Initial commit
All checks were successful
continuous-integration/drone Build is passing

This commit is contained in:
Damillora 2023-11-17 09:11:20 +01:00
commit 97d93d7e93
3 changed files with 203 additions and 0 deletions

15
.drone.yml Normal file
View File

@ -0,0 +1,15 @@
kind: pipeline
name: default
steps:
- name: publish
image: plugins/docker
settings:
registry: registry.nanao.moe
repo: registry.nanao.moe/nanao/penpot-frontend
username:
from_secret: docker_username
password:
from_secret: docker_password
tags:
- latest

4
Dockerfile Normal file
View File

@ -0,0 +1,4 @@
FROM penpotapp/frontend:latest
COPY nginx.conf /etc/nginx/nginx.conf

184
nginx.conf Normal file
View File

@ -0,0 +1,184 @@
user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;
events {
worker_connections 2048;
# multi_accept on;
}
http {
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_requests 30;
keepalive_timeout 65;
types_hash_max_size 2048;
server_tokens off;
reset_timedout_connection on;
client_body_timeout 30s;
client_header_timeout 30s;
include /etc/nginx/mime.types;
default_type application/octet-stream;
error_log /dev/stderr;
access_log /dev/stdout;
gzip on;
gzip_vary on;
gzip_proxied any;
gzip_static on;
gzip_comp_level 4;
gzip_buffers 16 8k;
gzip_http_version 1.1;
gzip_types text/plain text/css text/javascript application/javascript application/json application/transit+json;
resolver 127.0.0.11;
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
proxy_cache_path /tmp/cache/ levels=2:2 keys_zone=penpot:20m;
proxy_cache_methods GET HEAD;
proxy_cache_valid any 48h;
proxy_cache_key "$host$request_uri";
server {
listen 80 default_server;
server_name _;
client_max_body_size 100M;
charset utf-8;
proxy_http_version 1.1;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Scheme $scheme;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
etag off;
location @handle_redirect {
set $redirect_uri "$upstream_http_location";
set $redirect_host "$upstream_http_x_host";
set $redirect_cache_control "$upstream_http_cache_control";
proxy_buffering off;
proxy_set_header Host "$redirect_host";
proxy_hide_header etag;
proxy_hide_header x-amz-id-2;
proxy_hide_header x-amz-request-id;
proxy_hide_header x-amz-meta-server-side-encryption;
proxy_hide_header x-amz-server-side-encryption;
proxy_ssl_server_name on;
proxy_pass $redirect_uri;
add_header x-internal-redirect "$redirect_uri";
add_header x-cache-control "$redirect_cache_control";
add_header cache-control "$redirect_cache_control";
}
location /assets {
proxy_pass http://penpot-backend:6060/assets;
recursive_error_pages on;
proxy_intercept_errors on;
error_page 301 302 307 = @handle_redirect;
}
location /internal/gfonts/css {
proxy_pass https://fonts.googleapis.com/css?$args;
proxy_hide_header Access-Control-Allow-Origin;
proxy_hide_header Cross-Origin-Resource-Policy;
proxy_hide_header Link;
proxy_hide_header Alt-Svc;
proxy_hide_header Cache-Control;
proxy_hide_header Expires;
proxy_ignore_headers Set-Cookie Vary Cache-Control Expires;
proxy_set_header User-Agent "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.0.0 Safari/537.36";
proxy_set_header Host "fonts.googleapis.com";
proxy_set_header Accept "*/*";
proxy_cache penpot;
add_header Access-Control-Allow-Origin $http_origin;
add_header Cache-Control max-age=86400;
add_header X-Cache-Status $upstream_cache_status;
}
location /internal/assets {
internal;
alias /opt/data/assets;
add_header x-internal-redirect "$upstream_http_x_accel_redirect";
}
location /api/export {
proxy_pass http://penpot-exporter:6061;
}
location /api {
proxy_pass http://penpot-backend:6060/api;
}
location /ws/notifications {
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_pass http://penpot-backend:6060/ws/notifications;
}
location / {
location ~ ^/internal/gfonts/font/(?<font_file>.+) {
proxy_pass https://fonts.gstatic.com/s/$font_file;
proxy_hide_header Access-Control-Allow-Origin;
proxy_hide_header Cross-Origin-Resource-Policy;
proxy_hide_header Link;
proxy_hide_header Alt-Svc;
proxy_hide_header Cache-Control;
proxy_hide_header Expires;
proxy_hide_header Cross-Origin-Opener-Policy;
proxy_hide_header Report-To;
proxy_ignore_headers Set-Cookie Vary Cache-Control Expires;
proxy_set_header User-Agent "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.0.0 Safari/537.36";
proxy_set_header Host "fonts.gstatic.com";
proxy_set_header Accept "*/*";
proxy_cache penpot;
add_header Access-Control-Allow-Origin $http_origin;
add_header Cache-Control max-age=86400;
add_header X-Cache-Status $upstream_cache_status;
}
location ~* \.(js|css).*$ {
add_header Cache-Control "max-age=86400" always; # 24 hours
}
location ~* \.(html).*$ {
add_header Cache-Control "no-cache, max-age=0" always;
}
location ~ ^/(/|css|fonts|images|js|wasm) {
}
location ~ ^/[^/]+/(.*)$ {
return 301 " /404";
}
root /var/www/app/;
try_files $uri /index.html$is_args$args =404;
}
}
}