From dd72b79a81d601e24d490c197a0af97df72188f9 Mon Sep 17 00:00:00 2001 From: Izorkin Date: Tue, 1 Nov 2022 20:17:41 +0300 Subject: [PATCH] nginx: optimize locations --- dist/nginx.conf | 52 +++++++++++++++++++------------------------------ 1 file changed, 20 insertions(+), 32 deletions(-) diff --git a/dist/nginx.conf b/dist/nginx.conf index 5bb99038649..04bb71a4b51 100644 --- a/dist/nginx.conf +++ b/dist/nginx.conf @@ -65,65 +65,53 @@ server { gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript image/svg+xml image/x-icon; location / { - try_files $uri @proxy; + add_header Strict-Transport-Security 'max-age=63072000; includeSubDomains'; } # If Docker is used for deployment and Rails serves static files, - # then needed must replace line `try_files $uri =404;` with `try_files $uri @proxy;`. - location = /sw.js { - add_header Cache-Control "public, max-age=604800, must-revalidate"; - add_header Strict-Transport-Security "max-age=63072000; includeSubDomains"; - try_files $uri =404; - } - - location ~ ^/assets/ { + # then needed must uncomment line `try_files $uri @mastodon;`. + location ^~ /assets/ { + #try_files $uri @mastodon; add_header Cache-Control "public, max-age=2419200, must-revalidate"; add_header Strict-Transport-Security "max-age=63072000; includeSubDomains"; - try_files $uri =404; } - location ~ ^/avatars/ { + location ^~ /avatars/ { + #try_files $uri @mastodon; add_header Cache-Control "public, max-age=2419200, must-revalidate"; add_header Strict-Transport-Security "max-age=63072000; includeSubDomains"; - try_files $uri =404; } - location ~ ^/emoji/ { + location ^~ /emoji/ { + #try_files $uri @mastodon; add_header Cache-Control "public, max-age=2419200, must-revalidate"; add_header Strict-Transport-Security "max-age=63072000; includeSubDomains"; - try_files $uri =404; } - location ~ ^/headers/ { + location ^~ /headers/ { + #try_files $uri @mastodon; add_header Cache-Control "public, max-age=2419200, must-revalidate"; add_header Strict-Transport-Security "max-age=63072000; includeSubDomains"; - try_files $uri =404; } - location ~ ^/packs/ { + location ^~ /ocr/ { + #try_files $uri @mastodon; add_header Cache-Control "public, max-age=2419200, must-revalidate"; add_header Strict-Transport-Security "max-age=63072000; includeSubDomains"; - try_files $uri =404; } - location ~ ^/shortcuts/ { + location ^~ /packs/ { + #try_files $uri @mastodon; add_header Cache-Control "public, max-age=2419200, must-revalidate"; add_header Strict-Transport-Security "max-age=63072000; includeSubDomains"; - try_files $uri =404; } - location ~ ^/sounds/ { - add_header Cache-Control "public, max-age=2419200, must-revalidate"; - add_header Strict-Transport-Security "max-age=63072000; includeSubDomains"; - try_files $uri =404; - } - - location ~ ^/system/ { + location ^~ /system/ { + #try_files $uri @mastodon; add_header Cache-Control "public, max-age=2419200, immutable"; + add_header Content-Security-Policy "default-src 'none'; form-action 'none'"; add_header Strict-Transport-Security "max-age=63072000; includeSubDomains"; add_header X-Content-Type-Options nosniff; - add_header Content-Security-Policy "default-src 'none'; form-action 'none'"; - try_files $uri =404; } location ^~ /api/v1/streaming { @@ -140,12 +128,10 @@ server { proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $connection_upgrade; - add_header Strict-Transport-Security "max-age=63072000; includeSubDomains"; - tcp_nodelay on; } - location @proxy { + location @mastodon { proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; @@ -169,5 +155,7 @@ server { tcp_nodelay on; } + # If Docker is used for deployment and Rails serves static files, + # then needed must remove the 404 parameter. error_page 404 500 501 502 503 504 /500.html; }