Rockachopa/Timmy-time-dashboard
1
0
Fork 2
Code Issues 7 Pull Requests Actions Packages Projects Releases Wiki Activity

fix: serve AlexanderWhitestone.com as static site (#416)
Some checks failed
Tests / test (push) Has been cancelled
Details
Tests / lint (push) Has been cancelled
Details

Browse Source 
Replace auth-gated dashboard proxy with static file serving for The Wizard's Tower — two rooms (Workshop + Scrolls), no auth, no tracking, proper caching headers for 3D assets and RSS feed.

Fixes #211

Co-authored-by: kimi <kimi@localhost>
Reviewed-on: http://localhost:3000/rockachopa/Timmy-time-dashboard/pulls/416
Co-authored-by: Kimi Agent <kimi@timmy.local>
Co-committed-by: Kimi Agent <kimi@timmy.local>
This commit was merged in pull request #416.
This commit is contained in:
Kimi Agent
2026-03-19 03:22:23 -04:00
committed by rockachopa
parent 9b8ad3629a
commit 63e4542f31
1 changed files with 65 additions and 32 deletions
Download Patch File Download Diff File Expand all files Collapse all files

97
nginx-paperclip.conf
View File

@@ -1,42 +1,75 @@
# ── AlexanderWhitestone.com — The Wizard's Tower ────────────────────────────
#
# Two rooms. No hallways. No feature creep.
# /world/ — The Workshop (3D scene, Three.js)
# /blog/ — The Scrolls (static posts, RSS feed)
#
# Static-first. No tracking. No analytics. No cookie banner.
# Site root: /var/www/alexanderwhitestone.com
server { server {
listen 80; listen 80;
server_name alexanderwhitestone.com 45.55.221.244; server_name alexanderwhitestone.com www.alexanderwhitestone.com;
# Cookie-based auth gate — login once, cookie lasts 7 days root /var/www/alexanderwhitestone.com;
location = /_auth { index index.html;
internal;
proxy_pass http://127.0.0.1:9876; # ── Security headers ────────────────────────────────────────────────────
proxy_pass_request_body off; add_header X-Content-Type-Options nosniff always;
proxy_set_header Content-Length ""; add_header X-Frame-Options SAMEORIGIN always;
proxy_set_header X-Original-URI $request_uri; add_header Referrer-Policy strict-origin-when-cross-origin always;
proxy_set_header Cookie $http_cookie; add_header X-XSS-Protection "1; mode=block" always;
proxy_set_header Authorization $http_authorization;
# ── Gzip for text assets ────────────────────────────────────────────────
gzip on;
gzip_types text/plain text/css text/xml text/javascript
application/javascript application/json application/xml
application/rss+xml application/atom+xml;
gzip_min_length 256;
# ── The Workshop — 3D world assets ──────────────────────────────────────
location /world/ {
try_files $uri $uri/ /world/index.html;
# Cache 3D assets aggressively (models, textures)
location ~* \.(glb|gltf|bin|png|jpg|webp|hdr)$ {
expires 30d;
add_header Cache-Control "public, immutable";
} }
# Cache JS with revalidation (for Three.js updates)
location ~* \.js$ {
expires 7d;
add_header Cache-Control "public, must-revalidate";
}
}
# ── The Scrolls — blog posts and RSS ────────────────────────────────────
location /blog/ {
try_files $uri $uri/ =404;
}
# RSS/Atom feed — correct content type
location ~* \.(rss|atom|xml)$ {
types { }
default_type application/rss+xml;
expires 1h;
}
# ── Static assets (fonts, favicon) ──────────────────────────────────────
location /static/ {
expires 30d;
add_header Cache-Control "public, immutable";
}
# ── Entry hall ──────────────────────────────────────────────────────────
location / { location / {
auth_request /_auth; try_files $uri $uri/ =404;
# Forward the Set-Cookie from auth gate to the client
auth_request_set $auth_cookie $upstream_http_set_cookie;
add_header Set-Cookie $auth_cookie;
proxy_pass http://127.0.0.1:3100;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host localhost;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_cache_bypass $http_upgrade;
proxy_read_timeout 86400;
} }
# Return 401 with WWW-Authenticate when auth fails # Block dotfiles
error_page 401 = @login; location ~ /\. {
location @login { deny all;
proxy_pass http://127.0.0.1:9876; return 404;
proxy_set_header Authorization $http_authorization;
proxy_set_header Cookie $http_cookie;
} }
} }