perf(userfront): optimize login web loading

userfront/nginx.conf

@@ -21,11 +21,15 @@ log_format json_combined escape=json
 
 server {
     listen 5000;
+    root /usr/share/nginx/html;
+    index index.html;
     include /etc/nginx/mime.types;
     types {
         application/javascript mjs;
-        application/wasm wasm;
     }
+    etag on;
+    brotli off;
+    brotli_static on;
     
     error_log /dev/stderr warn;
     access_log /var/log/nginx/access.log json_combined;
@@ -40,35 +44,43 @@ server {
     }
 
     # --- UserFront Static Files ---
-    
-    # Disable cache for all static files to ensure updates are reflected immediately
-    location ~* \.(js|css|html|json|mjs|wasm)$ {
-        root /usr/share/nginx/html;
-        add_header Cache-Control "no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0";
+
+    # App shell and Flutter bootstrap files must revalidate on each deployment.
+    location = /index.html {
+        add_header Cache-Control "no-cache, max-age=0, must-revalidate";
+        try_files /index.html =404;
+    }
+
+    location ~* ^/(flutter_bootstrap\.js|flutter_service_worker\.js|version\.json|manifest\.json)$ {
+        add_header Cache-Control "no-cache, max-age=0, must-revalidate";
         try_files $uri =404;
     }
 
-    # dart2wasm 엔트리포인트는 module 스크립트(.mjs)로 로드되므로
-    # MIME이 정확히 내려가지 않으면 브라우저가 로딩을 차단합니다.
-    location ~* \.mjs$ {
-        root /usr/share/nginx/html;
-        default_type application/javascript;
-        add_header Cache-Control "no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0";
+    # Flutter engine files are SDK-versioned by the build and are safe to keep warm.
+    location ~* ^/canvaskit/.*\.(js|wasm)$ {
+        add_header Cache-Control "public, max-age=31536000, immutable";
         try_files $uri =404;
     }
 
-    # dart2wasm 바이너리 MIME 명시
-    location ~* \.wasm$ {
-        root /usr/share/nginx/html;
-        default_type application/wasm;
-        add_header Cache-Control "no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0";
+    # App entrypoints use content hashes after the Docker build optimization step.
+    location ~* "^/main\.dart\.[0-9a-f]{12}\.(js|mjs|wasm)$" {
+        add_header Cache-Control "public, max-age=31536000, immutable";
+        try_files $uri =404;
+    }
+
+    location ~* \.(png|ico|svg|webp|woff|woff2)$ {
+        add_header Cache-Control "public, max-age=31536000, immutable";
+        try_files $uri =404;
+    }
+
+    # Non-hashed app entrypoints keep browser cache validation without serving stale code after deploy.
+    location ~* \.(js|css|json|mjs|wasm)$ {
+        add_header Cache-Control "no-cache, max-age=0, must-revalidate";
         try_files $uri =404;
     }
 
     location / {
-        root /usr/share/nginx/html;
-        index index.html;
-        add_header Cache-Control "no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0";
+        add_header Cache-Control "no-cache, max-age=0, must-revalidate";
         try_files $uri $uri/ /index.html;
     }
 }