ops: Set HTTP CORS headers with caching in nginx for services

This commit is contained in:
wiz 2024-07-13 20:20:15 +09:00
parent 5a86c8c83a
commit 66c5c303b3
No known key found for this signature in database
GPG Key ID: A394E332255A6173

View File

@ -58,6 +58,36 @@ location @mempool-api-v1-services-cache-disabled {
add_header 'Pragma' 'no-cache'; add_header 'Pragma' 'no-cache';
add_header 'Cache-Control' 'private, no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0'; add_header 'Cache-Control' 'private, no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';
proxy_redirect off;
proxy_buffering off;
expires -1;
}
location @mempool-api-v1-services-cache-disabled-addcors {
proxy_pass $mempoolSpaceServices;
# remove these just in case double proxied
proxy_hide_header Onion-Location;
proxy_hide_header Strict-Transport-Security;
proxy_hide_header Content-Security-Policy;
proxy_hide_header X-Frame-Options;
# remove cache headers from services backend
proxy_hide_header Cache-Control;
proxy_hide_header Expires;
proxy_hide_header Pragma;
# pass these headers to services backend
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# add our own cache headers
add_header 'Pragma' 'no-cache';
add_header 'Cache-Control' 'private, no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';
# generate CORS configuration from origin header # generate CORS configuration from origin header
set $cors_methods 'GET, POST, PUT, DELETE, OPTIONS'; set $cors_methods 'GET, POST, PUT, DELETE, OPTIONS';
set $cors_origin 'https://mempool.space'; set $cors_origin 'https://mempool.space';
@ -116,6 +146,58 @@ location @mempool-api-v1-services-cache-short {
proxy_cache_valid 200 2s; proxy_cache_valid 200 2s;
} }
location @mempool-api-v1-services-cache-short-addcors {
proxy_pass $mempoolSpaceServices;
proxy_cache services;
proxy_redirect off;
# remove these just in case double proxied
proxy_hide_header Onion-Location;
proxy_hide_header Strict-Transport-Security;
proxy_hide_header Content-Security-Policy;
proxy_hide_header X-Frame-Options;
# pass these headers to services backend
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# remove cache headers from services backend
proxy_hide_header Cache-Control;
proxy_hide_header Expires;
proxy_hide_header Pragma;
# generate CORS configuration from origin header
set $cors_methods 'GET, POST, PUT, DELETE, OPTIONS';
set $cors_origin 'https://mempool.space';
set $cors_headers 'Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With';
set $cors_credentials 'true';
# set CORS for approved hostnames
if ($cors_approved_origin = 'legit')
{
set $cors_methods 'GET, POST, PUT, DELETE, OPTIONS';
set $cors_origin "$http_origin";
set $cors_headers 'Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With';
set $cors_credentials 'true';
}
# set CORS for approved hostnames
add_header Access-Control-Allow-Methods "$cors_methods" always;
add_header Access-Control-Allow-Origin "$cors_origin" always;
add_header Access-Control-Allow-Headers "$cors_headers" always;
add_header Access-Control-Allow-Credentials "$cors_credentials" always;
# add our own cache headers
add_header 'Pragma' 'public';
add_header 'Cache-Control' 'public';
expires 2s;
# server-side cache validity
proxy_cache_valid 200 2s;
}
location @mempool-api-v1-services-cache-medium { location @mempool-api-v1-services-cache-medium {
proxy_pass $mempoolSpaceServices; proxy_pass $mempoolSpaceServices;
proxy_cache services; proxy_cache services;