nginx: optimize location blocks (part 2) (#19644)

2025-12-15 16:59:41 +00:00 · 2025-11-05 18:08:16 +03:00
parent 4a6f479535
commit 1a31c412ca
1 changed files with 13 additions and 27 deletions
--- a/dist/nginx.conf
+++ b/dist/nginx.conf
@@ -67,65 +67,53 @@ server {
  gzip_static on;
  location / {
-    try_files $uri @proxy;
+    add_header Strict-Transport-Security "max-age=63072000; includeSubDomains";
    try_files $uri @mastodon;
  }
  # If Docker is used for deployment and Rails serves static files,
-  # then needed must replace line `try_files $uri =404;` with `try_files $uri @proxy;`.
+  # then needed uncomment line with `try_files $uri @mastodon;`.
-  location = /sw.js {
+  location ^~ /assets/ {
    add_header Cache-Control "public, max-age=604800, must-revalidate";
    add_header Strict-Transport-Security "max-age=63072000; includeSubDomains";
    try_files $uri =404;
  }
  location ~ ^/assets/ {
    add_header Cache-Control "public, max-age=2419200, must-revalidate";
    add_header Strict-Transport-Security "max-age=63072000; includeSubDomains";
-    try_files $uri =404;
+    # try_files $uri @mastodon;
  }
-  location ~ ^/avatars/ {
+  location ^~ /avatars/ {
    add_header Cache-Control "public, max-age=2419200, must-revalidate";
    add_header Strict-Transport-Security "max-age=63072000; includeSubDomains";
    try_files $uri =404;
  }
-  location ~ ^/emoji/ {
+  location ^~ /emoji/ {
    add_header Cache-Control "public, max-age=2419200, must-revalidate";
    add_header Strict-Transport-Security "max-age=63072000; includeSubDomains";
    try_files $uri =404;
  }
-  location ~ ^/headers/ {
+  location ^~ /headers/ {
    add_header Cache-Control "public, max-age=2419200, must-revalidate";
    add_header Strict-Transport-Security "max-age=63072000; includeSubDomains";
    try_files $uri =404;
  }
-  location ~ ^/packs/ {
+  location ^~ /ocr/ {
    add_header Cache-Control "public, max-age=2419200, must-revalidate";
    add_header Strict-Transport-Security "max-age=63072000; includeSubDomains";
    try_files $uri =404;
  }
-  location ~ ^/shortcuts/ {
+  location ^~ /packs/ {
    add_header Cache-Control "public, max-age=2419200, must-revalidate";
    add_header Strict-Transport-Security "max-age=63072000; includeSubDomains";
    try_files $uri =404;
  }
-  location ~ ^/sounds/ {
+  location ^~ /sounds/ {
    add_header Cache-Control "public, max-age=2419200, must-revalidate";
    add_header Strict-Transport-Security "max-age=63072000; includeSubDomains";
    try_files $uri =404;
  }
-  location ~ ^/system/ {
+  location ^~ /system/ {
    add_header Cache-Control "public, max-age=2419200, immutable";
    add_header Strict-Transport-Security "max-age=63072000; includeSubDomains";
    add_header X-Content-Type-Options nosniff;
    add_header Content-Security-Policy "default-src 'none'; form-action 'none'";
    try_files $uri =404;
  }
  location ^~ /api/v1/streaming {
@@ -142,12 +130,10 @@ server {
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection $connection_upgrade;
    add_header Strict-Transport-Security "max-age=63072000; includeSubDomains";
    tcp_nodelay on;
  }
-  location @proxy {
+  location @mastodon {
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;