Commit Graph

106 Commits

Author SHA1 Message Date
David Taylor
f04471e422 REFACTOR: Proxy letter avatars in rails instead of nginx
Co-authored-by: Sam Saffron <sam.saffron@gmail.com>
Co-authored-by: David Taylor <david@taylorhq.com>

This gives more control over the request. In particular we can easily
lookup DNS dynamically, instead of only upon NGINX startup.
Previously, NGINX was looking up IP for the letter avatar service and
caching the CDN IP address, this caused issues if CDN changed IP, in
which letter avatars would be broken till a container restarted.

NGINX config has been updated to add caching. This change will require
a container rebuild.

The proxy will now function in development environments, so the patch
for `letter_avatar_proxy` has been removed.
2019-02-18 08:46:56 +11:00
David Taylor
56820a5fa5
PERF: Add text/javascript to NGINX gzip_types 2019-02-07 23:47:42 +00:00
Sam
1824ac9d39 PERF: cache path for svg-sprite in upcoming FA5
We need to make sure NGINX caches all paths for SVG assets,
this ensures only the first request for an svg sprite ever hits the app
2018-11-19 10:34:16 +11:00
Andrew Schleifer
581016c31f Revert "strip X-Forwarded-Host in sample"
This broke brotli_assets on a site, more testing needed.

This reverts commit 118abfad0f.
2018-11-14 12:05:21 -06:00
Andrew Schleifer
118abfad0f strip X-Forwarded-Host in sample 2018-11-13 12:44:32 -06:00
Sam Saffron
64aca0dc1b FIX: remove duplicate referrer policy
Rails already ships with strict-origin-when-cross-origin, no need
to also add no-referrer-when-downgrade

see: https://meta.discourse.org/t/harden-referrer-policy-header/100172
2018-10-24 08:38:39 +11:00
Kyle Zhao
99d1ded3b3
rename route /javascripts to /theme-javascripts (#6495) 2018-10-15 11:32:52 -04:00
Sam
abf0b1c5bd correct multisite bleed in proxy cache 2018-04-11 11:02:16 +10:00
Sam
da6c268e56 FEATURE: add request start time so we can track queueing 2018-03-26 16:29:20 +11:00
Guo Xiang Tan
d601a6b23c FIX: Support old Service Worker source file path to avoid routing errors. 2018-02-19 08:04:45 +08:00
Guo Xiang Tan
28365f8ae5 PERF: Have nginx cache and serve the service worker file. 2018-02-15 10:50:39 +08:00
Michael Brown
bec3f124dd nginx sample config: also add A-C-A-O header to font files in uploads or plugins path 2018-01-18 16:41:16 -05:00
Sam
18a929d801 PERF: enable gzip on proxied requests 2018-01-09 13:28:05 +11:00
Sam
6e70065291 PERF: add some minimal caching to javascripts folder 2018-01-09 12:38:15 +11:00
Sam
394abbe26b bump up proxy buffer size 2017-12-11 09:29:47 +11:00
Robin Ward
173aa69905 Enable compression for SVG files 2017-08-01 17:25:25 -04:00
Sam
e9e97f5bcf simplify emoji cache rule 2017-07-20 18:22:59 -04:00
Sam
89f34eb62b attempt to cache all emojis 2017-07-20 17:47:16 -04:00
Matt Palmer
c3ca281ea7 Merge pull request #4943 from mpalmer/log-http-host
Include HTTP Host header in nginx logs
2017-06-30 15:16:53 +10:00
Rafael dos Santos Silva
97b6d8664b FIX: Move Referrer Policy header to right location 2017-06-28 14:39:54 -03:00
Rafael dos Santos Silva
095a131163 FEATURE: Add default Referrer Policy header 2017-06-28 02:25:41 -03:00
Matt Palmer
90d654c46c Include HTTP Host header in nginx logs
This is crucial in multisite installations, because otherwise the nginx logs
are fairly useless, however it can also be quite handy to know what
hostnames are being sent to your site.  The variable is quoted, because it
is untrusted input (it is taken directly from the HTTP request), but nginx
helpfully escapes the quoting character automagically, so we don't have to
worry about that.

For now, the log analysis plugin *recognises* the new log format
(and continues to recognise the previous format, for backwards
compatibility), but doesn't do anything with the new log entry field.  This
means your multisite performance plugin data is still broken, but it's no
worse than it was before.
2017-06-28 14:41:02 +10:00
Régis Hanol
94a0d43f31 add 'ico' and 'webp' to image extensions list in order to bypass rails 2017-06-22 12:55:27 +02:00
Jeff Atwood
2fd1c49b88 we don't need this IE 10 tag any more, see
http://stackoverflow.com/questions/26346917/why-use-x-ua-compatible-ie-edge-anymore
2017-03-31 00:12:07 -07:00
Sam
2640b4e173 FEATURE: add hook and asset path variable 2017-03-20 12:12:22 -04:00
Sam Saffron
ef08462b33 spaces matter 2017-02-23 17:37:53 -05:00
Sam
eee22bf037 FEATURE: Add immutable cache for assets that do not update
This will eliminate revalidation of avatars, css, js and uploads on reloads on supporting browsers (at the moment firefox)
2017-02-23 12:24:47 -05:00
Régis Hanol
5e2545a578 FEATURE: improve support for (whitelisted) SVGs as images 2016-06-20 10:22:13 +02:00
Sam
ba8aec2bc3 added comment for brotli support 2016-06-07 16:58:36 +10:00
Jeff Atwood
161170aabe Merge pull request #3928 from jamielinux/nginx204
Return 204 instead of 404 for favicon.ico requests
2016-01-30 01:48:22 -08:00
Guo Xiang Tan
9f05361f14 Allow sites to set HTTP basic authentication through nginx. 2016-01-08 12:49:17 +08:00
Sam
268e0f3b2b remove http 1.1 in case it has side effects 2016-01-05 07:54:12 +11:00
Sam
b8471177dc clean up config file 2016-01-04 16:13:44 +11:00
Sam Saffron
0e2ded278d Don't buffer message bus, this allows us to stream 2016-01-04 09:56:30 +11:00
Sam Saffron
ab5cd3ad3b allow http 1.1 via proxy 2016-01-04 09:52:11 +11:00
Jamie Nguyen
eed86e9afc Do not log favicon.ico requests 2015-12-21 12:14:36 +00:00
Jamie Nguyen
e8919df110 Return 204 instead of 404 for favicon.ico requests 2015-12-21 12:13:56 +00:00
Sam
c7243bd6a2 Revert "cache cdn assets and strip cookies"
This reverts commit 18abf4f0d6.
2015-11-22 00:59:26 +11:00
Sam
18abf4f0d6 cache cdn assets and strip cookies 2015-11-22 00:33:20 +11:00
Sam
88f1a8f0b1 Merge pull request #3821 from mpalmer/letter-avatar-proxy
Proxy letter avatars by default
2015-11-19 20:02:16 +11:00
Sam Saffron
81bdd2328d FIX: stop sending a blank /favicon.ico
instead have nginx ship a 404 for it.
2015-11-17 19:34:05 +11:00
Matt Palmer
952d07599a More tweaks for the letter avatar proxy config 2015-11-06 14:14:20 +11:00
Matt Palmer
c09f345cff Proxy letter avatars by default
On sites that don't otherwise configure an avatar fallback, Discourse will
now tell the client to get its letter avatars from a location which nginx
proxies to the centralised `avatars.discourse.org` service.  This alleviates
privacy concerns, whilst still providing some degree of performance benefit
(no need for every site to delay avatar response by 300ms for image
rendering).

It is still possible to gain the benefits of global image caching and the
lower latency of requesting directly from a CDN, by explicitly changing the
`external_system_avatars_url` site setting to
`https://avatars.discourse.org/letter/{first_letter}/{color}/{size}.png`.
2015-11-06 14:13:44 +11:00
Robin Ward
2866440968 Don't cache urls with emoji in them unless they are images 2015-09-08 13:12:32 -04:00
Sam
2c59ad3dd3 FIX: favicon update broken when favicon lived on a CDN 2015-08-25 11:54:23 +10:00
Sam
abf269c5df only do magic headers for local assets, don't muck with logster's stuff 2015-08-12 18:48:34 +10:00
Robin Ward
822d77713c Put back /srv/status non-logging but include proxy details 2015-07-03 11:44:48 -04:00
Robin Ward
5f59424937 Don't disable logging for /srv/status 2015-07-03 11:02:07 -04:00
Robin Ward
cf3aa867ab Don't log /srv/status 2015-06-30 12:12:55 -04:00
Sam
db274c7969 missing $ 2015-06-16 19:30:29 +10:00