serve dojo_theme/static directly via nginx

docker-compose.yml

@@ -238,6 +238,7 @@ services:
       - ./nginx-proxy/etc/nginx/vhost.d:/etc/nginx/vhost.d
       - ./nginx-proxy/etc/nginx/conf.d/pwn-trace-id.conf:/etc/nginx/conf.d/pwn-trace-id.conf:ro
       - /var/run/docker.sock:/tmp/docker.sock:ro
+      - /opt/pwn.college/dojo_theme/static:/var/www/static:ro
     networks:
       default:
       workspace_net:

nginx-proxy/etc/nginx/vhost.d/default

@@ -9,6 +9,43 @@ location ^~ /.well-known/acme-challenge/ {
 }
 ## End of configuration add by letsencrypt container
 
+## Serve static files directly from nginx, fallback to CTFd for autogenerated files
+location /themes/dojo_theme/static/ {
+    alias /var/www/static/;
+
+    # Try to serve the file directly, if not found, proxy to CTFd
+    try_files $uri @ctfd_static;
+
+    expires 1d;
+    add_header Cache-Control "public, immutable";
+
+    # Security headers
+    add_header X-Content-Type-Options nosniff;
+    add_header X-Frame-Options SAMEORIGIN;
+
+    # Enable gzip compression for static files
+    gzip on;
+    gzip_types text/css application/javascript application/json image/svg+xml;
+    gzip_vary on;
+}
+
+location @ctfd_static {
+    # Proxy to CTFd for autogenerated files
+    proxy_pass http://ctfd:8000;
+    proxy_http_version 1.1;
+    proxy_set_header Host $http_host;
+    proxy_set_header X-Real-IP $remote_addr;
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header X-Forwarded-Host $proxy_x_forwarded_host;
+    proxy_set_header X-Forwarded-Proto $proxy_x_forwarded_proto;
+    proxy_set_header X-Forwarded-Ssl $proxy_x_forwarded_ssl;
+    proxy_set_header X-Forwarded-Port $proxy_x_forwarded_port;
+    proxy_set_header X-Original-URI $request_uri;
+    proxy_set_header Upgrade $http_upgrade;
+    proxy_set_header Connection $proxy_connection;
+    proxy_buffering off;
+}
+
 location @forward {
     set $redirect_uri "$upstream_http_redirect_uri";
     set $redirect_auth "$upstream_http_redirect_auth";