From eecf4c00626f1bfcb575671d059bc51c3f21bd33 Mon Sep 17 00:00:00 2001
From: Izorkin <izorkin@elven.pw>
Date: Mon, 2 Sep 2024 22:33:28 +0300
Subject: [PATCH 1/6] nginx: remove regexp function from location block

In PR 19438, there was an error in way location
blocks was handled.
---
 dist/nginx.conf | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/dist/nginx.conf b/dist/nginx.conf
index 3ab9bb66a2..9a71c338e0 100644
--- a/dist/nginx.conf
+++ b/dist/nginx.conf
@@ -77,49 +77,49 @@ server {
     try_files $uri =404;
   }
 
-  location ~ ^/assets/ {
+  location ^~ /assets/ {
     add_header Cache-Control "public, max-age=2419200, must-revalidate";
     add_header Strict-Transport-Security "max-age=63072000; includeSubDomains";
     try_files $uri =404;
   }
 
-  location ~ ^/avatars/ {
+  location ^~ /avatars/ {
     add_header Cache-Control "public, max-age=2419200, must-revalidate";
     add_header Strict-Transport-Security "max-age=63072000; includeSubDomains";
     try_files $uri =404;
   }
 
-  location ~ ^/emoji/ {
+  location ^~ /emoji/ {
     add_header Cache-Control "public, max-age=2419200, must-revalidate";
     add_header Strict-Transport-Security "max-age=63072000; includeSubDomains";
     try_files $uri =404;
   }
 
-  location ~ ^/headers/ {
+  location ^~ /headers/ {
     add_header Cache-Control "public, max-age=2419200, must-revalidate";
     add_header Strict-Transport-Security "max-age=63072000; includeSubDomains";
     try_files $uri =404;
   }
 
-  location ~ ^/packs/ {
+  location ^~ /packs/ {
     add_header Cache-Control "public, max-age=2419200, must-revalidate";
     add_header Strict-Transport-Security "max-age=63072000; includeSubDomains";
     try_files $uri =404;
   }
 
-  location ~ ^/shortcuts/ {
+  location ^~ /shortcuts/ {
     add_header Cache-Control "public, max-age=2419200, must-revalidate";
     add_header Strict-Transport-Security "max-age=63072000; includeSubDomains";
     try_files $uri =404;
   }
 
-  location ~ ^/sounds/ {
+  location ^~ /sounds/ {
     add_header Cache-Control "public, max-age=2419200, must-revalidate";
     add_header Strict-Transport-Security "max-age=63072000; includeSubDomains";
     try_files $uri =404;
   }
 
-  location ~ ^/system/ {
+  location ^~ /system/ {
     add_header Cache-Control "public, max-age=2419200, immutable";
     add_header Strict-Transport-Security "max-age=63072000; includeSubDomains";
     add_header X-Content-Type-Options nosniff;

From aebac679d989e5dcc96c80836bb8ea50064fa26d Mon Sep 17 00:00:00 2001
From: Izorkin <izorkin@elven.pw>
Date: Mon, 2 Sep 2024 22:46:44 +0300
Subject: [PATCH 2/6] nginx: remove unused location block

---
 dist/nginx.conf | 6 ------
 1 file changed, 6 deletions(-)

diff --git a/dist/nginx.conf b/dist/nginx.conf
index 9a71c338e0..61c6e2ed94 100644
--- a/dist/nginx.conf
+++ b/dist/nginx.conf
@@ -107,12 +107,6 @@ server {
     try_files $uri =404;
   }
 
-  location ^~ /shortcuts/ {
-    add_header Cache-Control "public, max-age=2419200, must-revalidate";
-    add_header Strict-Transport-Security "max-age=63072000; includeSubDomains";
-    try_files $uri =404;
-  }
-
   location ^~ /sounds/ {
     add_header Cache-Control "public, max-age=2419200, must-revalidate";
     add_header Strict-Transport-Security "max-age=63072000; includeSubDomains";

From 59c1ef8fb24902fa375e009799495f532816e173 Mon Sep 17 00:00:00 2001
From: Izorkin <izorkin@elven.pw>
Date: Mon, 2 Sep 2024 23:14:26 +0300
Subject: [PATCH 3/6] nginx: add new location block

---
 dist/nginx.conf | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/dist/nginx.conf b/dist/nginx.conf
index 61c6e2ed94..876b71ffe5 100644
--- a/dist/nginx.conf
+++ b/dist/nginx.conf
@@ -101,6 +101,12 @@ server {
     try_files $uri =404;
   }
 
+  location ^~ /ocr/ {
+    add_header Cache-Control "public, max-age=2419200, must-revalidate";
+    add_header Strict-Transport-Security "max-age=63072000; includeSubDomains";
+    try_files $uri =404;
+  }
+
   location ^~ /packs/ {
     add_header Cache-Control "public, max-age=2419200, must-revalidate";
     add_header Strict-Transport-Security "max-age=63072000; includeSubDomains";

From e8a75694cf68df6f912a4d9b11e1e265d5d0c147 Mon Sep 17 00:00:00 2001
From: Izorkin <izorkin@elven.pw>
Date: Mon, 2 Sep 2024 23:23:00 +0300
Subject: [PATCH 4/6] nginx: move processing of remaining static files to main
 location block

---
 dist/nginx.conf | 7 +------
 1 file changed, 1 insertion(+), 6 deletions(-)

diff --git a/dist/nginx.conf b/dist/nginx.conf
index 876b71ffe5..4f134719a8 100644
--- a/dist/nginx.conf
+++ b/dist/nginx.conf
@@ -66,17 +66,12 @@ server {
   gzip_static on;
 
   location / {
+    add_header Strict-Transport-Security "max-age=63072000; includeSubDomains";
     try_files $uri @proxy;
   }
 
   # If Docker is used for deployment and Rails serves static files,
   # then needed must replace line `try_files $uri =404;` with `try_files $uri @proxy;`.
-  location = /sw.js {
-    add_header Cache-Control "public, max-age=604800, must-revalidate";
-    add_header Strict-Transport-Security "max-age=63072000; includeSubDomains";
-    try_files $uri =404;
-  }
-
   location ^~ /assets/ {
     add_header Cache-Control "public, max-age=2419200, must-revalidate";
     add_header Strict-Transport-Security "max-age=63072000; includeSubDomains";

From e204c306cdb9702605508590eaa3171de197d05d Mon Sep 17 00:00:00 2001
From: Izorkin <izorkin@elven.pw>
Date: Mon, 2 Sep 2024 23:24:48 +0300
Subject: [PATCH 5/6] nginx: renaming @proxy block to @mastodon

If multiple sites are hosted on server, a common `@proxy` block
name may cause a conflict if another site uses a block with
same name.
---
 dist/nginx.conf | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/dist/nginx.conf b/dist/nginx.conf
index 4f134719a8..909355f140 100644
--- a/dist/nginx.conf
+++ b/dist/nginx.conf
@@ -67,11 +67,11 @@ server {
 
   location / {
     add_header Strict-Transport-Security "max-age=63072000; includeSubDomains";
-    try_files $uri @proxy;
+    try_files $uri @mastodon;
   }
 
   # If Docker is used for deployment and Rails serves static files,
-  # then needed must replace line `try_files $uri =404;` with `try_files $uri @proxy;`.
+  # then needed must replace line `try_files $uri =404;` with `try_files $uri @mastodon;`.
   location ^~ /assets/ {
     add_header Cache-Control "public, max-age=2419200, must-revalidate";
     add_header Strict-Transport-Security "max-age=63072000; includeSubDomains";
@@ -141,7 +141,7 @@ server {
     tcp_nodelay on;
   }
 
-  location @proxy {
+  location @mastodon {
     proxy_set_header Host $host;
     proxy_set_header X-Real-IP $remote_addr;
     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

From e01f474b41e1ddb8797781f3c77a64526ab09444 Mon Sep 17 00:00:00 2001
From: Izorkin <izorkin@elven.pw>
Date: Mon, 2 Sep 2024 23:58:20 +0300
Subject: [PATCH 6/6] nginx: remove unused header

Headers are not used in the streaming block.
---
 dist/nginx.conf | 2 --
 1 file changed, 2 deletions(-)

diff --git a/dist/nginx.conf b/dist/nginx.conf
index 909355f140..5feeb4321a 100644
--- a/dist/nginx.conf
+++ b/dist/nginx.conf
@@ -136,8 +136,6 @@ server {
     proxy_set_header Upgrade $http_upgrade;
     proxy_set_header Connection $connection_upgrade;
 
-    add_header Strict-Transport-Security "max-age=63072000; includeSubDomains";
-
     tcp_nodelay on;
   }