Zac
3ea896c368
The api.js library-list fix from the previous commit never reached the browser because nginx served all .js with `Cache-Control: public, immutable; max-age=31536000`. The HTML referenced api.js with no version query, so the browser kept its year-cached buggy copy. * nginx.conf: drop .js from the immutable long-cache block, add a no-cache must-revalidate block so future redeploys are picked up immediately. * All HTML files: tag api.js refs with ?v=4 so already-running browsers fetch the new version on next page load.
93 lines
2.9 KiB
Nginx Configuration File
93 lines
2.9 KiB
Nginx Configuration File
server {
|
|
listen 80;
|
|
server_name _;
|
|
|
|
# Docker embedded DNS — defers upstream resolution to request time
|
|
# This prevents nginx crashing at startup if sibling containers aren't
|
|
# ready yet (which happens on the first `docker compose up`).
|
|
resolver 127.0.0.11 valid=10s ipv6=off;
|
|
|
|
# Allow unlimited client upload size
|
|
client_max_body_size 0;
|
|
|
|
# Gzip compression
|
|
gzip on;
|
|
gzip_types text/plain text/css text/javascript application/javascript application/json;
|
|
gzip_min_length 1000;
|
|
|
|
# Root location - serve static files
|
|
root /usr/share/nginx/html;
|
|
|
|
# Cache static assets aggressively
|
|
location ~* \.(css|png|jpg|jpeg|gif|ico|svg|woff|woff2|ttf|eot)$ {
|
|
expires 1y;
|
|
add_header Cache-Control "public, immutable";
|
|
}
|
|
|
|
# JS files — must revalidate so a redeploy is picked up immediately.
|
|
# The static index.html links api.js with a ?v=N query string anyway,
|
|
# but defence-in-depth: never let a stale .js sit in a browser cache.
|
|
location ~* \.js$ {
|
|
expires -1;
|
|
add_header Cache-Control "no-cache, must-revalidate";
|
|
}
|
|
|
|
# HTML files - no cache
|
|
location ~* \.html?$ {
|
|
expires -1;
|
|
add_header Cache-Control "no-cache, no-store, must-revalidate";
|
|
}
|
|
|
|
# API proxy - forward to mam-api service
|
|
location /api/ {
|
|
set $api_upstream http://mam-api:3000;
|
|
client_max_body_size 0;
|
|
proxy_pass $api_upstream;
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Upgrade $http_upgrade;
|
|
proxy_set_header Connection "upgrade";
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
proxy_buffering off;
|
|
proxy_request_buffering off;
|
|
proxy_connect_timeout 300;
|
|
proxy_send_timeout 300;
|
|
proxy_read_timeout 300;
|
|
}
|
|
|
|
# Capture proxy - forward to capture service
|
|
location /capture/ {
|
|
set $capture_upstream http://capture:3001;
|
|
proxy_pass $capture_upstream;
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Upgrade $http_upgrade;
|
|
proxy_set_header Connection "upgrade";
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
proxy_buffering off;
|
|
proxy_request_buffering off;
|
|
}
|
|
|
|
# SPA fallback - try to serve file, else route to index.html
|
|
location / {
|
|
try_files $uri $uri/ /index.html;
|
|
expires -1;
|
|
add_header Cache-Control "no-cache, no-store, must-revalidate";
|
|
}
|
|
|
|
# Health check endpoint
|
|
location /health {
|
|
access_log off;
|
|
return 200 "healthy\n";
|
|
add_header Content-Type text/plain;
|
|
}
|
|
|
|
# Deny access to dotfiles
|
|
location ~ /\. {
|
|
deny all;
|
|
}
|
|
}
|