diff options
| author | Tagadda <36127788+Tagadda@users.noreply.github.com> | 2023-07-07 23:04:37 +0200 |
|---|---|---|
| committer | Tagadda <36127788+Tagadda@users.noreply.github.com> | 2023-07-07 23:04:37 +0200 |
| commit | d29210aa754f149e56e8dd6656eb5ebb68ff4ff1 (patch) | |
| tree | 80abf289997625dfd38ec18aef2ed1da25fffa1a /conf | |
| parent | 9fa4b529c196fd7b4d704c0f3a75bf9d31636ab3 (diff) | |
| download | mastodon_ynh-d29210aa754f149e56e8dd6656eb5ebb68ff4ff1.tar.gz mastodon_ynh-d29210aa754f149e56e8dd6656eb5ebb68ff4ff1.tar.bz2 mastodon_ynh-d29210aa754f149e56e8dd6656eb5ebb68ff4ff1.zip | |
Update nginx.conf
Diffstat (limited to 'conf')
| -rw-r--r-- | conf/nginx.conf | 99 |
1 files changed, 71 insertions, 28 deletions
diff --git a/conf/nginx.conf b/conf/nginx.conf index 19c2c01..6af1000 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -1,7 +1,5 @@ -# upload max size -client_max_body_size 100M; +client_max_body_size 99m; -# add to v1.4 assets root __FINALPATH__/live/public; location / { @@ -13,56 +11,101 @@ location / { include conf.d/yunohost_panel.conf.inc; } -location ~ ^/(emoji|packs|system/accounts/avatars|system/media_attachments/files) { - more_set_headers "Cache-Control: public, max-age=31536000, immutable"; - more_set_headers "Strict-Transport-Security: max-age=31536000"; - try_files $uri @proxy; +location ~ /sw.js { + more_set_headers "Cache-Control: public, max-age=604800, must-revalidate"; + more_set_headers "Strict-Transport-Security: max-age=63072000; includeSubDomains"; + try_files $uri =404; } -location /sw.js { - more_set_headers "Cache-Control: public, max-age=0"; - more_set_headers "Strict-Transport-Security: max-age=31536000"; - try_files $uri @proxy; +location ~ ^/assets/ { + more_set_headers "Cache-Control: public, max-age=2419200, must-revalidate"; + more_set_headers "Strict-Transport-Security: max-age=63072000; includeSubDomains"; + try_files $uri =404; } -location @proxy { +location ~ ^/avatars/ { + more_set_headers "Cache-Control: public, max-age=2419200, must-revalidate"; + more_set_headers "Strict-Transport-Security: max-age=63072000; includeSubDomains"; + try_files $uri =404; +} + +location ~ ^/emoji/ { + more_set_headers "Cache-Control: public, max-age=2419200, must-revalidate"; + more_set_headers "Strict-Transport-Security: max-age=63072000; includeSubDomains"; + try_files $uri =404; +} + +location ~ ^/headers/ { + more_set_headers "Cache-Control: public, max-age=2419200, must-revalidate"; + more_set_headers "Strict-Transport-Security: max-age=63072000; includeSubDomains"; + try_files $uri =404; +} + +location ~ ^/packs/ { + more_set_headers "Cache-Control: public, max-age=2419200, must-revalidate"; + more_set_headers "Strict-Transport-Security: max-age=63072000; includeSubDomains"; + try_files $uri =404; +} + +location ~ ^/shortcuts/ { + more_set_headers "Cache-Control: public, max-age=2419200, must-revalidate"; + more_set_headers "Strict-Transport-Security: max-age=63072000; includeSubDomains"; + try_files $uri =404; +} + +location ~ ^/sounds/ { + more_set_headers "Cache-Control: public, max-age=2419200, must-revalidate"; + more_set_headers "Strict-Transport-Security: max-age=63072000; includeSubDomains"; + try_files $uri =404; +} + +location ~ ^/system/ { + more_set_headers "Cache-Control: public, max-age=2419200, immutable"; + more_set_headers "Strict-Transport-Security: max-age=63072000; includeSubDomains"; + more_set_headers "X-Content-Type-Option: nosniff"; + more_set_headers "Content-Security-Policy: default-src 'none'; form-action 'none'"; + try_files $uri =404; +} + +location ^~ /api/v1/streaming { proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto https; + proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header Proxy ""; - proxy_pass_header Server; - proxy_pass http://127.0.0.1:__PORT_WEB__; - proxy_buffering on; + proxy_pass http://127.0.0.1:__PORT_STREAM__; + proxy_buffering off; proxy_redirect off; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; + proxy_set_header Connection $connection_upgrade; - #proxy_cache CACHE; - proxy_cache_valid 200 7d; - proxy_cache_valid 410 24h; - proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504; - more_set_headers "X-Cached: $upstream_cache_status"; - more_set_headers "Strict-Transport-Security: max-age=31536000"; + more_set_headers "Strict-Transport-Security: max-age=63072000; includeSubDomains"; tcp_nodelay on; } -location /api/v1/streaming { +location @proxy { proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto https; + proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header Proxy ""; + proxy_pass_header Server; - proxy_pass http://127.0.0.1:__PORT_STREAM__; - proxy_buffering off; + proxy_pass http://127.0.0.1:__PORT_WEB__; + proxy_buffering on; proxy_redirect off; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; + proxy_set_header Connection $connection_upgrade; + + proxy_cache CACHE; + proxy_cache_valid 200 7d; + proxy_cache_valid 410 24h; + proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504; + more_set_headers "X-Cached: $upstream_cache_status"; tcp_nodelay on; } |