From f206e70252a340876f6aa79034ee6f0454dfb9b6 Mon Sep 17 00:00:00 2001 From: Yan Date: Fri, 29 Aug 2025 17:31:46 -0700 Subject: [PATCH] serve dojo_theme/static directly via nginx --- docker-compose.yml | 1 + nginx-proxy/etc/nginx/vhost.d/default | 37 +++++++++++++++++++++++++++ 2 files changed, 38 insertions(+) diff --git a/docker-compose.yml b/docker-compose.yml index 51ddb55d6..7b39af91d 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -238,6 +238,7 @@ services: - ./nginx-proxy/etc/nginx/vhost.d:/etc/nginx/vhost.d - ./nginx-proxy/etc/nginx/conf.d/pwn-trace-id.conf:/etc/nginx/conf.d/pwn-trace-id.conf:ro - /var/run/docker.sock:/tmp/docker.sock:ro + - /opt/pwn.college/dojo_theme/static:/var/www/static:ro networks: default: workspace_net: diff --git a/nginx-proxy/etc/nginx/vhost.d/default b/nginx-proxy/etc/nginx/vhost.d/default index 0b00871ba..4540712bf 100644 --- a/nginx-proxy/etc/nginx/vhost.d/default +++ b/nginx-proxy/etc/nginx/vhost.d/default @@ -9,6 +9,43 @@ location ^~ /.well-known/acme-challenge/ { } ## End of configuration add by letsencrypt container +## Serve static files directly from nginx, fallback to CTFd for autogenerated files +location /themes/dojo_theme/static/ { + alias /var/www/static/; + + # Try to serve the file directly, if not found, proxy to CTFd + try_files $uri @ctfd_static; + + expires 1d; + add_header Cache-Control "public, immutable"; + + # Security headers + add_header X-Content-Type-Options nosniff; + add_header X-Frame-Options SAMEORIGIN; + + # Enable gzip compression for static files + gzip on; + gzip_types text/css application/javascript application/json image/svg+xml; + gzip_vary on; +} + +location @ctfd_static { + # Proxy to CTFd for autogenerated files + proxy_pass http://ctfd:8000; + proxy_http_version 1.1; + proxy_set_header Host $http_host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Host $proxy_x_forwarded_host; + proxy_set_header X-Forwarded-Proto $proxy_x_forwarded_proto; + proxy_set_header X-Forwarded-Ssl $proxy_x_forwarded_ssl; + proxy_set_header X-Forwarded-Port $proxy_x_forwarded_port; + proxy_set_header X-Original-URI $request_uri; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection $proxy_connection; + proxy_buffering off; +} + location @forward { set $redirect_uri "$upstream_http_redirect_uri"; set $redirect_auth "$upstream_http_redirect_auth";