Enable optional use of CDNs (e.g., for public-facing deployments)

[joefutrelle]

No description provided.

[rgov]

Here's a possibility. You could add a commented out include line in the nginx config pointing to a cdn.conf that looks something like this. When a request comes for a vendor-provided resource from an IP address outside the LAN, it sends a temporary redirect to the CDN:

geo $use_cdn {
    default         1;
    10.0.0.0/8      0;
    172.16.0.0/12   0;
    192.168.0.0/16  0;
}

location /static/vendor/ {
    if ($use_cdn) {
        rewrite ^/static/vendor/jquery/jquery-(.*)\.min\.js$ https://cdnjs.cloudflare.com/ajax/libs/jquery/$1/jquery.min.js;
        rewrite ^/static/vendor/mdbootstrap/(.*)$ https://cdn.jsdelivr.net/npm/[email protected]/dist/$1;
    }
}

The behavior of rewrite is to send the redirect immediately if the rewritten URL starts with https:// so we don't need break here.

This looks only at the source IP of the request, if the request is being proxied and you want to trust the X-Forwarded-For header sent by the proxy then you can add to the geo stanza trust <proxy-ip>/32.

A commonly used CDN is CDNjs.