[gbm-web] redirector: Install and configure nginx for caching

[Bartłomiej Piotrowski <bpiotrowski src gnome org>]

commit 5295eaae3d8865f1e702bf1dda30ff2f55c543f0
Author: Bartłomiej Piotrowski <bpiotrowski gnome org>
Date:   Thu Oct 29 10:38:09 2020 +0100

    redirector: Install and configure nginx for caching

 redirector/Dockerfile |  6 ++++
 redirector/nginx.conf | 84 +++++++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 90 insertions(+)
---
diff --git a/redirector/Dockerfile b/redirector/Dockerfile
index ec6e596..f2c9982 100644
--- a/redirector/Dockerfile
+++ b/redirector/Dockerfile
@@ -3,6 +3,12 @@ FROM python:3.8-slim
 EXPOSE 8000
 ENV PYTHONPATH=/app
 
+RUN apt-get update && apt-get install -y nginx-light && \
+    ln -sf /dev/stdout /var/log/nginx/access.log && \
+    ln -sf /dev/stderr /var/log/nginx/error.log && \
+    apt-get clean && rm -rf /var/lib/apt/lists/*
+ADD nginx.conf /etc/nginx/nginx.conf
+
 COPY requirements.txt /requirements.txt
 RUN pip install -r /requirements.txt && rm -f /requirements.txt
 
diff --git a/redirector/nginx.conf b/redirector/nginx.conf
new file mode 100644
index 0000000..05e47c9
--- /dev/null
+++ b/redirector/nginx.conf
@@ -0,0 +1,84 @@
+worker_processes  1;
+
+error_log  /dev/stderr warn;
+pid        /tmp/nginx.pid;
+
+events {
+    worker_connections  1024;
+}
+
+http {
+    proxy_temp_path /tmp/proxy_temp;
+    client_body_temp_path /tmp/client_temp;
+    fastcgi_temp_path /tmp/fastcgi_temp;
+    uwsgi_temp_path /tmp/uwsgi_temp;
+    scgi_temp_path /tmp/scgi_temp;
+
+    include       /etc/nginx/mime.types;
+    default_type  application/octet-stream;
+
+    sendfile        on;
+    #tcp_nopush     on;
+
+    keepalive_timeout  65;
+
+    #gzip  on;
+
+    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
+                      '$status $body_bytes_sent "$http_referer" '
+                      '"$http_user_agent" "$http_x_forwarded_for"';
+    access_log  /dev/stdout  main;
+
+    proxy_cache_path /cache/ levels=1:2 keys_zone=s3cache:10m max_size=50g
+                     inactive=30d use_temp_path=off;
+
+    server {
+        listen 8080 default_server;
+        listen [::]:8080 default_server;
+
+        error_log /dev/stderr;
+
+        location / {
+            proxy_set_header Host teams.pages.gitlab.gnome.org;
+            proxy_pass https://teams.pages.gitlab.gnome.org:443/Releng/gnome-os-site/;
+        }
+
+        location /download/ {
+            proxy_intercept_errors on;
+            error_page 301 = @s3cache;
+            error_page 302 = @mirror;
+
+            proxy_pass http://localhost:8000/;
+        }
+
+        location @mirror {
+            return 301 $upstream_http_location;
+        }
+
+        location @s3cache {
+            resolver 1.1.1.1;
+            set $redirect_location '$upstream_http_location';
+
+            proxy_http_version 1.1;
+            proxy_set_header Connection "";
+            proxy_set_header Authorization '';
+            proxy_set_header Host gnome-build-meta.s3.amazonaws.com;
+            proxy_hide_header x-amz-id-2;
+            proxy_hide_header x-amz-request-id;
+            proxy_hide_header x-amz-meta-server-side-encryption;
+            proxy_hide_header x-amz-server-side-encryption;
+            proxy_hide_header Set-Cookie;
+            proxy_ignore_headers  Set-Cookie;
+            proxy_cache_revalidate on;
+            proxy_intercept_errors on;
+            proxy_pass $redirect_location;
+
+            proxy_cache s3cache;
+            proxy_cache_valid 200 15d;
+            proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
+            proxy_cache_lock on;
+            add_header Cache-Control max-age=31536000;
+            add_header X-Cache-Status $upstream_cache_status;
+        }
+    }
+}