update mastodon.nginx

mastodon/mastodon.nginx

@@ -4,11 +4,11 @@ map $http_upgrade $connection_upgrade {
 }
 
 upstream backend {
-    server 127.0.0.1:3000 fail_timeout=0;
+  server 127.0.0.1:3000 fail_timeout=0;
 }
 
 upstream streaming {
-    server 127.0.0.1:4000 fail_timeout=0;
+  server 127.0.0.1:4000 fail_timeout=0;
 }
 
 proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=CACHE:10m inactive=7d max_size=1g;
@@ -18,9 +18,9 @@ server {
   listen [::]:80;
   server_name mastodon.yourdomain.com;
   root /home/mastodon/mastodon/public;
-  #location /.well-known/acme-challenge/ { allow all; }
-  location / { 
-    return 301 https://$host$request_uri; 
+
+  location / {
+    return 301 https://$host$request_uri;
   }
 }
 
@@ -29,18 +29,16 @@ server {
   listen [::]:443 ssl http2;
   server_name mastodon.yourdomain.com;
 
+  access_log  /var/log/nginx/mastodon.access.log;
+  error_log  /var/log/nginx/mastodon.error.log;
+
   ssl_protocols TLSv1.2 TLSv1.3;
   ssl_ciphers HIGH:!MEDIUM:!LOW:!aNULL:!NULL:!SHA;
   ssl_prefer_server_ciphers on;
   ssl_session_cache shared:SSL:10m;
   ssl_session_tickets off;
-
-  # Uncomment these lines once you acquire a certificate:
   ssl_certificate     /etc/nginx/cert/mastodon.yourdomain.com.pem;
   ssl_certificate_key /etc/nginx/cert/mastodon.yourdomain.com.key;
-
-  access_log  /var/log/nginx/mastodon.access.log;
-  error_log  /var/log/nginx/mastodon.error.log;
 
   keepalive_timeout    70;
   sendfile             on;
@@ -61,15 +59,49 @@ server {
     try_files $uri @proxy;
   }
 
-  # If Docker is used for deployment and Rails serves static files,
-  # then needed must replace line `try_files $uri =404;` with `try_files $uri @proxy;`.
   location = /sw.js {
     add_header Cache-Control "public, max-age=604800, must-revalidate";
     add_header Strict-Transport-Security "max-age=63072000; includeSubDomains";
     try_files $uri @proxy;
   }
 
-  location ~ ^/(assets|avatars|emoji|headers|packs|shortcuts|sounds)/ {
+  location ~ ^/assets/ {
+    add_header Cache-Control "public, max-age=2419200, must-revalidate";
+    add_header Strict-Transport-Security "max-age=63072000; includeSubDomains";
+    try_files $uri @proxy;
+  }
+
+  location ~ ^/avatars/ {
+    add_header Cache-Control "public, max-age=2419200, must-revalidate";
+    add_header Strict-Transport-Security "max-age=63072000; includeSubDomains";
+    try_files $uri @proxy;
+  }
+
+  location ~ ^/emoji/ {
+    add_header Cache-Control "public, max-age=2419200, must-revalidate";
+    add_header Strict-Transport-Security "max-age=63072000; includeSubDomains";
+    try_files $uri @proxy;
+  }
+
+  location ~ ^/headers/ {
+    add_header Cache-Control "public, max-age=2419200, must-revalidate";
+    add_header Strict-Transport-Security "max-age=63072000; includeSubDomains";
+    try_files $uri @proxy;
+  }
+
+  location ~ ^/packs/ {
+    add_header Cache-Control "public, max-age=2419200, must-revalidate";
+    add_header Strict-Transport-Security "max-age=63072000; includeSubDomains";
+    try_files $uri @proxy;
+  }
+
+  location ~ ^/shortcuts/ {
+    add_header Cache-Control "public, max-age=2419200, must-revalidate";
+    add_header Strict-Transport-Security "max-age=63072000; includeSubDomains";
+    try_files $uri @proxy;
+  }
+
+  location ~ ^/sounds/ {
     add_header Cache-Control "public, max-age=2419200, must-revalidate";
     add_header Strict-Transport-Security "max-age=63072000; includeSubDomains";
     try_files $uri @proxy;
@@ -82,8 +114,6 @@ server {
   }
 
   location ^~ /api/v1/streaming {
-    # edit
-    proxy_set_header Accept-Encoding "";
     proxy_set_header Host $host;
     proxy_set_header X-Real-IP $remote_addr;
     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
@@ -103,7 +133,6 @@ server {
   }
 
   location @proxy {
-    proxy_set_header Accept-Encoding "";
     proxy_set_header Host $host;
     proxy_set_header X-Real-IP $remote_addr;
     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;