nginx: optimize locations (#19438)
* nginx: optimize locations * nginx: don't use regex in locations * nginx: optimize Cache-Control headaers * nginx: use 404 error_page for missing static files * nginx: sort locations * nginx: add missing HSTS headergh/stable
parent
f910f0dc92
commit
a449ee8654
|
@ -56,16 +56,79 @@ server {
|
||||||
try_files $uri @proxy;
|
try_files $uri @proxy;
|
||||||
}
|
}
|
||||||
|
|
||||||
location ~ ^/(emoji|packs|system/accounts/avatars|system/media_attachments/files) {
|
# If Docker is used for deployment and Rails serves static files,
|
||||||
add_header Cache-Control "public, max-age=31536000, immutable";
|
# then needed must replace line `try_files $uri =404;` with `try_files $uri @proxy;`.
|
||||||
|
location = sw.js {
|
||||||
|
add_header Cache-Control "public, max-age=604800, must-revalidate";
|
||||||
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains";
|
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains";
|
||||||
try_files $uri @proxy;
|
try_files $uri =404;
|
||||||
}
|
}
|
||||||
|
|
||||||
location /sw.js {
|
location ~ ^/assets/ {
|
||||||
add_header Cache-Control "public, max-age=0";
|
add_header Cache-Control "public, max-age=2419200, must-revalidate";
|
||||||
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains";
|
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains";
|
||||||
try_files $uri @proxy;
|
try_files $uri =404;
|
||||||
|
}
|
||||||
|
|
||||||
|
location ~ ^/avatars/ {
|
||||||
|
add_header Cache-Control "public, max-age=2419200, must-revalidate";
|
||||||
|
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains";
|
||||||
|
try_files $uri =404;
|
||||||
|
}
|
||||||
|
|
||||||
|
location ~ ^/emoji/ {
|
||||||
|
add_header Cache-Control "public, max-age=2419200, must-revalidate";
|
||||||
|
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains";
|
||||||
|
try_files $uri =404;
|
||||||
|
}
|
||||||
|
|
||||||
|
location ~ ^/headers/ {
|
||||||
|
add_header Cache-Control "public, max-age=2419200, must-revalidate";
|
||||||
|
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains";
|
||||||
|
try_files $uri =404;
|
||||||
|
}
|
||||||
|
|
||||||
|
location ~ ^/packs/ {
|
||||||
|
add_header Cache-Control "public, max-age=2419200, must-revalidate";
|
||||||
|
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains";
|
||||||
|
try_files $uri =404;
|
||||||
|
}
|
||||||
|
|
||||||
|
location ~ ^/shortcuts/ {
|
||||||
|
add_header Cache-Control "public, max-age=2419200, must-revalidate";
|
||||||
|
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains";
|
||||||
|
try_files $uri =404;
|
||||||
|
}
|
||||||
|
|
||||||
|
location ~ ^/sounds/ {
|
||||||
|
add_header Cache-Control "public, max-age=2419200, must-revalidate";
|
||||||
|
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains";
|
||||||
|
try_files $uri =404;
|
||||||
|
}
|
||||||
|
|
||||||
|
location ~ ^/system/ {
|
||||||
|
add_header Cache-Control "public, max-age=2419200, immutable";
|
||||||
|
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains";
|
||||||
|
try_files $uri =404;
|
||||||
|
}
|
||||||
|
|
||||||
|
location ^~ /api/v1/streaming/ {
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
|
proxy_set_header Proxy "";
|
||||||
|
|
||||||
|
proxy_pass http://streaming;
|
||||||
|
proxy_buffering off;
|
||||||
|
proxy_redirect off;
|
||||||
|
proxy_http_version 1.1;
|
||||||
|
proxy_set_header Upgrade $http_upgrade;
|
||||||
|
proxy_set_header Connection $connection_upgrade;
|
||||||
|
|
||||||
|
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains";
|
||||||
|
|
||||||
|
tcp_nodelay on;
|
||||||
}
|
}
|
||||||
|
|
||||||
location @proxy {
|
location @proxy {
|
||||||
|
@ -92,22 +155,5 @@ server {
|
||||||
tcp_nodelay on;
|
tcp_nodelay on;
|
||||||
}
|
}
|
||||||
|
|
||||||
location /api/v1/streaming {
|
error_page 404 500 501 502 503 504 /500.html;
|
||||||
proxy_set_header Host $host;
|
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
|
||||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
||||||
proxy_set_header X-Forwarded-Proto $scheme;
|
|
||||||
proxy_set_header Proxy "";
|
|
||||||
|
|
||||||
proxy_pass http://streaming;
|
|
||||||
proxy_buffering off;
|
|
||||||
proxy_redirect off;
|
|
||||||
proxy_http_version 1.1;
|
|
||||||
proxy_set_header Upgrade $http_upgrade;
|
|
||||||
proxy_set_header Connection $connection_upgrade;
|
|
||||||
|
|
||||||
tcp_nodelay on;
|
|
||||||
}
|
|
||||||
|
|
||||||
error_page 500 501 502 503 504 /500.html;
|
|
||||||
}
|
}
|
||||||
|
|
Reference in New Issue