From 5b3435e57dbab3c08cb3988b6a1a942893a9ad88 Mon Sep 17 00:00:00 2001
From: Robert Lemke <robert@flownative.com>
Date: Wed, 4 May 2022 12:58:37 +0200
Subject: [PATCH] Configurable lifetime for static files

This change introduces a new environment variable
NGINX_STATIC_FILES_LIFETIME which allows for configuration of the
cache lifetime controlled through the HTTP response's "expires"
header. The default expiration time is now 30 days.

Apart from Flow's static resources, additional files in the top
directory are now covered (favicon.ico, apple-touch-icon.* etc).

Resolves #7
---
 README.md                                     |  1 +
 root-files/opt/flownative/lib/nginx-legacy.sh | 30 ++++++++++++++-----
 root-files/opt/flownative/lib/nginx.sh        |  2 ++
 3 files changed, 26 insertions(+), 7 deletions(-)

diff --git a/README.md b/README.md
index 9ac636d..2e6b608 100644
--- a/README.md
+++ b/README.md
@@ -69,6 +69,7 @@ for possible values. The default value is `warn`.
 | BEACH_NGINX_CUSTOM_METRICS_SOURCE_PATH   | string  | /metrics                              | Path where metrics are located                                                                      |
 | BEACH_NGINX_CUSTOM_METRICS_TARGET_PORT   | integer | 8082                                  | Port at which Nginx should listen to provide the metrics for scraping                               |
 | BEACH_NGINX_MODE                         | string  | Flow                                  | Either "Flow" or "Static"; this variable is going to be renamed in the future                       |
+| BEACH_STATIC_RESOURCES_LIFETIME          | string  | 30d                                   | Expiration time for static resources; examples: "3600s" or "7d" or "max"
 | FLOW_HTTP_TRUSTED_PROXIES                | string  | 10.0.0.0/8                            | Nginx passes FLOW_HTTP_TRUSTED_PROXIES to the virtual host using the value of this variable         |
 
 ## Security aspects
diff --git a/root-files/opt/flownative/lib/nginx-legacy.sh b/root-files/opt/flownative/lib/nginx-legacy.sh
index d127749..231459e 100644
--- a/root-files/opt/flownative/lib/nginx-legacy.sh
+++ b/root-files/opt/flownative/lib/nginx-legacy.sh
@@ -116,9 +116,16 @@ server {
         log_not_found off;
     }
 
-    location = /favicon.ico {
+    location = /site.webmanifest {
         log_not_found off;
         access_log off;
+        expires ${NGINX_STATIC_FILES_LIFETIME};
+    }
+
+    location ~ ^/(android-chrome-.+|apple-touch-icon|favicon.*|mstile-.+|safari-pinned-tab).(png|svg|jpg|ico)$ {
+        log_not_found off;
+        access_log off;
+        expires ${NGINX_STATIC_FILES_LIFETIME};
     }
 
 EOM
@@ -184,7 +191,7 @@ EOM
     # pass persistent resource requests to GCS
     location ~* "^${BEACH_PERSISTENT_RESOURCES_BASE_PATH}([a-f0-9]{40})/" {
         resolver 8.8.8.8;
-        expires 3600;
+        expires ${NGINX_STATIC_FILES_LIFETIME};
         proxy_set_header Authorization "";
         add_header Via 'Beach Asset Proxy';
         ${addHeaderStrictTransportSecurity}
@@ -193,9 +200,9 @@ EOM
 EOM
     elif [ -n "${BEACH_PERSISTENT_RESOURCES_FALLBACK_BASE_URI}" ]; then
         cat >>"${NGINX_CONF_PATH}/sites-enabled/site.conf" <<-EOM
-    location ~* ^/_Resources/Persistent/(.*)$ {
+    location ~* "^${BEACH_PERSISTENT_RESOURCES_BASE_PATH}(.*)$ {
         access_log off;
-        expires 3600;
+        expires ${NGINX_STATIC_FILES_LIFETIME};
         add_header Via '\$hostname' always;
         ${addHeaderStrictTransportSecurity}
         try_files \$uri @fallback;
@@ -209,7 +216,16 @@ EOM
         proxy_pass \$assetUri;
     }
 EOM
-
+    else
+        cat >>"${NGINX_CONF_PATH}/sites-enabled/site.conf" <<-EOM
+    location ~* ^/_Resources/Persistent/(.*)$ {
+        access_log off;
+        expires ${NGINX_STATIC_FILES_LIFETIME};
+        add_header Via '\$hostname' always;
+        ${addHeaderStrictTransportSecurity}
+        try_files \$uri -404;
+    }
+EOM
     fi
 
     cat >>"${NGINX_CONF_PATH}/sites-enabled/site.conf" <<-EOM
@@ -221,9 +237,9 @@ EOM
 
     # for all static resources
     location ~ ^/_Resources/Static/ {
-        add_header Via '\$hostname' always;
+        add_header X-Static-Resource '\$hostname' always;
         access_log off;
-        expires 3600;
+        expires ${NGINX_STATIC_FILES_LIFETIME};
     }
 }
 EOM
diff --git a/root-files/opt/flownative/lib/nginx.sh b/root-files/opt/flownative/lib/nginx.sh
index f412869..7716b33 100755
--- a/root-files/opt/flownative/lib/nginx.sh
+++ b/root-files/opt/flownative/lib/nginx.sh
@@ -38,6 +38,8 @@ export NGINX_CACHE_BACKGROUND_UPDATE="${NGINX_CACHE_BACKGROUND_UPDATE:-off}"
 export NGINX_CUSTOM_ERROR_PAGE_CODES="${NGINX_CUSTOM_ERROR_PAGE_CODES:-500 501 502 503}"
 export NGINX_CUSTOM_ERROR_PAGE_TARGET="${NGINX_CUSTOM_ERROR_PAGE_TARGET:-}"
 
+export NGINX_STATIC_FILES_LIFETIME=${NGINX_STATIC_FILES_LIFETIME:-30d}
+
 export PATH="${PATH}:${NGINX_BASE_PATH}/bin"
 EOF
 }