From 6bd4bc7bdd7c7049968ee925e22b553ccd88e4b2 Mon Sep 17 00:00:00 2001
From: Alex Gleason <alex@alexgleason.me>
Date: Sun, 4 Sep 2022 11:45:45 -0500
Subject: [PATCH] Docker: configurable BACKEND_URL

---
 Dockerfile                        |  1 +
 installation/docker.conf.template | 49 ++++++++++++++++++++++++++++---
 2 files changed, 46 insertions(+), 4 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index efe959b6d..4c47eae54 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -10,5 +10,6 @@ RUN yarn build
 FROM nginx:stable-alpine
 EXPOSE 5000
 ENV PORT=5000
+ENV BACKEND_URL=http://localhost
 COPY installation/docker.conf.template /etc/nginx/templates/default.conf.template
 COPY --from=build /app/static /usr/share/nginx/html
diff --git a/installation/docker.conf.template b/installation/docker.conf.template
index d4393ad35..06fdc5096 100644
--- a/installation/docker.conf.template
+++ b/installation/docker.conf.template
@@ -2,6 +2,22 @@
 # It's intended to be used by the official nginx image, which has templating functionality.
 # Mount at: `/etc/nginx/templates/default.conf.template`
 
+map $http_upgrade $connection_upgrade {
+  default upgrade;
+  ''      close;
+}
+
+proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=CACHE:10m inactive=7d max_size=1g;
+
+server {
+  server_name localhost;
+
+  location / {
+    add_header Content-Type "application/json" always;
+    return 404 '{"error": "Not implemented"}';
+  }
+}
+
 server {
   listen ${PORT};
 
@@ -34,10 +50,9 @@ server {
     add_header Strict-Transport-Security "max-age=31536000" always;
   }
 
-  # Return 404 on API routes so Soapbox knows what to do.
-  location /api {
-    add_header Content-Type "application/json";
-    return 404 '{"error": "Not implemented"}';
+  # Backend routes
+  location ~ ^/(api|oauth|auth|admin|pghero|sidekiq|manifest.json|media|nodeinfo|unsubscribe|.well-known/(webfinger|host-meta|nodeinfo|change-password)|@(.+)/embed$) {
+    try_files /dev/null @backend;
   }
 
   # ServiceWorker: don't cache.
@@ -45,4 +60,30 @@ server {
     add_header Cache-Control "public, max-age=0";
     add_header Strict-Transport-Security "max-age=31536000" always;
   }
+
+  # Proxy to the backend.
+  location @backend {
+    proxy_set_header Host $host;
+    proxy_set_header X-Real-IP $remote_addr;
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header X-Forwarded-Proto $scheme;
+    proxy_set_header Proxy "";
+    proxy_pass_header Server;
+
+    proxy_pass ${BACKEND_URL};
+    proxy_buffering on;
+    proxy_redirect off;
+    proxy_http_version 1.1;
+    proxy_set_header Upgrade $http_upgrade;
+    proxy_set_header Connection $connection_upgrade;
+
+    proxy_cache CACHE;
+    proxy_cache_valid 200 7d;
+    proxy_cache_valid 410 24h;
+    proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
+    add_header X-Cached $upstream_cache_status;
+    add_header Strict-Transport-Security "max-age=31536000" always;
+
+    tcp_nodelay on;
+  }
 }