nginx: optimize locations (#19438)
* nginx: optimize locations * nginx: don't use regex in locations * nginx: optimize Cache-Control headaers * nginx: use 404 error_page for missing static files * nginx: sort locations * nginx: add missing HSTS header
This commit is contained in:
		
							
								
								
									
										94
									
								
								dist/nginx.conf
									
									
									
									
										vendored
									
									
								
							
							
						
						
									
										94
									
								
								dist/nginx.conf
									
									
									
									
										vendored
									
									
								
							| @@ -56,16 +56,79 @@ server { | ||||
|     try_files $uri @proxy; | ||||
|   } | ||||
|  | ||||
|   location ~ ^/(emoji|packs|system/accounts/avatars|system/media_attachments/files) { | ||||
|     add_header Cache-Control "public, max-age=31536000, immutable"; | ||||
|   # If Docker is used for deployment and Rails serves static files, | ||||
|   # then needed must replace line `try_files $uri =404;` with `try_files $uri @proxy;`. | ||||
|   location = sw.js { | ||||
|     add_header Cache-Control "public, max-age=604800, must-revalidate"; | ||||
|     add_header Strict-Transport-Security "max-age=63072000; includeSubDomains"; | ||||
|     try_files $uri @proxy; | ||||
|     try_files $uri =404; | ||||
|   } | ||||
|  | ||||
|   location /sw.js { | ||||
|     add_header Cache-Control "public, max-age=0"; | ||||
|   location ~ ^/assets/ { | ||||
|     add_header Cache-Control "public, max-age=2419200, must-revalidate"; | ||||
|     add_header Strict-Transport-Security "max-age=63072000; includeSubDomains"; | ||||
|     try_files $uri @proxy; | ||||
|     try_files $uri =404; | ||||
|   } | ||||
|  | ||||
|   location ~ ^/avatars/ { | ||||
|     add_header Cache-Control "public, max-age=2419200, must-revalidate"; | ||||
|     add_header Strict-Transport-Security "max-age=63072000; includeSubDomains"; | ||||
|     try_files $uri =404; | ||||
|   } | ||||
|  | ||||
|   location ~ ^/emoji/ { | ||||
|     add_header Cache-Control "public, max-age=2419200, must-revalidate"; | ||||
|     add_header Strict-Transport-Security "max-age=63072000; includeSubDomains"; | ||||
|     try_files $uri =404; | ||||
|   } | ||||
|  | ||||
|   location ~ ^/headers/ { | ||||
|     add_header Cache-Control "public, max-age=2419200, must-revalidate"; | ||||
|     add_header Strict-Transport-Security "max-age=63072000; includeSubDomains"; | ||||
|     try_files $uri =404; | ||||
|   } | ||||
|  | ||||
|   location ~ ^/packs/ { | ||||
|     add_header Cache-Control "public, max-age=2419200, must-revalidate"; | ||||
|     add_header Strict-Transport-Security "max-age=63072000; includeSubDomains"; | ||||
|     try_files $uri =404; | ||||
|   } | ||||
|  | ||||
|   location ~ ^/shortcuts/ { | ||||
|     add_header Cache-Control "public, max-age=2419200, must-revalidate"; | ||||
|     add_header Strict-Transport-Security "max-age=63072000; includeSubDomains"; | ||||
|     try_files $uri =404; | ||||
|   } | ||||
|  | ||||
|   location ~ ^/sounds/ { | ||||
|     add_header Cache-Control "public, max-age=2419200, must-revalidate"; | ||||
|     add_header Strict-Transport-Security "max-age=63072000; includeSubDomains"; | ||||
|     try_files $uri =404; | ||||
|   } | ||||
|  | ||||
|   location ~ ^/system/ { | ||||
|     add_header Cache-Control "public, max-age=2419200, immutable"; | ||||
|     add_header Strict-Transport-Security "max-age=63072000; includeSubDomains"; | ||||
|     try_files $uri =404; | ||||
|   } | ||||
|  | ||||
|   location ^~ /api/v1/streaming/ { | ||||
|     proxy_set_header Host $host; | ||||
|     proxy_set_header X-Real-IP $remote_addr; | ||||
|     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | ||||
|     proxy_set_header X-Forwarded-Proto $scheme; | ||||
|     proxy_set_header Proxy ""; | ||||
|  | ||||
|     proxy_pass http://streaming; | ||||
|     proxy_buffering off; | ||||
|     proxy_redirect off; | ||||
|     proxy_http_version 1.1; | ||||
|     proxy_set_header Upgrade $http_upgrade; | ||||
|     proxy_set_header Connection $connection_upgrade; | ||||
|  | ||||
|     add_header Strict-Transport-Security "max-age=63072000; includeSubDomains"; | ||||
|  | ||||
|     tcp_nodelay on; | ||||
|   } | ||||
|  | ||||
|   location @proxy { | ||||
| @@ -92,22 +155,5 @@ server { | ||||
|     tcp_nodelay on; | ||||
|   } | ||||
|  | ||||
|   location /api/v1/streaming { | ||||
|     proxy_set_header Host $host; | ||||
|     proxy_set_header X-Real-IP $remote_addr; | ||||
|     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | ||||
|     proxy_set_header X-Forwarded-Proto $scheme; | ||||
|     proxy_set_header Proxy ""; | ||||
|  | ||||
|     proxy_pass http://streaming; | ||||
|     proxy_buffering off; | ||||
|     proxy_redirect off; | ||||
|     proxy_http_version 1.1; | ||||
|     proxy_set_header Upgrade $http_upgrade; | ||||
|     proxy_set_header Connection $connection_upgrade; | ||||
|  | ||||
|     tcp_nodelay on; | ||||
|   } | ||||
|  | ||||
|   error_page 500 501 502 503 504 /500.html; | ||||
|   error_page 404 500 501 502 503 504 /500.html; | ||||
| } | ||||
|   | ||||
		Reference in New Issue
	
	Block a user