From 894facc7e3954a832015fc49a7115a45d56a931d Mon Sep 17 00:00:00 2001
From: Yohan Boniface <yohanboniface@free.fr>
Date: Mon, 27 Feb 2023 12:32:35 +0100
Subject: [PATCH] Document x-accel-redirect and ajax-proxy cache configuration

---
 docs/ubuntu.md | 69 ++++++++++++++++++++++++++++++++++++++++++++++++--
 1 file changed, 67 insertions(+), 2 deletions(-)

diff --git a/docs/ubuntu.md b/docs/ubuntu.md
index 6f8ac33f..a2c2e2c3 100644
--- a/docs/ubuntu.md
+++ b/docs/ubuntu.md
@@ -262,17 +262,30 @@ In your local.py:
 
     UMAP_DEMO_SITE = False
     DEBUG = False
-    
+
+### Configure Nginx to serve statics and uploaded files:
+
 In your nginx config:
 
     location /static {
         autoindex off;
+        access_log off;
+        log_not_found off;
+        sendfile on;
+        gzip on;
+        gzip_vary on;
         alias /path/to/umap/var/static/;   
     }
 
     location /uploads {
         autoindex off;
-        alias /path/to/umap/var/data/;    
+        sendfile on;
+        gzip on;
+        gzip_vary on;
+        alias /path/to/umap/var/data/;
+        # Exclude direct acces to geojson, as permissions must be
+        # checked py django.
+        location /uploads/datalayer/ { return 404; }
     }
 
 ### Configure social auth
@@ -294,6 +307,9 @@ In your local.py, set `COMPRESS_ENABLED = True`, and then run the following comm
 
     umap compress
 
+Optionally add `COMPRESS_STORAGE = "compressor.storage.GzipCompressorFileStorage"`
+and add `gzip_static on` directive to Nginx `/static` location, so Nginx will
+serve pregenerated files instead of compressing them on the fly.
 
 ### Configure the site URL and short URL
 
@@ -304,6 +320,55 @@ In your local.py:
 
 Also adapt `ALLOWED_HOSTS` accordingly.
 
+### Configure X-Accel-Redirect
+
+In order to let Nginx serve the layer geojsons but uMap still check the permissions,
+you can add this settings:
+
+    UMAP_XSENDFILE_HEADER = 'X-Accel-Redirect'
+
+And then add this new location in your nginx config (before the `/` location):
+
+    location /internal/ {
+        internal;
+        gzip_vary on;
+        gzip_static on;
+        alias /path/to/umap/var/data/;
+    }
+
+### Configure ajax proxy cache
+
+In Nginx:
+
+- add the proxy cache
+
+        proxy_cache_path /tmp/nginx_ajax_proxy_cache levels=1:2 keys_zone=ajax_proxy:10m inactive=60m;
+        proxy_cache_key "$args";
+
+- add this location (before the `/` location):
+
+        location /ajax-proxy/ {
+            valid_referers server_names;
+            if ($invalid_referer) {
+                return 400;
+            }
+            add_header X-Proxy-Cache $upstream_cache_status always;
+            proxy_cache ajax_proxy;
+            proxy_cache_valid 1m;  # Default. Umap will override using X-Accel-Expires
+            gzip on;
+            gzip_proxied any;
+            gzip_types
+                application/vnd.google-earth.kml+xml
+                application/geo+json
+                application/json
+                application/javascript
+                text/xml
+                application/xml;
+            uwsgi_pass umap;
+            include /srv/umap/uwsgi_params;
+        }
+
+
 
 ## Add more tilelayers, pictograms…