Proper static content serving, caching and https fix for url_for

bitvend/__init__.py

@@ -32,6 +32,10 @@ def create_app():
     app.config.from_object('bitvend.default_settings')
     app.config.from_pyfile(os.environ.get('BITVEND_SETTINGS', ''), silent=True)
 
+    # Use proper proxy headers, this fixes invalid scheme in
+    # url_for(_external=True)
+    from werkzeug.contrib.fixers import ProxyFix
+    app.wsgi_app = ProxyFix(app.wsgi_app)
 
     db.init_app(app)
     spaceauth.init_app(app)

deployment/nginx.site

@@ -1,11 +1,25 @@
+proxy_cache_path /tmp/nginx-cache levels=1:2 keys_zone=qrcode_cache:10m max_size=50m inactive=60m;
+
 server {
     listen 80 default_server;
     server_name vending.waw.hackerspace.pl;
 
+    proxy_set_header Host $host;
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header X-Forwarded-Proto $scheme;
+
     location / {
         proxy_pass http://127.0.0.1:5000;
-        proxy_set_header Host $host;
-        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    }
+
+    location /qrcode/ {
+        add_header X-Proxy-Cache $upstream_cache_status;
+        proxy_cache qrcode_cache;
+        proxy_pass http://127.0.0.1:5000;
+    }
+
+    location /static/ {
+        root /var/bitvend/bitvend;
     }
 
     listen 443 ssl default_server;

deployment/playbook.yml

@@ -8,6 +8,7 @@
         - python3-pillow
         - nginx
         - dehydrated
+        - git
     - user: name=bitvend home=/var/bitvend system=yes
     - synchronize: src=../../ dest=/var/bitvend
     - file: path=/var/bitvend owner=bitvend group=bitvend recurse=yes