feat: Cache-Control

Reviewed-on: #5

.env

@@ -1,2 +1,2 @@
 PROD_URL=chat.gmoker.com
-IMAGEAPP=docker.io/vectorim/element-web:v1.11.78
+IMAGEAPP=docker.io/vectorim/element-web:v1.11.99

compose.yaml

@@ -4,6 +4,8 @@ services:
     image: "$IMAGEAPP"
     restart: unless-stopped
     ports:
-      - "8080:80"
+      - "8080:8080"
+    environment:
+      - ELEMENT_WEB_PORT=8080
     volumes:
-      - ./config.json:/app/config.json:ro
+      - ./config/config.json:/app/config.json:ro

manifests/bin/deploy.sh

@@ -3,32 +3,34 @@ set -o pipefail
 
 function kapply() {
     for f in "$@"; do
-        kubectl apply -f \
+        kubectl apply --server-side \
-            <(envsubst "$(env | xargs printf '$%s ')" < "manifests/$f")
+            -f<(envsubst "$(env | sed 's/^/$/')" < "manifests/$f")
     done
-}
+}; export -f kapply
 
 function kcreatesec() {
-    kubectl create secret generic --save-config --dry-run=client -oyaml "$@" | kubectl apply -f-
+    kubectl apply --server-side \
-}
+        -f<(kubectl create secret generic --dry-run=client -oyaml "$@")
+}; export -f kcreatesec
 
 function kcreatecm() {
-    kubectl create configmap --dry-run=client -oyaml "$@" | kubectl apply -f-
+    kubectl apply --server-side \
-}
+        -f<(kubectl create configmap --dry-run=client -oyaml "$@")
+}; export -f kcreatecm
 
 function kgseckey() {
     local sec="$1"; shift
     local key="$1"; shift
 
-    kubectl get secret "$sec" -o jsonpath="{.data.$key}" | base64 -d
+    kubectl get secret "$sec" -ojson | jq -re ".data.\"$key\"" | base64 -d
-}
+}; export -f kgseckey
 
 function kgcmkey() {
-    local cm="$1"; shift
+    local cm="$1";  shift
     local key="$1"; shift
 
-    kubectl get configmap "$cm" -o jsonpath="{.data.$key}"
+    kubectl get configmap "$cm" -ojson | jq -re ".data.\"$key\""
-}
+}; export -f kgcmkey
 
 
 kcreatecm element --from-file=config/config.json

manifests/bin/devel.sh

@@ -1,4 +1,5 @@
 #!/bin/bash -e
+set -o pipefail
 
 export NB_REPLICAS=1
 

manifests/bin/prod.sh

@@ -1,4 +1,5 @@
 #!/bin/bash -e
+set -o pipefail
 
 export NB_REPLICAS=3
 

manifests/common/app.yaml

@@ -5,11 +5,18 @@ metadata:
   name: app
   annotations:
     cert-manager.io/cluster-issuer: letsencrypt-prod
-    gethomepage.dev/enabled: "true"
+    nginx.ingress.kubernetes.io/configuration-snippet: |
-    gethomepage.dev/instance: "$GITHUB_REF_NAME"
+      more_set_headers "X-Frame-Options: SAMEORIGIN";
-    gethomepage.dev/name: Element
+      more_set_headers "X-Content-Type-Options: nosniff";
-    gethomepage.dev/icon: element
+      more_set_headers "X-XSS-Protection: 1; mode=block";
-    gethomepage.dev/description: Secure collaboration and messaging
+      more_set_headers "Content-Security-Policy: frame-ancestors 'self'";
+
+      if ($request_uri = /) {
+        more_set_headers "Cache-Control: no-cache";
+      }
+      if ($request_uri ~* ^/(config\..*\.json|i18n|home|sites|index\.html)$) {
+        more_set_headers "Cache-Control: no-cache, no-store, must-revalidate";
+      }
 spec:
   ingressClassName: nginx
   tls:
@@ -63,7 +70,10 @@ spec:
           image: "$IMAGEAPP"
           ports:
             - name: http
-              containerPort: 80
+              containerPort: 8080
+          env:
+            - name: ELEMENT_WEB_PORT
+              value: "8080"
           volumeMounts:
             - name: config
               mountPath: /app/config.json