diff options
| author | Yurii Izorkin <izorkin@elven.pw> | 2022-10-29 16:06:23 +0300 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-10-29 15:06:23 +0200 |
| commit | a449ee8654166609866d0b804dc11ae14205d235 (patch) | |
| tree | 305166f1c5edc2877a7b63d2155b19cb2e753ed3 /dist | |
| parent | f910f0dc92c1fb71d5c48cc18f2e6147162115c3 (diff) | |
nginx: optimize locations (#19438)
* nginx: optimize locations * nginx: don't use regex in locations * nginx: optimize Cache-Control headaers * nginx: use 404 error_page for missing static files * nginx: sort locations * nginx: add missing HSTS header
Diffstat (limited to 'dist')
| -rw-r--r-- | dist/nginx.conf | 84 |
1 files changed, 65 insertions, 19 deletions
diff --git a/dist/nginx.conf b/dist/nginx.conf index f28d7c6a8..716c277dd 100644 --- a/dist/nginx.conf +++ b/dist/nginx.conf @@ -56,58 +56,104 @@ server { try_files $uri @proxy; } - location ~ ^/(emoji|packs|system/accounts/avatars|system/media_attachments/files) { - add_header Cache-Control "public, max-age=31536000, immutable"; + # If Docker is used for deployment and Rails serves static files, + # then needed must replace line `try_files $uri =404;` with `try_files $uri @proxy;`. + location = sw.js { + add_header Cache-Control "public, max-age=604800, must-revalidate"; add_header Strict-Transport-Security "max-age=63072000; includeSubDomains"; - try_files $uri @proxy; + try_files $uri =404; } - location /sw.js { - add_header Cache-Control "public, max-age=0"; + location ~ ^/assets/ { + add_header Cache-Control "public, max-age=2419200, must-revalidate"; add_header Strict-Transport-Security "max-age=63072000; includeSubDomains"; - try_files $uri @proxy; + try_files $uri =404; } - location @proxy { + location ~ ^/avatars/ { + add_header Cache-Control "public, max-age=2419200, must-revalidate"; + add_header Strict-Transport-Security "max-age=63072000; includeSubDomains"; + try_files $uri =404; + } + + location ~ ^/emoji/ { + add_header Cache-Control "public, max-age=2419200, must-revalidate"; + add_header Strict-Transport-Security "max-age=63072000; includeSubDomains"; + try_files $uri =404; + } + + location ~ ^/headers/ { + add_header Cache-Control "public, max-age=2419200, must-revalidate"; + add_header Strict-Transport-Security "max-age=63072000; includeSubDomains"; + try_files $uri =404; + } + + location ~ ^/packs/ { + add_header Cache-Control "public, max-age=2419200, must-revalidate"; + add_header Strict-Transport-Security "max-age=63072000; includeSubDomains"; + try_files $uri =404; + } + + location ~ ^/shortcuts/ { + add_header Cache-Control "public, max-age=2419200, must-revalidate"; + add_header Strict-Transport-Security "max-age=63072000; includeSubDomains"; + try_files $uri =404; + } + + location ~ ^/sounds/ { + add_header Cache-Control "public, max-age=2419200, must-revalidate"; + add_header Strict-Transport-Security "max-age=63072000; includeSubDomains"; + try_files $uri =404; + } + + location ~ ^/system/ { + add_header Cache-Control "public, max-age=2419200, immutable"; + add_header Strict-Transport-Security "max-age=63072000; includeSubDomains"; + try_files $uri =404; + } + + location ^~ /api/v1/streaming/ { proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header Proxy ""; - proxy_pass_header Server; - proxy_pass http://backend; - proxy_buffering on; + proxy_pass http://streaming; + proxy_buffering off; proxy_redirect off; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $connection_upgrade; - proxy_cache CACHE; - proxy_cache_valid 200 7d; - proxy_cache_valid 410 24h; - proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504; - add_header X-Cached $upstream_cache_status; + add_header Strict-Transport-Security "max-age=63072000; includeSubDomains"; tcp_nodelay on; } - location /api/v1/streaming { + location @proxy { proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header Proxy ""; + proxy_pass_header Server; - proxy_pass http://streaming; - proxy_buffering off; + proxy_pass http://backend; + proxy_buffering on; proxy_redirect off; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $connection_upgrade; + proxy_cache CACHE; + proxy_cache_valid 200 7d; + proxy_cache_valid 410 24h; + proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504; + add_header X-Cached $upstream_cache_status; + tcp_nodelay on; } - error_page 500 501 502 503 504 /500.html; + error_page 404 500 501 502 503 504 /500.html; } |