Which NGINX options to use for production use with current release?

[renoirb]

Things that has to be validated

• [ ] WebSockets
• [ ] Paths that can be cached w/ NGINX microcache (e.g. ^/assets)
• [ ] Anything else to ensure a quick page load
• [ ] Where should we point the root to?

  Suggested configuration

Here is the previous NGINX server block setup, is there something that has to be changed?

server {
   /**
    * WebPlatform Notes NGINX HTTP Proxy block
    *
    * Removed the following directives for brievety:
    *  * listen
    *  * ssl
    *  * ssl_certificate
    *  * ssl_certificate_key
    * 
    * Note: the notes-server checkout is in `/srv/webplatform/notes-server/`
    **/
    server_name notes.webplatform.org;
    root            /srv/webplatform/notes-server/notes_server/static/;

    server_tokens   off;

    // Temporary, to shim code that needs to be updated
    rewrite ^/app/embed.js$ https://notes.webplatform.org/embed.js permanent;

    // Let’s not put any homepage for now.
    rewrite ^/$             https://notes.webplatform.org/stream   permanent;

/*
 * This block doesnt work yet 
    location ~ ^/assets/(.*)$ {
        expires     max;
        alias           /srv/webplatform/notes-server/notes_server/static/$1;
        add_header  Access-Control-Allow-Origin *;
    }
*/

    location / {
        // Let’s stick to TCP port, eventually Notes won’t be on the same NGINX node
        proxy_pass      http://127.0.0.1:5000;
        proxy_set_header    Host            $http_host;
        proxy_set_header    X-Real-IP           $remote_addr;
        proxy_set_header    X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header    X-Forwarded-Proto   $scheme;

        # WebSocket support (nginx 1.4+)
        proxy_http_version  1.1;
        proxy_set_header    Upgrade     $http_upgrade;
        proxy_set_header    Connection  "upgrade";
    }
}

[tilgovi]

Only that /app/embed.js is now just /embed.js.

[tilgovi]

Assets is the path to cache. With production.ini the cache headers should be far future expires. The server does that. So your cache can just honor the headers.

[renoirb]

I know that /app/embed.js is now /embed.js. I had to create a 301 redirect for things I couldn’t change at the various dependencies. I should have removed that line from my example.

[renoirb]

root doesn’t work, look at screenshot at #8

[tilgovi]

root should point to notes_server/static

[tilgovi]

But unless you're going to check these configurations into this repo, should we be tracking these in issues here or just talking on IRC/email?

[tilgovi]

Like, I have no idea when or how to close this.

[tilgovi]

Or rather, the alias of the ^/assets route should point to notes_server/static

[tilgovi]

Also you should set a server_name directive on the server block or the application won't be able to trust the host header.

[renoirb]

I’m going to check them in here.

Soon enough i’ll add the salt states to build a VM to run it that’ll be used in production. Without private data, of course.

[renoirb]

I just updated the config block. It now shows a white page.

[tilgovi]

What's left to do here?

[renoirb]

location ~ ^/assets/(.*)$ {} block. If you don’t tell me, I’ll have to figure out how to address to them. Besides that, I’ll commit the nginx config soon.

[tilgovi]

You want to point it at /srv/webplatform/notes-server/notes_server/static and use tryfiles and fall back to gunicorn on 404 so that it regenerates any assets that need building.

[tilgovi]

And you should key the cache on the query string.

[tilgovi]

Bump

[renoirb]

This part is OK.