sweetroll-site.nginx.conf

# This config file must be included inside of a server { ... } block.
# See nginx.conf for an example.

charset utf-8;
error_page 401 /dist/401.html;
error_page 403 /dist/403.html;
error_page 404 /dist/404.html;
error_page 429 /dist/429.html;
error_page 500 /dist/500.html;
error_page 502 /dist/502.html;
error_page 503 /dist/503.html;
error_page 504 /dist/504.html;

limit_req_status 429;
limit_conn_status 429;

proxy_http_version 1.1;
proxy_set_header Connection '';
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
#proxy_set_header X-Forwarded-Proto 'https';

rewrite ^/.well-known/(host-meta|webfinger).* https://fed.brid.gy$request_uri redirect;

location ~ /(webmention|micropub|microsub|login) {
	limit_req zone=be burst=20 nodelay;
	add_header Content-Security-Policy "default-src 'none'; frame-ancestors 'none'";
	proxy_read_timeout 40s;
	proxy_pass http://sweetroll-be;

	location ~ /micropub/media {
		client_max_body_size 512M;
		proxy_read_timeout 2h;
		proxy_pass http://sweetroll-mu;
	}
}

location /dist {
	etag off; # nginx does last-modified too, don't need both
	access_log off;
	if ($args != "") { # if a cachebusting query string exists
		add_header Cache-Control "max-age=31536000, immutable";
	}
	autoindex off;
}

rewrite ^/sw.js(.*)$ /dist/sw.js$1 last;
rewrite ^/offline.html(.*)$ /dist/offline.html$1 last;

location /live {
	limit_req zone=live burst=5 nodelay;
	proxy_buffering off;
	proxy_cache off;
	proxy_read_timeout 2h;
	chunked_transfer_encoding off;
	add_header Content-Security-Policy "default-src 'none'; frame-ancestors 'none'";
	proxy_pass http://sweetroll-fe;
}

location / {
	rewrite ^(.+)/$ $1 permanent; # Remove trailing slash
	proxy_pass http://sweetroll-fe;
}