-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathgitcdn.conf
More file actions
166 lines (145 loc) · 6.12 KB
/
gitcdn.conf
File metadata and controls
166 lines (145 loc) · 6.12 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
# gitcdn.io
# Forked from rawgithack by Pavel Puchkin: https://github.com/neoascetic/rawgithack
# servers configuration
root /var/www/html;
proxy_cache_path /var/cache/nginx/gitcdn
use_temp_path=off levels=1:2
max_size=1g inactive=7d
keys_zone=gitcdn.cache:10m;
access_log off;
log_format gitcdn '[$host $upstream_cache_status] "$request" $status "$http_referer" "$http_user_agent"';
# Fallback to gzip if Brotli is not supported
gzip on;
gzip_proxied any;
gzip_comp_level 6;
#gzip_types text/plain text/css application/javascript application/x-javascript text/xml application/xml application/xml+rss text/javascript application/ecmascript image/x-icon image/vnd.microsoft.icon image/bmp image/svg+xml image/png;
# Enable brotli compression
brotli on;
brotli_types text/plain text/css application/javascript application/x-javascript text/xml application/xml application/xml+rss text/javascript application/json application/ecmascript image/x-icon image/vnd.microsoft.icon image/bmp image/svg+xml image/png application/x-font-ttf application/vnd.ms-fontobject;
brotli_static on;
brotli_comp_level 11;
# file extension to mime-type mapping
# kind of workaround because nginx can detect mime-type only for local file
map $extension $detect_content_type {
~*^(?:appcache|manifest)$ text/cache-manifest;
~*^atom$ application/atom+xml;
~*^bat$ application/x-msdownload;
~*^coffee$ text/coffeescript;
~*^css$ text/css;
~*^csv$ text/csv;
~*^eot$ application/vnd.ms-fontobject;
~*^geojson$ application/vnd.geo+json;
~*^(?:hbs|handlebars)$ text/x-handlebars-template;
~*^htc$ text/x-component;
~*^html?$ text/html;
~*^ics$ text/calendar;
~*^jscad$ application/javascript;
~*^json$ application/json;
~*^jsonld$ application/ld+json;
~*^kml$ application/vnd.google-earth.kml+xml;
~*^(?:md|markdown)$ text/markdown;
~*^m?js$ application/javascript;
~*^mhtml$ multipart/related;
~*^n3$ text/n3;
~*^nt$ application/n-triples;
~*^otf$ font/otf;
~*^(?:owl|rdf)$ application/rdf+xml;
~*^pdf$ application/pdf;
~*^rss$ application/rss+xml;
~*^shexc?$ text/shex;
~*^svg$ image/svg+xml;
~*^swf$ application/x-shockwave-flash;
~*^tt(?:c|f)$ application/x-font-ttf;
~*^ttl$ text/turtle;
~*^vcard$ text/vcard;
~*^vcf$ text/x-vcard;
~*^vtt$ text/vtt;
~*^woff$ application/font-woff;
~*^woff2$ application/font-woff2;
~*^xht(?:ml)?$ application/xhtml+xml;
~*^xml$ text/xml;
~*^(?:xsl|xsd)$ application/xml;
~*^xslt$ application/xslt+xml;
~*^ya?ml$ text/yaml;
~*^wasm$ application/wasm;
default '';
}
# defines which extensions should include charset definition
map $extension $content_type_charset_string {
~*^(?:bat|eot|htc|kml|nt|otf|pdf|svg|swf|ttc|ttf|woff2?|wasm)$ '';
default '; charset=utf-8';
}
map $detect_content_type $detect_content_type_with_fallback {
'' $upstream_http_content_type;
default $detect_content_type$content_type_charset_string;
}
map $host $origin {
~*^gl(cdn)?.gitcdn.io$ gitlab.com;
~*^bb(cdn)?.gitcdn.io$ bitbucket.org;
~*^(cdn|raw|s1)?.?gitcdn.io$ raw.githubusercontent.com;
~*^gist(cdn)?.gitcdn.io$ gist.githubusercontent.com;
}
map "$detect_content_type:$host" $check_redirect {
~*:\w+cdn.gitcdn.io$ 0;
~*^.+: 0;
default 1;
}
map "$host:$rev" $cache_control {
~*^\w+cdn.gitcdn.io:(?!master).+$ 'max-age=315569000, public, immutable';
default 's-maxage=300, max-age=3600, public';
}
server {
listen 80;
server_name *.gitcdn.io;
access_log /var/log/nginx/access.log gitcdn;
error_log /var/log/nginx/error.log error;
location = /index.html {
ssi on;
if ($host !~ "(s1|raw)?.?gitcdn.io") {
return 301 $scheme://gitcdn.io;
}
}
location ~* ^/.+/.+/.+/(.+/)*$ {
rewrite ^(.*)/$ $1/index.html last;
}
location ~* ^/.+/.+/(?<rev>.+)/.+\.(?<extension>[a-zA-Z0-9]+)$ {
if ($check_redirect) {
add_header Content-Type text/html;
return 301 https://$origin$request_uri;
}
# to be able to resolve remote server name from a variable
resolver 9.9.9.9;
proxy_read_timeout 10s;
# caching
proxy_cache gitcdn.cache;
proxy_cache_key "$origin$uri";
proxy_cache_revalidate on;
proxy_cache_valid any 5m;
proxy_cache_use_stale updating;
proxy_cache_background_update on;
proxy_cache_lock on;
proxy_force_ranges on;
proxy_http_version 1.1;
proxy_intercept_errors on;
proxy_pass https://$origin;
# we need to hide these headers in order to redefine them
# if we don't, they will be set twice
proxy_hide_header Status;
proxy_hide_header Content-Type;
proxy_hide_header Cache-Control;
proxy_hide_header X-Frame-Options;
proxy_hide_header X-XSS-Protection;
proxy_hide_header Content-Disposition;
proxy_hide_header Content-Security-Policy;
proxy_hide_header Access-Control-Allow-Origin;
# block robots
add_header X-Robots-Tag none;
add_header Cache-Control $cache_control;
add_header Access-Control-Allow-Origin *;
add_header X-GitCDN-Cache-Status $upstream_cache_status;
if ($host ~ "cdn.gitcdn.io") {
add_header X-Served-By 'KeyCDN';
}
add_header Content-Type $detect_content_type_with_fallback;
}
}