Nginx and Astra

    Nginx is an HTTP server and reverse proxy that can be used in conjunction with Astra to offload its http server.

    http://address:port - address to original Astra process. /ramcache - directory for cache.

    Create ramcache - add to fstab:

    tmpfs    /ramcache  tmpfs  nodev,nosuid,noexec,noatime,size=5G,mpol=bind:0  0  0
    

    mount: mount -a

    Nginx virtual host configuration file:

    # Disable nginx tokens
    server_tokens off;
    
    # Cache settings
    proxy_cache_path "/ramcache" use_temp_path=off keys_zone=all:1m inactive=30s max_size=5g;
    proxy_cache_min_uses 1;
    #proxy_ignore_headers Cache-Control;
    
    # HSTS (15768000 seconds = 6 months)
    add_header Strict-Transport-Security max-age=15768000;
    add_header X-Frame-Options "DENY";
    add_header X-Content-Type-Options nosniff;
    add_header X-XSS-Protection "1; mode=block";
    
    # Allow only GET, POST, HEAD
    add_header Allow "GET, POST, HEAD" always;
    
    # Proxy pass
    #proxy_pass_header X-Accel-Expires;
    proxy_set_header Host $host;
    proxy_http_version 1.1;
    
    map $http_upgrade $connection_upgrade {
        default upgrade;
        ''      close;
    }
    
    server {
        listen 0.0.0.0:80 reuseport;
        server_name hls.test.com;
    #    access_log off;
     
        open_file_cache max=1000 inactive=20s;
        open_file_cache_valid 30s;
        open_file_cache_errors off;
     
        keepalive_timeout 300s;
        keepalive_requests 1000000;
     
        resolver 8.8.8.8;
        resolver_timeout 10s;
    
        if ( $http_user_agent ~* (nmap|nikto|wikto|sf|sqlmap|bsqlbf|w3af|acunetix|havij|appscan) ) {
            return 403;
        }
    
        if ( $request_method !~ ^(GET|POST|HEAD)$ ) {
            return 405;
        }
    
        location / {
            root /ramcache;
            try_files $request_uri @proxy_web;    
        }
     
        location ~* \.(m3u8)$ {
            proxy_cache off;
            expires -1;
            proxy_pass http://address:port;
        }
     
        location ~* \.(ts|trp)$ {
            access_log off;
            root /ramcache;
            try_files $request_uri @proxy_origin;
        }
    
         location @proxy_web {
            proxy_pass http://address:port;
            proxy_cache off;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "upgrade";
        }
     
        location @proxy_origin {
            proxy_pass http://address:port;
            proxy_cache_methods GET;
            proxy_cache all;
            proxy_cache_key $request_uri;
    #       proxy_cache_valid 200 5s;
            proxy_cache_lock on;
            proxy_cache_lock_timeout 5s;
            proxy_cache_lock_age 5s;
        }
    
        location ~ /\. {
            access_log off;
            log_not_found off;
            deny all;
        }
    
        location ~ ~$ {
            access_log off;
            log_not_found off;
            deny all;
        }
    
        location ~* (nginx-status|nginx_status)$ {
            stub_status on;
            access_log off;
            allow 127.0.0.1;
            deny all;
        }
     
    }
    

    in the Astra Settings, check the box Use Expires header