Add webp and negotiation

Dockerfile

@@ -24,7 +24,7 @@ RUN hugo -b https://www.chameth.com/ -v -s /tmp/site -d /tmp/hugo && \
 
 FROM debian:stretch as minify
 RUN apt-get update \
-    && DEBIAN_FRONTEND=noninteractive apt-get -qq install -y --no-install-recommends yui-compressor tidy \
+    && DEBIAN_FRONTEND=noninteractive apt-get -qq install -y --no-install-recommends yui-compressor tidy webp \
 	&& rm -rf /var/lib/apt/lists/*
 
 COPY --from=hugo /tmp/hugo /tmp/site
@@ -40,4 +40,4 @@ RUN /tmp/minify.sh
 
 FROM nginx:mainline-alpine AS nginx
 COPY --from=minify /tmp/site /usr/share/nginx/html
-ADD nginx.conf /etc/nginx/conf.d/site.conf
+ADD nginx.conf /etc/nginx/nginx.conf

minify.sh

@@ -21,3 +21,8 @@ for file in $(find /tmp/site/ -name '*.html'); do
 	# Tidy exits if there are warnings, which there probably will be...
 	tidy -q -i -w 120 -m --vertical-space yes --drop-empty-elements no "$file" || true
 done
+
+# Convert all images to WebP
+for file in $(find /tmp/site -name '*.jpg' -o -name '*.png' -o -name '*.jpeg'); do
+	cwebp -m 6 -mt -o "$file.webp" -- "$file"
+done

nginx.conf

@@ -1,15 +1,68 @@
-server_tokens off;
-
-add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
-add_header Content-Security-Policy "require-sri-for script; default-src 'none'; script-src 'self' 'sha384-m2EXauJIeXunnu9rWV0uaFjwoSeSA+jEbAKdI5sQaGiiiOwht/hOVB/8lq2JI8Bd'; img-src 'self' https://photos.chameth.com https://a.c5h.io; style-src 'self'; font-src 'self'; frame-ancestors 'none'; form-action 'none'; base-uri 'none';";
-add_header X-Frame-Options "SAMEORIGIN";
-add_header X-Content-Type-Options "nosniff";
-add_header X-XSS-Protection "1; mode=block";
-add_header Expect-CT "enforce; max-age=3600";
-add_header Referrer-Policy "no-referrer";
-
-gzip on;
-gzip_vary on;
-gzip_proxied any;
-gzip_comp_level 6;
-gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;
+user  nginx;
+worker_processes  1;
+
+error_log  /var/log/nginx/error.log warn;
+pid        /var/run/nginx.pid;
+
+
+events {
+    worker_connections  1024;
+}
+
+
+http {
+    include       /etc/nginx/mime.types;
+    default_type  application/octet-stream;
+
+    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
+                      '$status $body_bytes_sent "$http_referer" '
+                      '"$http_user_agent" "$http_x_forwarded_for"';
+
+    access_log  /var/log/nginx/access.log  main;
+
+    sendfile        on;
+
+    keepalive_timeout  65;
+
+    server_tokens off;
+
+    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
+    add_header Content-Security-Policy "require-sri-for script; default-src 'none'; script-src 'self' 'sha384-m2EXauJIeXunnu9rWV0uaFjwoSeSA+jEbAKdI5sQaGiiiOwht/hOVB/8lq2JI8Bd'; img-src 'self' https://photos.chameth.com https://a.c5h.io; style-src 'self'; font-src 'self'; frame-ancestors 'none'; form-action 'none'; base-uri 'none';";
+    add_header X-Frame-Options "SAMEORIGIN";
+    add_header X-Content-Type-Options "nosniff";
+    add_header X-XSS-Protection "1; mode=block";
+    add_header Expect-CT "enforce; max-age=3600";
+    add_header Referrer-Policy "no-referrer";
+
+    gzip on;
+    gzip_vary on;
+    gzip_proxied any;
+    gzip_comp_level 6;
+    gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;
+
+    map $http_accept $webp_suffix {
+        "~*webp"  ".webp";
+    }
+
+    server {
+        listen       80;
+        server_name  localhost;
+
+        location / {
+            root   /usr/share/nginx/html;
+            index  index.html index.htm;
+
+            location ~ \.(png|jpe?g)$ {
+                try_files $uri$webp_suffix $uri =404;
+            }
+        }
+
+        #error_page  404              /404.html;
+
+        error_page   500 502 503 504  /50x.html;
+        location = /50x.html {
+            root   /usr/share/nginx/html;
+        }
+    }
+
+}