From f0c53a4e5b5892a5cc2878087cd3603ee71f5754 Mon Sep 17 00:00:00 2001
From: wiz <j@wiz.biz>
Date: Wed, 12 Jan 2022 23:12:49 +0900
Subject: [PATCH] Improve nginx caching and use redirects for i18n

---
 production/nginx/http-language.conf           | 29 +++++++----
 .../location-api-v1-contributors-images.conf  | 11 +++++
 production/nginx/location-api.conf            | 42 +++++++++++-----
 production/nginx/server-bisq.conf             |  1 +
 production/nginx/server-common.conf           | 49 ++++++++++++-------
 production/nginx/server-liquid.conf           |  3 +-
 production/nginx/server-mempool.conf          |  1 +
 production/test-nginx                         | 20 +++++---
 8 files changed, 111 insertions(+), 45 deletions(-)
 create mode 100644 production/nginx/location-api-v1-contributors-images.conf

diff --git a/production/nginx/http-language.conf b/production/nginx/http-language.conf
index aacb030c4..11c3eff33 100644
--- a/production/nginx/http-language.conf
+++ b/production/nginx/http-language.conf
@@ -1,8 +1,9 @@
 map $http_accept_language $header_lang {
-	default en-US;
-	~*^en-US en-US;
-	~*^en en-US;
+	default '';
+	~*^en-US '';
+	~*^en '';
 	~*^ar ar;
+	~*^ca ca;
 	~*^cs cs;
 	~*^de de;
 	~*^es es;
@@ -11,16 +12,21 @@ map $http_accept_language $header_lang {
 	~*^ko ko;
 	~*^hi hi;
 	~*^it it;
+	~*^he he;
 	~*^ka ka;
 	~*^hu hu;
+	~*^mk mk;
 	~*^nl nl;
 	~*^ja ja;
 	~*^nb nb;
 	~*^pl pl;
 	~*^pt pt;
+	~*^ro ro;
+	~*^ru ru;
 	~*^sl sl;
 	~*^fi fi;
 	~*^sv sv;
+	~*^th th;
 	~*^tr tr;
 	~*^uk uk;
 	~*^vi vi;
@@ -28,30 +34,35 @@ map $http_accept_language $header_lang {
 }
 map $cookie_lang $lang {
 	default $header_lang;
-	~*^en-US en-US;
-	~*^en en-US;
+	~*^en-US '';
+	~*^en '';
 	~*^ar ar;
+	~*^ca ca;
 	~*^cs cs;
 	~*^de de;
 	~*^es es;
 	~*^fa fa;
 	~*^fr fr;
+	~*^ko ko;
 	~*^hi hi;
 	~*^it it;
+	~*^he he;
 	~*^ka ka;
 	~*^hu hu;
-	~*^ja ja;
-	~*^ko ko;
-	~*^nb nb;
+	~*^mk mk;
 	~*^nl nl;
+	~*^ja ja;
+	~*^nb nb;
 	~*^pl pl;
 	~*^pt pt;
+	~*^ro ro;
+	~*^ru ru;
 	~*^sl sl;
 	~*^fi fi;
 	~*^sv sv;
+	~*^th th;
 	~*^tr tr;
 	~*^uk uk;
 	~*^vi vi;
 	~*^zh zh;
 }
-
diff --git a/production/nginx/location-api-v1-contributors-images.conf b/production/nginx/location-api-v1-contributors-images.conf
new file mode 100644
index 000000000..a308e3ee1
--- /dev/null
+++ b/production/nginx/location-api-v1-contributors-images.conf
@@ -0,0 +1,11 @@
+location /api/v1/contributors/images {
+	proxy_pass https://mempool.space;
+	proxy_cache services;
+	proxy_cache_valid 200 1d;
+	expires 7d;
+	add_header Cache-Control "public, no-transform";
+	proxy_hide_header onion-location;
+	proxy_hide_header strict-transport-security;
+	proxy_hide_header content-security-policy;
+	proxy_hide_header x-frame-options;
+}
diff --git a/production/nginx/location-api.conf b/production/nginx/location-api.conf
index 75cc1f5a2..bf869f70d 100644
--- a/production/nginx/location-api.conf
+++ b/production/nginx/location-api.conf
@@ -1,18 +1,15 @@
-location /api/v1/ws {
-	proxy_pass $mempoolBackend;
-	proxy_http_version 1.1;
-	proxy_set_header Upgrade $http_upgrade;
-	proxy_set_header Connection "Upgrade";
+location /api/v1/statistics {
+	try_files /dev/null @mempool-api-v1-cache;
 }
 location /api/v1 {
-	try_files /dev/null @mempool-api-v1;
+	try_files /dev/null @mempool-api-v1-nocache;
 }
 location /api/ {
 	rewrite ^/api/(.*) /$1 break;
-	try_files /dev/null @electrs-api;
+	try_files /dev/null @electrs-api-nocache;
 }
 
-location @mempool-api-v1 {
+location @mempool-api-v1-cache {
 	proxy_pass $mempoolBackend;
 	proxy_http_version 1.1;
 
@@ -21,13 +18,35 @@ location @mempool-api-v1 {
 	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
 	proxy_set_header Upgrade $http_upgrade;
 	proxy_set_header Connection "upgrade";
+	proxy_set_header X-Forwarded-Proto $scheme;
 
 	proxy_cache_bypass $http_upgrade;
 	proxy_redirect off;
-	proxy_set_header X-Forwarded-Proto $scheme;
+	proxy_buffering off;
+
+	proxy_cache_valid any 10s;
+	expires 10s;
 }
 
-location @electrs-api {
+location @mempool-api-v1-nocache {
+	proxy_pass $mempoolBackend;
+	proxy_http_version 1.1;
+
+	proxy_set_header Host $http_host;
+	proxy_set_header X-Real-IP $remote_addr;
+	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+	proxy_set_header Upgrade $http_upgrade;
+	proxy_set_header Connection "upgrade";
+	proxy_set_header X-Forwarded-Proto $scheme;
+
+	proxy_cache_bypass $http_upgrade;
+	proxy_redirect off;
+	proxy_buffering off;
+
+	expires -1;
+}
+
+location @electrs-api-nocache {
 	proxy_pass $electrsBackend;
 	proxy_http_version 1.1;
 
@@ -36,8 +55,9 @@ location @electrs-api {
 	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
 	proxy_set_header Upgrade $http_upgrade;
 	proxy_set_header Connection "upgrade";
+	proxy_set_header X-Forwarded-Proto $scheme;
 
 	proxy_cache_bypass $http_upgrade;
 	proxy_redirect off;
-	proxy_set_header X-Forwarded-Proto $scheme;
+	proxy_buffering off;
 }
diff --git a/production/nginx/server-bisq.conf b/production/nginx/server-bisq.conf
index 2a6886f4b..999ea1725 100644
--- a/production/nginx/server-bisq.conf
+++ b/production/nginx/server-bisq.conf
@@ -1,5 +1,6 @@
 include mempool/production/nginx/server-common.conf;
 include mempool/production/nginx/location-api-v1-contributors.conf;
+include mempool/production/nginx/location-api-v1-contributors-images.conf;
 include mempool/production/nginx/location-api-v1-donations.conf;
 include mempool/production/nginx/location-api-v1-donations-images.conf;
 
diff --git a/production/nginx/server-common.conf b/production/nginx/server-common.conf
index c380831cc..1d0c23fb5 100644
--- a/production/nginx/server-common.conf
+++ b/production/nginx/server-common.conf
@@ -35,32 +35,47 @@ add_header X-Frame-Options $frameOptions;
 add_header Content-Security-Policy $contentSecurityPolicy;
 
 # enable browser and proxy caching
-add_header Cache-Control "public, no-transform";
+add_header Pragma "public";
+add_header Cache-Control "public";
 
 # vary cache if user changes language preference
 add_header Vary Accept-Language;
 add_header Vary Cookie;
 
-# fallback for all URLs i.e. /address/foo /tx/foo /block/000
-location / {
-	try_files /$lang/$uri /$lang/$uri/ $uri $uri/ /en-US/$uri @index-redirect;
+# see order of nginx location rules
+# https://stackoverflow.com/questions/5238377/nginx-location-priority
+
+# for exact / requests, redirect based on $lang
+location = / {
+	if ($lang != '') {
+		return 302 $scheme://$host/$lang$uri;
+	}
+	try_files /en-US/index.html =404;
 	expires 10m;
 }
-location /resources {
-	try_files /$lang/$uri /$lang/$uri/ $uri $uri/ /en-US/$uri @index-redirect;
-	expires 1h;
-}
-location @index-redirect {
-	rewrite (.*) /$lang/index.html;
-}
-
-# location block using regex are matched in order
 
 # used to rewrite resources from /<lang>/ to /en-US/
-       location ~ ^/(ar|bg|bs|ca|cs|da|de|et|el|es|eo|eu|fa|fr|gl|ko|hr|id|it|he|ka|lv|lt|hu|mk|ms|nl|ja|ka|no|nb|nn|pl|pt|pt-BR|ro|ru|sk|sl|sr|sh|fi|sv|th|tr|uk|vi|zh)/resources/ {
-	rewrite ^/[a-zA-Z-]*/resources/(.*) /en-US/resources/$1;
+location ~ ^/[a-z][a-z]/resources/(.*) {
+	try_files $uri /en-US/resources/$1 =404;
+        expires 1w;
 }
 # used for cookie override
-       location ~ ^/(ar|bg|bs|ca|cs|da|de|et|el|es|eo|eu|fa|fr|gl|ko|hr|id|it|he|ka|lv|lt|hu|mk|ms|nl|ja|ka|no|nb|nn|pl|pt|pt-BR|ro|ru|sk|sl|sr|sh|fi|sv|th|tr|uk|vi|zh)/ {
-	try_files $uri $uri/ /$1/index.html =404;
+location ~ ^/([a-z][a-z])$ {
+	try_files $uri /$1/index.html /en-US/index.html =404;
+        expires 10m;
+}
+location ~ ^/([a-z][a-z])/ {
+	try_files $uri /$1/index.html /en-US/index.html =404;
+        expires 10m;
+}
+
+# fallback to serving resources from en-US
+location /resources {
+	try_files $uri /en-US/$uri /en-US/index.html;
+	expires 1w;
+}
+# fallback for all URLs i.e. /address/foo /tx/foo /block/000
+location / {
+	try_files /$lang/$uri $uri /en-US/$uri /en-US/index.html =404;
+	expires 10m;
 }
diff --git a/production/nginx/server-liquid.conf b/production/nginx/server-liquid.conf
index a7161af29..8408dddb9 100644
--- a/production/nginx/server-liquid.conf
+++ b/production/nginx/server-liquid.conf
@@ -1,7 +1,8 @@
 include mempool/production/nginx/server-common.conf;
 include mempool/production/nginx/location-api-v1-contributors.conf;
-include mempool/production/nginx/location-api-v1-donations-images.conf;
+include mempool/production/nginx/location-api-v1-contributors-images.conf;
 include mempool/production/nginx/location-api-v1-donations.conf;
+include mempool/production/nginx/location-api-v1-donations-images.conf;
 include mempool/production/nginx/location-api.conf;
 include mempool/production/nginx/location-liquid-api.conf;
 include mempool/production/nginx/location-liquidtestnet-api.conf;
diff --git a/production/nginx/server-mempool.conf b/production/nginx/server-mempool.conf
index 9bbbb1b8c..276c233f3 100644
--- a/production/nginx/server-mempool.conf
+++ b/production/nginx/server-mempool.conf
@@ -1,6 +1,7 @@
 include mempool/production/nginx/server-common.conf;
 include mempool/production/nginx/location-redirects.conf;
 include mempool/production/nginx/location-api-v1-contributors.conf;
+include mempool/production/nginx/location-api-v1-contributors-images.conf;
 include mempool/production/nginx/location-api-v1-donations.conf;
 include mempool/production/nginx/location-api-v1-donations-images.conf;
 include mempool/production/nginx/location-api.conf;
diff --git a/production/test-nginx b/production/test-nginx
index fe91cd557..2216689a4 100755
--- a/production/test-nginx
+++ b/production/test-nginx
@@ -1,4 +1,4 @@
-#!/usr/bin/env zsh
+#!/usr/local/bin/zsh
 PROTO=https
 HOSTNAME=mempool.ninja
 URL_BASE=${PROTO}://${HOSTNAME}
@@ -20,17 +20,23 @@ echo "Starting tests to ${URL_BASE}"
 echo "Test locale for / with no header or cookie"
 curl -s ${URL_BASE}/ | grep '<html lang' | tr -d '\r\n' | curltest '<html lang="en-US">'
 
-echo "Test locale for / with 'ja' lang header and no cookie"
-curl -s -H 'Accept-Language: ja' ${URL_BASE}/ | grep '<html lang' | tr -d '\r\n' | curltest '<html lang="ja">'
+echo "Test locale for /ja with no header or cookie"
+curl -s ${URL_BASE}/ja | grep '<html lang' | tr -d '\r\n' | curltest '<html lang="ja">'
+
+#echo "Test locale for /ja with 'ja' lang header and 'en' lang cookie"
+#curl -s -H 'Accept-Language: ja' --cookie 'lang=en' ${URL_BASE}/ja | grep '<html lang' | tr -d '\r\n' | curltest '<html lang="en-US">'
+
+echo "Test redirect for / with 'ja' lang header and no cookie"
+curl -i -s -H 'Accept-Language: ja' ${URL_BASE}/ | grep '^location:' | tr -d '\r\n' | curltest "location: ${URL_BASE}/ja/"
 
 echo "Test locale for / with 'ja' lang header and 'en' lang cookie"
 curl -s -H 'Accept-Language: ja' --cookie 'lang=en' ${URL_BASE}/ | grep '<html lang' | tr -d '\r\n' | curltest '<html lang="en-US">'
 
-echo "Test locale for / with 'ja' lang header and 'sv' lang cookie"
-curl -s -H 'Accept-Language: ja' --cookie 'lang=sv' ${URL_BASE}/ | grep '<html lang' | tr -d '\r\n' | curltest '<html lang="sv">'
+echo "Test redirect for / with 'ja' lang header and 'sv' lang cookie"
+curl -i -s -H 'Accept-Language: ja' --cookie 'lang=sv' ${URL_BASE}/ | grep '^location:' | tr -d '\r\n' | curltest "location: ${URL_BASE}/sv/"
 
-echo "Test locale for / with 'ja' lang header and 'foo' lang cookie"
-curl -s -H 'Accept-Language: ja' --cookie 'lang=foo' ${URL_BASE}/ | grep '<html lang' | tr -d '\r\n' | curltest '<html lang="ja">'
+echo "Test redirect for / with 'ja' lang header and 'foo' lang cookie"
+curl -i -s -H 'Accept-Language: ja' --cookie 'lang=foo' ${URL_BASE}/ | grep '^location:' | tr -d '\r\n' | curltest "location: ${URL_BASE}/ja/"
 
 echo "Test rewrite for /resources/pools.json with no header and no cookie"
 curl -s -i ${URL_BASE}/resources/pools.json | grep -i content-type | tr -d '\r\n' | curltest 'content-type: application/json'