Added docker compose dev env, improved varnish VCL, and added favicons.

2025-07-31 15:13:19 +02:00
parent a17767f6e4
commit aa0a383b9c
12 changed files with 247 additions and 34 deletions
--- a/config/nginx/dev/localhost.conf
+++ b/config/nginx/dev/localhost.conf
@@ -0,0 +1,17 @@
 server {
  listen 80 default_server;
  listen [::]:80 default_server;
  server_name _;
  server_tokens off;
  location / {
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header Host $http_host;
    proxy_pass http://varnish:80;
    proxy_redirect off;
  }
 }
--- a/config/varnish/default.vcl
+++ b/config/varnish/default.vcl
@@ -9,52 +9,53 @@ backend default {
  .port = "5000";
 }
 acl purge {
  "localhost";
  "nginx";
  "127.0.0.1";
 }
 sub vcl_recv {
-  set req.http.Host = regsub(req.http.Host, ":[0-9]+", "");
+  if (req.method != "GET" &&
-  unset req.http.proxy;
+      req.method != "HEAD" &&
-  set req.url = std.querysort(req.url);
+      req.method != "PUT" &&
-  set req.url = regsub(req.url, "\?$", "");
+      req.method != "POST" &&
-  set req.http.Surrogate-Capability = "key=ESI/1.0";
+      req.method != "TRACE" &&
-
+      req.method != "OPTIONS" &&
-  if (req.url ~ "/purge-cache") {
+      req.method != "DELETE") {
-    if (!client.ip ~ purge) {
+        /* Non-RFC2616 or CONNECT which is weird. */
-      return(synth(403, "Not allowed."));
+        return (pipe);
    }
    ban("req.http.host == rstat.net");
    return(synth(200, "Cache cleared"));
  }
-  if (!req.http.X-Forwarded-Proto) {
+  # We only deal with GET and HEAD by default
-    if(std.port(server.ip) == 443 || std.port(server.ip) == 8443) {
+  if (req.method != "GET" && req.method != "HEAD") {
-      set req.http.X-Forwarded-Proto = "https";
+      return (pass);
    } else {
      set req.http.X-Forwarded-Proto = "https";
    }
  }
-  # Cache static files
+  set req.url = regsub(req.url, "^http[s]?://", "");
-  if (req.url ~ "^[^?]*\.(7z|avi|bmp|bz2|css|csv|doc|docx|eot|flac|flv|gif|gz|ico|jpeg|jpg|js|less|mka|mkv|mov|mp3|mp4|mpeg|mpg|odt|ogg|ogm|opus|otf|pdf|png|ppt|pptx|rar|rtf|svg|svgz|swf|tar|tbz|tgz|ttf|txt|txz|wav|webm|webp|woff|woff2|xls|xlsx|xml|xz|zip)(\?.*)?$") {
+
  # static files are always cacheable. remove SSL flag and cookie
  if (req.url ~ "^/(pub/)?(media|static)/.*\.(ico|jpg|jpeg|png|gif|tiff|bmp|mp3|ogg|svg|swf|woff|woff2|eot|ttf|otf)$") {
    unset req.http.Https;
    unset req.http.X-Forwarded-Proto;
    unset req.http.Cookie;
-    return(hash);
+    unset req.http.css;
    unset req.http.js;
  }
-  # Remove all cookies for other requests
+  return (hash);
  unset req.http.Cookie;
  return(hash);
 }
 sub vcl_hash {
  if (req.http.host) {
    hash_data(req.http.host);
  } else {
    hash_data(server.ip);
  }
  # To make sure http users don't see ssl warning
  if (req.http.X-Forwarded-Proto) {
    hash_data(req.http.X-Forwarded-Proto);
  }
 }
 sub vcl_backend_response {
-  # Cache static files and other content in Varnish for 1 min
+  set beresp.http.X-Host = bereq.http.host;
  set beresp.ttl = 1m;
  # Enable stale content serving
  set beresp.grace = 24h;
@@ -62,6 +63,30 @@ sub vcl_backend_response {
  if (beresp.http.Cache-Control) {
    set beresp.http.X-Orig-Cache-Control = beresp.http.Cache-Control;
  }
  # validate if we need to cache it and prevent from setting cookie
  # images, css and js are cacheable by default so we have to remove cookie also
  if (beresp.ttl > 0s && (bereq.method == "GET" || bereq.method == "HEAD")) {
    unset beresp.http.set-cookie;
    unset beresp.http.set-css;
    unset beresp.http.set-js;
    if (bereq.url !~ "\.(ico|jpg|jpeg|png|gif|tiff|bmp|gz|tgz|bz2|tbz|mp3|ogg|svg|swf|woff|woff2|eot|ttf|otf)(\?|$)") {
      set beresp.http.Pragma = "no-cache";
      set beresp.http.Expires = "-1";
      set beresp.http.Cache-Control = "no-store, no-cache, must-revalidate, max-age=0";
      set beresp.grace = 1m;
    }
  }
  # If page is not cacheable then bypass varnish for 2 minutes as Hit-For-Pass
  if (beresp.ttl <= 0s ||
      beresp.http.Surrogate-control ~ "no-store" ||
      (!beresp.http.Surrogate-Control && beresp.http.Vary == "*")) {
    # Mark as Hit-For-Pass for the next 2 minutes
    set beresp.ttl = 120s;
    set beresp.uncacheable = true;
  }
  return (deliver);
 }
 sub vcl_deliver {
@@ -73,4 +98,8 @@ sub vcl_deliver {
    # If no Cache-Control was set by the origin, we'll set a default
    set resp.http.Cache-Control = "no-cache, must-revalidate";
  }
  unset resp.http.Server;
  unset resp.http.Via;
  unset resp.http.Link;
 }
--- a/config/varnish/dev.vcl
+++ b/config/varnish/dev.vcl
@@ -0,0 +1,105 @@
 vcl 4.1;
 # https://github.com/varnish/toolbox/tree/master/vcls/hit-miss
 include "hit-miss.vcl";
 import std;
 backend default {
  .host = "rstat-dashboard";
  .port = "5000";
 }
 sub vcl_recv {
  if (req.method != "GET" &&
      req.method != "HEAD" &&
      req.method != "PUT" &&
      req.method != "POST" &&
      req.method != "TRACE" &&
      req.method != "OPTIONS" &&
      req.method != "DELETE") {
        /* Non-RFC2616 or CONNECT which is weird. */
        return (pipe);
  }
  # We only deal with GET and HEAD by default
  if (req.method != "GET" && req.method != "HEAD") {
      return (pass);
  }
  set req.url = regsub(req.url, "^http[s]?://", "");
  # static files are always cacheable. remove SSL flag and cookie
  if (req.url ~ "^/(pub/)?(media|static)/.*\.(ico|jpg|jpeg|png|gif|tiff|bmp|mp3|ogg|svg|swf|woff|woff2|eot|ttf|otf)$") {
    unset req.http.Https;
    unset req.http.X-Forwarded-Proto;
    unset req.http.Cookie;
    unset req.http.css;
    unset req.http.js;
  }
  return (hash);
 }
 sub vcl_hash {
  if (req.http.host) {
    hash_data(req.http.host);
  } else {
    hash_data(server.ip);
  }
  # To make sure http users don't see ssl warning
  if (req.http.X-Forwarded-Proto) {
    hash_data(req.http.X-Forwarded-Proto);
  }
 }
 sub vcl_backend_response {
  set beresp.http.X-Host = bereq.http.host;
  set beresp.ttl = 1m;
  # Enable stale content serving
  set beresp.grace = 24h;
  # Preserve the origin's Cache-Control header for client-side caching
  if (beresp.http.Cache-Control) {
    set beresp.http.X-Orig-Cache-Control = beresp.http.Cache-Control;
  }
  # validate if we need to cache it and prevent from setting cookie
  # images, css and js are cacheable by default so we have to remove cookie also
  if (beresp.ttl > 0s && (bereq.method == "GET" || bereq.method == "HEAD")) {
    unset beresp.http.set-cookie;
    unset beresp.http.set-css;
    unset beresp.http.set-js;
    if (bereq.url !~ "\.(ico|jpg|jpeg|png|gif|tiff|bmp|gz|tgz|bz2|tbz|mp3|ogg|svg|swf|woff|woff2|eot|ttf|otf)(\?|$)") {
      set beresp.http.Pragma = "no-cache";
      set beresp.http.Expires = "-1";
      set beresp.http.Cache-Control = "no-store, no-cache, must-revalidate, max-age=0";
      set beresp.grace = 1m;
    }
  }
  # If page is not cacheable then bypass varnish for 2 minutes as Hit-For-Pass
  if (beresp.ttl <= 0s ||
      beresp.http.Surrogate-control ~ "no-store" ||
      (!beresp.http.Surrogate-Control && beresp.http.Vary == "*")) {
    # Mark as Hit-For-Pass for the next 2 minutes
    set beresp.ttl = 120s;
    set beresp.uncacheable = true;
  }
  return (deliver);
 }
 sub vcl_deliver {
  # Restore the origin's Cache-Control header for the browser
  if (resp.http.X-Orig-Cache-Control) {
    set resp.http.Cache-Control = resp.http.X-Orig-Cache-Control;
    unset resp.http.X-Orig-Cache-Control;
  } else {
    # If no Cache-Control was set by the origin, we'll set a default
    set resp.http.Cache-Control = "no-cache, must-revalidate";
  }
  unset resp.http.Server;
  unset resp.http.Via;
  unset resp.http.Link;
 }
--- a/docker-compose-dev.yml
+++ b/docker-compose-dev.yml
@@ -0,0 +1,31 @@
 name: rstat
 services:
  rstat-dashboard:
    build:
      context: .
      dockerfile: Dockerfile
    restart: always
    volumes:
      - ./reddit_stocks.db:/usr/src/app/reddit_stocks.db:ro
    ports:
      - "5000:5000"
  nginx:
    image: nginx:1.29.0
    restart: always
    volumes:
      - ./config/nginx/dev:/etc/nginx/conf.d:ro
      - ./public:/usr/share/nginx:ro
    ports:
      - "80:80"
  varnish:
    image: varnish:7.7.1
    restart: always
    volumes:
      - ./config/varnish/dev.vcl:/etc/varnish/default.vcl:ro"
      - ./config/varnish/hit-miss.vcl:/etc/varnish/hit-miss.vcl:ro"
    tmpfs:
      - /var/lib/varnish/varnishd:exec
--- a/static/apple-touch-icon.png
+++ b/static/apple-touch-icon.png
--- a/static/favicon-96x96.png
+++ b/static/favicon-96x96.png
--- a/static/favicon.ico
+++ b/static/favicon.ico
--- a/static/favicon.svg
+++ b/static/favicon.svg
@@ -0,0 +1,3 @@
 <svg xmlns="http://www.w3.org/2000/svg" version="1.1" xmlns:xlink="http://www.w3.org/1999/xlink" width="200" height="200"><svg xmlns="http://www.w3.org/2000/svg" version="1.1" xmlns:xlink="http://www.w3.org/1999/xlink" viewBox="0 0 200 200"><rect width="200" height="200" fill="url('#gradient')"></rect><defs><linearGradient id="SvgjsLinearGradient1001" gradientTransform="rotate(45 0.5 0.5)"><stop offset="0%" stop-color="#697f83"></stop><stop offset="100%" stop-color="#161f2f"></stop></linearGradient></defs><g><g fill="#b1d6bb" transform="matrix(12.518681318681319,0,0,12.518681318681319,14.808730859284879,189.00720071373405)" stroke="#498990" stroke-width="0.7"><path d="M8.87 0L6.36-5.02L4.50-5.02L4.50 0L1.07 0L1.07-14.22L6.67-14.22Q9.20-14.22 10.63-13.10Q12.05-11.97 12.05-9.92L12.05-9.92Q12.05-8.44 11.45-7.46Q10.85-6.48 9.57-5.88L9.57-5.88L12.54-0.15L12.54 0L8.87 0ZM4.50-11.57L4.50-7.67L6.67-7.67Q7.65-7.67 8.14-8.18Q8.63-8.69 8.63-9.61Q8.63-10.53 8.13-11.05Q7.64-11.57 6.67-11.57L6.67-11.57L4.50-11.57Z"></path></g></g></svg><style>@media (prefers-color-scheme: light) { :root { filter: none; } }
@media (prefers-color-scheme: dark) { :root { filter: none; } }
 </style></svg>
--- a/static/site.webmanifest
+++ b/static/site.webmanifest
@@ -0,0 +1,21 @@
 {
  "name": "MyWebSite",
  "short_name": "MySite",
  "icons": [
    {
      "src": "/web-app-manifest-192x192.png",
      "sizes": "192x192",
      "type": "image/png",
      "purpose": "maskable"
    },
    {
      "src": "/web-app-manifest-512x512.png",
      "sizes": "512x512",
      "type": "image/png",
      "purpose": "maskable"
    }
  ],
  "theme_color": "#ffffff",
  "background_color": "#ffffff",
  "display": "standalone"
 }
--- a/static/web-app-manifest-192x192.png
+++ b/static/web-app-manifest-192x192.png
--- a/static/web-app-manifest-512x512.png
+++ b/static/web-app-manifest-512x512.png
--- a/templates/dashboard_base.html
+++ b/templates/dashboard_base.html
@@ -5,6 +5,13 @@
    <meta charset="UTF-8">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title>{% block title %}RSTAT Dashboard{% endblock %}</title>
    <link rel="icon" type="image/png" href="{{ url_for('static', filename='favicon-96x96.png') }}" sizes="96x96" />
    <link rel="icon" href="{{ url_for('static', filename='favicon.ico') }}">
    <link rel="shortcut icon" type="image/svg+xml" href="{{ url_for('static', filename='favicon.svg') }}">
    <link rel="apple-touch-icon" sizes="180x180" href="{{ url_for('static', filename='apple-touch-icon.png') }}" />
    <link rel="manifest" href="{{ url_for('static', filename='site.webmanifest') }}" />
    <link rel="preconnect" href="https://fonts.googleapis.com">
    <link rel="preconnect" href="https://fonts.gstatic.com" crossorigin>
    <link href="https://fonts.googleapis.com/css2?family=Inter:wght@400;500;600;700;800&display=swap" rel="stylesheet">