nginx: split nginx configs to common parts

Also create separated reverse_proxy config so it is more clear what it needs to contain.

nginx/development

@@ -42,53 +42,5 @@ server {
     proxy_no_cache      $cookie_sessionid;
     proxy_cache_bypass  $cookie_sessionid;
 
-    # tell the web container the address of the outside client
-    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-    proxy_set_header Host $host;
-    proxy_redirect off;
-
-    # rate limit the login or password reset pages
-    location ~ ^/(login[^-/]|password-reset|resend-link|2fa-check) {
-        limit_req zone=loginlimit;
-        proxy_pass http://web;
-    }
-
-    # do not log periodic polling requests from logged in users
-    location /api/updates/ {
-        access_log off;
-        proxy_pass http://web;
-    }
-
-    # forward any cache misses or bypass to the web container
-    location / {
-        proxy_pass http://web;
-    }
-
-    # directly serve static files from the
-    # bookwyrm filesystem using sendfile.
-    # make the logs quieter by not reporting these requests
-    location /static/ {
-        root /app;
-        try_files $uri =404;
-        add_header X-Cache-Status STATIC;
-        access_log off;
-    }
-
-    # same with image files not in static folder
-    location /images/ {
-        location ~ \.(bmp|ico|jpg|jpeg|png|svg|tif|tiff|webp)$ {
-            root /app;
-            try_files $uri =404;
-            add_header X-Cache-Status STATIC;
-            access_log off;
-        }
-        # block access to any non-image files from images
-        return 403;
-    }
-
-    # monitor the celery queues with flower, no caching enabled
-    location /flower/ {
-       proxy_pass http://flower;
-       proxy_cache_bypass 1;
-    }
+    include /etc/nginx/conf.d/locations;
 }

nginx/locations

@@ -0,0 +1,48 @@
+
+# tell the web container the address of the outside client
+proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+proxy_set_header Host $host;
+proxy_redirect off;
+
+location ~ ^/(login[^-/]|password-reset|resend-link|2fa-check) {
+    limit_req zone=loginlimit;
+    proxy_pass http://web;
+}
+
+# do not log periodic polling requests from logged in users
+location /api/updates/ {
+    access_log off;
+    proxy_pass http://web;
+}
+
+location / {
+    proxy_pass http://web;
+}
+
+# directly serve static files from the
+# bookwyrm filesystem using sendfile.
+# make the logs quieter by not reporting these requests
+location /static/ {
+    root /app;
+    try_files $uri =404;
+    add_header X-Cache-Status STATIC;
+    access_log off;
+}
+
+# same with image files not in static folder
+location /images/ {
+    location ~ \.(bmp|ico|jpg|jpeg|png|svg|tif|tiff|webp)$ {
+        root /app;
+        try_files $uri =404;
+        add_header X-Cache-Status STATIC;
+        access_log off;
+    }
+    # block access to any non-image files from images
+    return 403;
+}
+
+# monitor the celery queues with flower, no caching enabled
+location /flower/ {
+   proxy_pass http://flower;
+   proxy_cache_bypass 1;
+}

nginx/production

@@ -76,74 +76,7 @@ server {
 #     proxy_no_cache      $cookie_sessionid;
 #     proxy_cache_bypass  $cookie_sessionid;
 #
-#     # tell the web container the address of the outside client
-#     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-#     proxy_set_header Host $host;
-#     proxy_redirect off;
+#     include /etc/nginx/conf.d/locations;
 #
-#     location ~ ^/(login[^-/]|password-reset|resend-link|2fa-check) {
-#         limit_req zone=loginlimit;
-#         proxy_pass http://web;
-#     }
-#
-#     # do not log periodic polling requests from logged in users
-#     location /api/updates/ {
-#         access_log off;
-#         proxy_pass http://web;
-#     }
-#
-#     location / {
-#         proxy_pass http://web;
-#     }
-#
-#     # directly serve static files from the
-#     # bookwyrm filesystem using sendfile.
-#     # make the logs quieter by not reporting these requests
-#     location /static/ {
-#         root /app;
-#         try_files $uri =404;
-#         add_header X-Cache-Status STATIC;
-#         access_log off;
-#     }
-#
-#     # same with image files not in static folder
-#     location /images/ {
-#         location ~ \.(bmp|ico|jpg|jpeg|png|svg|tif|tiff|webp)$ {
-#             root /app;
-#             try_files $uri =404;
-#             add_header X-Cache-Status STATIC;
-#             access_log off;
-#         }
-#         # block access to any non-image files from images
-#         return 403;
-#     }
-#
-#     # monitor the celery queues with flower, no caching enabled
-#     location /flower/ {
-#        proxy_pass http://flower;
-#        proxy_cache_bypass 1;
-#     }
 # }
 
-# Reverse-Proxy server
-# server {
-#     listen [::]:8001;
-#     listen 8001;
-
-#     server_name your-domain.com www.your-domain.com;
-
-#     location / {
-#         proxy_pass http://web;
-#         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-#         proxy_set_header Host $host;
-#         proxy_redirect off;
-#     }
-
-#     location /images/ {
-#         alias /app/images/;
-#     }
-
-#     location /static/ {
-#         alias /app/static/;
-#     }
-# }

nginx/reverse_proxy

@@ -0,0 +1,19 @@
+include /etc/nginx/conf.d/server_config;
+
+upstream web {
+    server web:8000;
+}
+
+upstream flower{
+    server flower:8888;
+}
+
+# Reverse-Proxy server
+server {
+    listen [::]:8001;
+    listen 8001;
+
+    server_name your-domain.com www.your-domain.com;
+
+    include /etc/nginx/conf.d/locations;
+}