Private files must take precedence before static files in nginx config,

fixes #847 (#858)

* Move general file handling to after private files to fix backup_migrate, fixes #847

* Bump nginx-php-fpm-local version for pushed image

* Give a name to the nginx-php-fpm-local tag and push it

containers/nginx-php-fpm-local/files/etc/nginx/nginx-site-backdrop.conf

@@ -65,13 +65,6 @@ server {
         expires 1h;
     }
 
-    # Media: images, icons, video, audio, HTC
-    location ~* \.(?:jpg|jpeg|gif|png|ico|cur|gz|svg|svgz|mp4|ogg|ogv|webm|htc)$ {
-        expires 1M;
-        access_log off;
-        add_header Cache-Control "public";
-    }
-
     # Prevent clients from accessing hidden files (starting with a dot)
     # This is particularly important if you store .htpasswd files in the site hierarchy
     # Access to `/.well-known/` is allowed.
@@ -97,6 +90,13 @@ server {
         try_files $uri @rewrite;
     }
 
+    # Media: images, icons, video, audio, HTC
+    location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
+        try_files $uri @rewrite;
+        expires max;
+        log_not_found off;
+    }
+
     ## provide a health check endpoint
     location /healthcheck {
         access_log off;

containers/nginx-php-fpm-local/files/etc/nginx/nginx-site-drupal6.conf

@@ -78,10 +78,10 @@ server {
     }
 
     # Media: images, icons, video, audio, HTC
-    location ~* \.(?:jpg|jpeg|gif|png|ico|cur|gz|svg|svgz|mp4|ogg|ogv|webm|htc)$ {
-        expires 1M;
-        access_log off;
-        add_header Cache-Control "public";
+    location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
+        try_files $uri @rewrite;
+        expires max;
+        log_not_found off;
     }
 
     # Prevent clients from accessing hidden files (starting with a dot)

containers/nginx-php-fpm-local/files/etc/nginx/nginx-site-drupal7.conf

@@ -70,10 +70,10 @@ server {
     }
 
     # Media: images, icons, video, audio, HTC
-    location ~* \.(?:jpg|jpeg|gif|png|ico|cur|gz|svg|svgz|mp4|ogg|ogv|webm|htc)$ {
-        expires 1M;
-        access_log off;
-        add_header Cache-Control "public";
+    location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
+        try_files $uri @rewrite;
+        expires max;
+        log_not_found off;
     }
 
     # Prevent clients from accessing hidden files (starting with a dot)
@@ -101,6 +101,13 @@ server {
         try_files $uri @rewrite;
     }
 
+    # Media: images, icons, video, audio, HTC
+    location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
+        try_files $uri @rewrite;
+        expires max;
+        log_not_found off;
+    }
+
     ## provide a health check endpoint
     location /healthcheck {
         access_log off;

containers/nginx-php-fpm-local/files/etc/nginx/nginx-site-drupal8.conf

@@ -65,13 +65,6 @@ server {
         expires 1h;
     }
 
-    # Media: images, icons, video, audio, HTC
-    location ~* \.(?:jpg|jpeg|gif|png|ico|cur|gz|svg|svgz|mp4|ogg|ogv|webm|htc)$ {
-        expires 1M;
-        access_log off;
-        add_header Cache-Control "public";
-    }
-
     # Prevent clients from accessing hidden files (starting with a dot)
     # This is particularly important if you store .htpasswd files in the site hierarchy
     # Access to `/.well-known/` is allowed.
@@ -97,6 +90,13 @@ server {
         try_files $uri @rewrite;
     }
 
+    # Media: images, icons, video, audio, HTC
+    location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
+        try_files $uri @rewrite;
+        expires max;
+        log_not_found off;
+    }
+
     ## provide a health check endpoint
     location /healthcheck {
         access_log off;

pkg/version/version.go

@@ -20,7 +20,7 @@ var DockerComposeVersionConstraint = ">= 1.10.0-alpha1"
 var WebImg = "drud/nginx-php-fpm-local"
 
 // WebTag defines the default web image tag for drud dev
-var WebTag = "v0.18.0-11-gd6cb228c" // Note that this can be overridden by make
+var WebTag = "20180515_fix_backup_migrate" // Note that this can be overridden by make
 
 // DBImg defines the default db image used for applications.
 var DBImg = "drud/mariadb-local"