community.deepfence.io.conf

proxy_cache_path /var/www/cache keys_zone=apicache:1m;

server {
    listen 80;
    server_name community.deepfence.io;

    rewrite ^/docs/threatmapper/(.*)$ /threatmapper/docs/$1 permanent;
    rewrite ^/threatmapper/docs/v2.5/(.*)$ /threatmapper/docs/$1 redirect;
    rewrite ^/threatstryker/docs/v2.5/(.*)$ /threatstryker/docs/$1 redirect;

    error_page 404 /404.html;
    location = /404.html {
        root /var/www/html;
        internal;
    }

    location /gh-cache/ {
        proxy_pass https://api.github.com/;
        proxy_set_header Host   api.github.com;

        proxy_set_header Authorization "Basic ${GITHUB_BASIC_AUTH}";

        proxy_cache apicache;
        add_header X-Cache-Status $upstream_cache_status;

        # GH responses have cache-control: private, making them uncacheable
        proxy_ignore_headers Cache-Control;

        # cache 200, 301, 302 responses for 1m
        # errors (e.g. 403 rate limit exceeded) will not be cached
        proxy_cache_valid 1m;

        # return previous valid response if we get a rate limit
        # error, or other error type
        proxy_cache_use_stale error timeout http_500 http_503 http_504 http_403 http_429;
    }

    location /dh-cache/ {
        proxy_pass https://hub.docker.com/;
        proxy_set_header Host   hub.docker.com;

        proxy_cache apicache;
        add_header X-Cache-Status $upstream_cache_status;
        add_header Access-Control-Allow-Origin *;

        # cache 200, 301, 302 responses for 1m
        # errors (e.g. 403 rate limit exceeded) will not be cached
        proxy_cache_valid 1m;

        # return previous valid response if we get a rate limit
        # error, or other error type
        proxy_cache_use_stale error timeout http_500 http_503 http_504 http_403 http_429;
    }

    location / {
        # the contents of the build process from Docusaurus
        root /var/www/html;
    }
}