Ensure UTF8 charset spec'd in header, including for CSS files

+ Fixes #9 (hopefully - issue is very intermittent - we have a high degree of confidence in this fix, but will continue to keep an eye out). + Establish changelog. + Expand/clarify comments on some existing directives/files.
xh · Jan 14, 2022 · 199093c · 199093c
1 parent 616878b
commit 199093c
Show file tree

Hide file tree

Showing 3 changed files with 43 additions and 1 deletion.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -0,0 +1,31 @@
+# Changelog
+
+Note that the `next` tag is mutable and is rebuilt regularly with any updates to this project and 
+on a weekly schedule (to pick up ongoing updates to the official `nginx:latest` source image).
+
+Versioned builds are immutable and have locked in a given set of defaults from this project as well
+as the latest nginx version at the time of the build (recorded in the log entries below).
+
+## next - under development
+
+* Ensure UTF8 charset spec'd in header, including for CSS files.
+  See [xh-nginx/9](https://github.com/xh/xh-nginx/issues/9) - intermittent rendering issue with
+  icons.
+* nginx `latest` (version dependent on build time)
+
+## v2.0.0 / latest
+
+* Generate and pass through to proxied calls a `Jespa-Connection-Id` header, based on the source IP
+  address. This is required for apps using the Jespa library for NTLMv2 SSO to properly track
+  per-client state across a multistep auth handshake.
+* Increase proxy timeouts to five minutes to support longer-running calls to back-end APIs.
+* Increase `client_max_body_size` to `20m` to support larger POSTs, notably big grid exports.
+* Add basic useragent parsing to set `$is_mobile` and `$is_desktop` variables for use within
+  app-level directives (e.g. redirecting from / to the correct platform-specific entry URI).
+* Set `proxy_cookie_path` directive to `Secure` but also allow cross-site access.
+* nginx `v1.21.0`
+
+## v1.0.0
+
+* Initial versioned release of the base image.
+* nginx `v1.19.5`
diff --git a/includes/xh-secure-redirect.conf b/includes/xh-secure-redirect.conf
@@ -1,4 +1,6 @@
-# Rewrite requests to https - include within port 80 server block
+# Rewrite requests to https - include within port 80 server block if your app's nginx is in fact
+# serving its content via SSL. Will often *not* be the case when a load balancer or ingress is used
+# for SSL termination prior to traffic reaching the Hoist nginx layer (e.g. Rancher/K8s/AWS/Azure).
 location / {
 	return 301 https://$host$request_uri;
 }
diff --git a/xh.conf b/xh.conf
@@ -1,3 +1,8 @@
+# Standardized XH-specific nginx settings. This config partial is copied into $XH_NGINX_CONFIG_PATH
+# within this project's Dockerfile. From there it is included within the top-level `http` block,
+# typically alongside an `app.conf` config file provided by the app (with app-specific location
+# blocks and other settings).
+
 # Support compression for both static assets and proxy calls
 gzip on;
 gzip_static on;
@@ -59,6 +64,10 @@ map $http_jespa_connection_id $xh_jespa_connection_id {
     ""      $remote_addr:$remote_port;
 }
 
+# Ensure UTF8 charset spec'd in header, including for CSS files (which would not get a charset
+# header by default). See https://github.com/xh/xh-nginx/issues/9 - rendering issue with icons.
+charset utf-8;
+charset_types text/html text/css text/xml text/plain text/vnd.wap.wml application/javascript application/rss+xml;
 
 # App-level Dockerfiles must copy in an appropriate conf with server directives such as the below.