Allow-Headers 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,If-None-Match';
add_header Access-Control-Expose-Headers 'Content-Length,Content-Range';
}

location @off1 {
proxy_pass https://off1.openfoodfacts.org;
# proxy_next_upstream error http_404;
proxy_http_version 1.1;
proxy_set_header Connection "";

proxy_cache off-static;
proxy_cache_valid 200 1d;
proxy_cache_key $request_uri;
add_header X-Cache-Status $upstream_cache_status;
add_header X-From $upstream_addr;

proxy_set_header Host cache.openfoodfacts.org;

# évite un double accès disque pour le cache
proxy_temp_path off;
}

}

0 comments on commit ad96ea3

Please sign in to comment.