sforkowany z mirror/soapbox
Merge branch 'nginx-tweaks' into 'develop'
Nginx tweaks See merge request soapbox-pub/soapbox-fe!1355site-logo
Alex Gleason
commit
38b960244a
|
|
@ -3,6 +3,10 @@
|
|||
#
|
||||
# Edit this file to change occurences of "example.com" to your own domain.
|
||||
|
||||
# Note: if this line causes an error, move it to nginx.conf
|
||||
# https://github.com/nginx-proxy/nginx-proxy/issues/1365#issuecomment-668421898
|
||||
map_hash_bucket_size 128;
|
||||
|
||||
map $http_upgrade $connection_upgrade {
|
||||
default upgrade;
|
||||
'' close;
|
||||
|
|
@ -10,10 +14,9 @@ map $http_upgrade $connection_upgrade {
|
|||
|
||||
# ActivityPub routing.
|
||||
map $http_accept $activitypub_location {
|
||||
default /index.html;
|
||||
"application/activity+json" @proxy;
|
||||
# Increase `map_hash_bucket_size` to enable this route:
|
||||
# 'application/ld+json; profile="https://www.w3.org/ns/activitystreams"' @proxy;
|
||||
default @soapbox;
|
||||
"application/activity+json" @mastodon;
|
||||
'application/ld+json; profile="https://www.w3.org/ns/activitystreams"' @mastodon;
|
||||
}
|
||||
|
||||
upstream backend {
|
||||
|
|
@ -67,38 +70,34 @@ server {
|
|||
|
||||
add_header Strict-Transport-Security "max-age=31536000" always;
|
||||
|
||||
# Content Security Policy (CSP)
|
||||
# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy
|
||||
add_header Content-Security-Policy "base-uri 'none'; default-src 'none'; font-src 'self'; img-src 'self' https: data: blob:; style-src 'self' 'unsafe-inline'; media-src 'self' https: data:; frame-src 'self' https:; manifest-src 'self'; connect-src 'self' data: blob:; script-src 'self'; child-src 'self'; worker-src 'self';";
|
||||
|
||||
# Fallback route.
|
||||
# Everything not routed should fall back to the SPA.
|
||||
# Try static files, then fall back to the SPA.
|
||||
location / {
|
||||
try_files /index.html /dev/null;
|
||||
try_files /dev/null @static-files;
|
||||
}
|
||||
|
||||
# Mastodon backend routes.
|
||||
# These are routes to Mastodon's API and important rendered pages.
|
||||
location ~ ^/(api|oauth|auth|admin|pghero|sidekiq|manifest.json|.well-known/webfinger|.well-known/host-meta|@(.+)/embed$) {
|
||||
try_files /dev/null @proxy;
|
||||
location ~ ^/(api|oauth|auth|admin|pghero|sidekiq|manifest.json|nodeinfo|.well-known/(webfinger|host-meta|nodeinfo|change-password)|@(.+)/embed$) {
|
||||
try_files /dev/null @mastodon;
|
||||
}
|
||||
|
||||
# Mastodon ActivityPub routes.
|
||||
# Conditionally send to Mastodon by Accept header.
|
||||
location ~ ^/(inbox|outbox|users|@(.+)) {
|
||||
try_files $activitypub_location $activitypub_location;
|
||||
location ~ ^/(inbox|users|@(.+)) {
|
||||
try_files /dev/null $activitypub_location;
|
||||
}
|
||||
|
||||
# Mastodon public files.
|
||||
# https://github.com/mastodon/mastodon/tree/main/public
|
||||
# Take only what we need for Soapbox.
|
||||
location ~ ^/(assets|favicon.ico|browserconfig.xml|embed.js|android-chrome-192x192.png|apple-touch-icon.png|avatars/original/missing.png|headers/original/missing.png) {
|
||||
root /home/mastodon/live/public;
|
||||
add_header Cache-Control "public, max-age=31536000, immutable";
|
||||
add_header Strict-Transport-Security "max-age=31536000" always;
|
||||
}
|
||||
|
||||
# Soapbox build files.
|
||||
# Soapbox & Mastodon (frontend) build files.
|
||||
# New builds produce hashed filenames, so these should be cached heavily.
|
||||
location /packs {
|
||||
add_header Cache-Control "public, max-age=31536000, immutable";
|
||||
add_header Strict-Transport-Security "max-age=31536000" always;
|
||||
try_files /dev/null @static-files;
|
||||
}
|
||||
|
||||
# Soapbox configuration files.
|
||||
|
|
@ -113,8 +112,26 @@ server {
|
|||
add_header Strict-Transport-Security "max-age=31536000" always;
|
||||
}
|
||||
|
||||
# Soapbox SPA (Single Page App).
|
||||
location @soapbox {
|
||||
try_files /index.html /dev/null;
|
||||
}
|
||||
|
||||
# Mastodon public files (fallback to Soapbox SPA).
|
||||
# https://github.com/mastodon/mastodon/tree/main/public
|
||||
location @mastodon-public {
|
||||
root /home/mastodon/live/public;
|
||||
try_files $uri @soapbox;
|
||||
}
|
||||
|
||||
# Soapbox & Mastodon static files.
|
||||
# Try Soapbox first, Mastodon, then fall back to the SPA.
|
||||
location @static-files {
|
||||
try_files $uri @mastodon-public;
|
||||
}
|
||||
|
||||
# Proxy to Mastodon's Ruby on Rails backend.
|
||||
location @proxy {
|
||||
location @mastodon {
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
|
|
|
|||
Ładowanie…
Reference in New Issue