diff --git a/dist/nginx.conf b/dist/nginx.conf index f28d7c6a82..716c277dd0 100644 --- a/dist/nginx.conf +++ b/dist/nginx.conf @@ -56,58 +56,104 @@ server { try_files $uri @proxy; } - location ~ ^/(emoji|packs|system/accounts/avatars|system/media_attachments/files) { - add_header Cache-Control "public, max-age=31536000, immutable"; + # If Docker is used for deployment and Rails serves static files, + # then needed must replace line `try_files $uri =404;` with `try_files $uri @proxy;`. + location = sw.js { + add_header Cache-Control "public, max-age=604800, must-revalidate"; add_header Strict-Transport-Security "max-age=63072000; includeSubDomains"; - try_files $uri @proxy; + try_files $uri =404; } - location /sw.js { - add_header Cache-Control "public, max-age=0"; + location ~ ^/assets/ { + add_header Cache-Control "public, max-age=2419200, must-revalidate"; add_header Strict-Transport-Security "max-age=63072000; includeSubDomains"; - try_files $uri @proxy; + try_files $uri =404; } - location @proxy { + location ~ ^/avatars/ { + add_header Cache-Control "public, max-age=2419200, must-revalidate"; + add_header Strict-Transport-Security "max-age=63072000; includeSubDomains"; + try_files $uri =404; + } + + location ~ ^/emoji/ { + add_header Cache-Control "public, max-age=2419200, must-revalidate"; + add_header Strict-Transport-Security "max-age=63072000; includeSubDomains"; + try_files $uri =404; + } + + location ~ ^/headers/ { + add_header Cache-Control "public, max-age=2419200, must-revalidate"; + add_header Strict-Transport-Security "max-age=63072000; includeSubDomains"; + try_files $uri =404; + } + + location ~ ^/packs/ { + add_header Cache-Control "public, max-age=2419200, must-revalidate"; + add_header Strict-Transport-Security "max-age=63072000; includeSubDomains"; + try_files $uri =404; + } + + location ~ ^/shortcuts/ { + add_header Cache-Control "public, max-age=2419200, must-revalidate"; + add_header Strict-Transport-Security "max-age=63072000; includeSubDomains"; + try_files $uri =404; + } + + location ~ ^/sounds/ { + add_header Cache-Control "public, max-age=2419200, must-revalidate"; + add_header Strict-Transport-Security "max-age=63072000; includeSubDomains"; + try_files $uri =404; + } + + location ~ ^/system/ { + add_header Cache-Control "public, max-age=2419200, immutable"; + add_header Strict-Transport-Security "max-age=63072000; includeSubDomains"; + try_files $uri =404; + } + + location ^~ /api/v1/streaming/ { proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header Proxy ""; - proxy_pass_header Server; - proxy_pass http://backend; - proxy_buffering on; + proxy_pass http://streaming; + proxy_buffering off; proxy_redirect off; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $connection_upgrade; - proxy_cache CACHE; - proxy_cache_valid 200 7d; - proxy_cache_valid 410 24h; - proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504; - add_header X-Cached $upstream_cache_status; + add_header Strict-Transport-Security "max-age=63072000; includeSubDomains"; tcp_nodelay on; } - location /api/v1/streaming { + location @proxy { proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header Proxy ""; + proxy_pass_header Server; - proxy_pass http://streaming; - proxy_buffering off; + proxy_pass http://backend; + proxy_buffering on; proxy_redirect off; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $connection_upgrade; + proxy_cache CACHE; + proxy_cache_valid 200 7d; + proxy_cache_valid 410 24h; + proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504; + add_header X-Cached $upstream_cache_status; + tcp_nodelay on; } - error_page 500 501 502 503 504 /500.html; + error_page 404 500 501 502 503 504 /500.html; }