nginx_cache.conf

worker_processes auto;

events {
    worker_connections 1024;
}

http {
    proxy_ssl_server_name on;

    proxy_cache_path /server_cache_llm levels=1:2 keys_zone=llm_cache:10m max_size=20g inactive=14d use_temp_path=off;

    proxy_cache_path /server_cache_intel levels=1:2 keys_zone=intel_cache:10m max_size=20g inactive=14d use_temp_path=off;

    error_log /dev/stdout info;

    log_format upstream_time '$remote_addr - $remote_user [$time_local] '
                             '"$request" $status $body_bytes_sent '
                             '"$http_referer" "$http_user_agent"'
                             'rt=$request_time uct="$upstream_connect_time" uht="$upstream_header_time" urt="$upstream_response_time"';

    log_format cache_log '[$time_local] ($upstream_cache_status) "$request" $status - $body_bytes_sent bytes {$remote_addr} "$http_user_agent" $request_time - $connection_requests. Auth: $http_authorization';

    log_format no_cache_log '[$time_local] (BYPASSED) "$request" $status - $body_bytes_sent bytes {$remote_addr} "$http_user_agent" $request_time - $connection_requests. Auth: $http_authorization';

    log_format mirror_log '[$time_local] (MIRROR) "$request" $status - $body_bytes_sent bytes {$remote_addr} "$http_user_agent" $request_time - $connection_requests. Auth: $http_authorization';

    log_format nvai_cache_log '[$time_local] ($upstream_cache_status) "$request" $status - $body_bytes_sent bytes {$remote_addr} "$http_user_agent" $request_time - $connection_requests. Auth: $http_authorization. Final Auth: $nvai_http_authorization';

    include /etc/nginx/conf.d/variables/*.conf;

    map $http_cache_control $cache_bypass {
        no-cache   1;
    }

    # Log to stdout and a file for searchability
    access_log /dev/stdout cache_log;
    access_log /var/log/nginx/access.log cache_log;

    error_log /dev/stdout info;
    error_log /var/log/nginx/error.log info;

    server {
        listen 80;
        server_name localhost;

        proxy_http_version 1.1;

        # Headers to Add
        # proxy_set_header Host $host;
        proxy_set_header Connection '';

        # Headers to Remove
        proxy_ignore_headers Cache-Control;
        proxy_ignore_headers "Set-Cookie";
        proxy_hide_header "Set-Cookie";

        # Proxy Buffer Config
        proxy_busy_buffers_size   1024k;
        proxy_buffers   4 512k;
        proxy_buffer_size   1024k;

        # Proxy validity
        proxy_cache_valid 200 202 14d;
        proxy_read_timeout 8m;
        proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
        proxy_cache_background_update on;
        proxy_cache_lock on;
        proxy_cache_bypass $cache_bypass;

        # Configure a resolver to use for DNS resolution. This uses the Docker DNS resolver
        # See https://tenzer.dk/nginx-with-dynamic-upstreams/ for why this is necessary
        # When considering what the "base_url" should be, consider the following:
        # - The base_url should be the unchangable part of the URL for any request tho that API
        # - If the API uses versioning, the version should be included in the base_url
        # - If the API is a subpath of a larger API, the base_url should be the path to the API
        # - Examples:
        #    - GET `https://api.first.org/data/v1/epss` => base_url=`https://api.first.org/data/v1`
        #    - GET `https://services.nvd.nist.gov/rest/json/cves/2.0` => base_url=`https://services.nvd.nist.gov/rest`

        resolver 127.0.0.11 [::1]:5353 valid=60s;

        # rewrite_log on;

        ################ Docker Compose Services #################

        # Force nginx to resolve morpheus-vuln-analysis each call to allow starting this before starting the service
        set $morpheus_vuln_analysis_upstream "http://morpheus-vuln-analysis:26466";

        location /scan {
            proxy_pass $morpheus_vuln_analysis_upstream;
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "upgrade";
            proxy_set_header Host $host;
        }

        # Include any additional routes from the routes directory
        include /etc/nginx/conf.d/routes/*.conf;


        ################### Redirect Handling ####################

        location @handle_redirects {
            # store the current state of the world so we can reuse it in a minute
            # We need to capture these values now, because as soon as we invoke
            # the proxy_* directives, these will disappear
            set $original_uri $uri;
            set $orig_loc $upstream_http_location;

            # nginx goes to fetch the value from the upstream Location header
            proxy_pass $orig_loc;
            proxy_cache llm_cache;

            # But we store the result with the cache key of the original request URI
            # so that future clients don't need to follow the redirect too
            proxy_cache_key $original_uri;
            proxy_cache_valid 200 206 14d;
        }
    }
}