cdn assets

assetcheck.php

<?php
// wait until the file requested exists.
// requires nginx auth_request and http_gzip_static modules

//only answer requests for files that are in this folder:
$asset_root = '/var/www/global-asset-store/'; 

$path = parse_url($_SERVER['REQUEST_URI'], PHP_URL_PATH);
$document_root = $_SERVER['DOCUMENT_ROOT'];
$computed_path = $document_root.$path;

if (file_exists($computed_path.'.gz'))
	die();

$endtime = time() + 5; //s
$waitstep = 10; //ms
while (time() < $endtime) {
	if (file_exists($computed_path) && strpos(realpath($computed_path), realpath($asset_root)) === 0) 
		break;
	usleep($waitstep * 1000);
	$waitstep *= 2;
}
if (!realpath($computed_path) || strpos(realpath($computed_path), realpath($asset_root)) !== 0) {
	die();
}
if (file_exists($computed_path) && !file_exists($computed_path.'gz')) {
	$ext = pathinfo($computed_path, PATHINFO_EXTENSION);
	if (in_array(strtolower($ext), array('js', 'jsm', 'htm', 'html', 'json', 'css', 'txt', 'log', 'eot')))
		exec('gzip -f9 "'.$computed_path.'"');
}
?>

cdn assets nginx config

map $status $asset_cache_level {
    ~^2 "public,max-age=2592000,immutable,stale-if-error=2592000,stale-while-revalidate=2592000";
	default "private,no-cache";
}
server {
...
	location /byond-assets {
		auth_request /rauth/assetcheck.php;
		add_header Cache-Control $asset_cache_level always;
		gzip_static on;
		gunzip on;
		location ~* \.(eot|otf|ttf|woff|woff2)$ {
			auth_request /rauth/assetcheck.php;
			add_header Cache-Control $asset_cache_level always;
			gzip_static on;
			gunzip on;
			if ($request_method = 'OPTIONS') {
				add_header 'Access-Control-Allow-Origin' '*';
				add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
				#
				# Custom headers and headers various browsers *should* be OK with but aren't
				#
				add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';
				#
				# Tell client that this pre-flight info is valid for 20 days
				#
				add_header 'Access-Control-Max-Age' 1728000;
				add_header 'Content-Type' 'text/plain; charset=utf-8';
				add_header 'Content-Length' 0;
				return 204;
			}
			if ($request_method = 'POST') {
				add_header 'Access-Control-Allow-Origin' '*';
				add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
				add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';
				add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range';
			}
			if ($request_method = 'GET') {
				add_header 'Access-Control-Allow-Origin' '*';
				add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
				add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';
				add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range';
			}
		}
	}
	location /rauth/ {
		internal;
		fastcgi_split_path_info ^(.+\.php)(/.+)$;
		include fastcgi_params;
		fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
		fastcgi_intercept_errors on;
		fastcgi_pass_request_body off;
		fastcgi_param CONTENT_LENGTH 0;
		fastcgi_read_timeout 600;
		fastcgi_pass unix:/var/run/php5-fpm.tgstation13-org.sock;
	}
}