From 0aa62520778f29484a3dc971d654548d2fb46ccf Mon Sep 17 00:00:00 2001 From: Bob Mottram Date: Sun, 13 Jun 2021 10:15:32 +0100 Subject: [PATCH] Update documentation for cache --- README.md | 8 ++- gemini/EN/install.gmi | 29 ++------ website/EN/index.html | 163 +++++++++++++++++++----------------------- 3 files changed, 83 insertions(+), 117 deletions(-) diff --git a/README.md b/README.md index d3aa297e1..7beb9a1bc 100644 --- a/README.md +++ b/README.md @@ -179,8 +179,12 @@ server { proxy_buffers 16 32k; proxy_busy_buffers_size 64k; proxy_redirect off; - proxy_request_buffering on; - proxy_buffering on; + proxy_request_buffering off; + proxy_buffering off; + location ~ ^/accounts/(avatars|headers)/(.*).(png|jpg|gif|webp|svg) { + expires 1d; + proxy_pass http://localhost:7156; + } proxy_pass http://localhost:7156; } } diff --git a/gemini/EN/install.gmi b/gemini/EN/install.gmi index 5b42d03fd..23f342289 100644 --- a/gemini/EN/install.gmi +++ b/gemini/EN/install.gmi @@ -125,8 +125,6 @@ And paste the following: proxy_set_header X-Forward-For $proxy_add_x_forwarded_for; proxy_set_header X-Forward-Proto http; proxy_set_header X-Nginx-Proxy true; - expires epoch; - proxy_no_cache 1; proxy_temp_file_write_size 64k; proxy_connect_timeout 10080s; proxy_send_timeout 10080; @@ -135,28 +133,11 @@ And paste the following: proxy_buffers 16 32k; proxy_busy_buffers_size 64k; proxy_redirect off; - proxy_request_buffering on; - proxy_buffering on; - proxy_cache my_cache; - proxy_cache_use_stale error timeout http_500 http_502 http_503 http_504; - location ~ ^/(icons|images|media|emoji)/(.*)/(.*).(png|jpg|gif|webp|mp3|ogv|ogg|mp4) { - expires 7d; - proxy_pass http://localhost:7156; - } - location ~ ^/icons/(.*)/(like|repeat|calendar)(.*).(png|jpg|gif|webp|mp3|ogv|ogg|mp4) { - expires epoch; - proxy_no_cache 1; - proxy_pass http://localhost:7156; - } - location ~ ^/icons/(like|repeat|calendar)(.*).(png|jpg|gif|webp|mp3|ogv|ogg|mp4) { - expires epoch; - proxy_no_cache 1; - proxy_pass http://localhost:7156; - } - location ~ ^/users/(.*)/(image|banner).png { - expires epoch; - proxy_no_cache 1; - proxy_pass http://localhost:7156; + proxy_request_buffering off; + proxy_buffering off; + location ~ ^/accounts/(avatars|headers)/(.*).(png|jpg|gif|webp|svg) { + expires 1d; + proxy_pass http://localhost:7156; } proxy_pass http://localhost:7156; } diff --git a/website/EN/index.html b/website/EN/index.html index 37da861a8..45f5f41e6 100644 --- a/website/EN/index.html +++ b/website/EN/index.html @@ -1374,101 +1374,82 @@ inactive=60m use_temp_path=off; server {
- listen 80;
- listen [::]:80;
- server_name YOUR_DOMAIN;
- access_log /dev/null;
- error_log /dev/null;
- client_max_body_size 31m;
- client_body_buffer_size 128k;
-
- limit_conn conn_limit_per_ip 10;
- limit_req zone=req_limit_per_ip burst=10 nodelay;
-
- index index.html;
- rewrite ^ https://$server_name$request_uri? permanent;
+ listen 80;
+ listen [::]:80;
+ server_name YOUR_DOMAIN;
+ access_log /dev/null;
+ error_log /dev/null;
+ client_max_body_size 31m;
+ client_body_buffer_size 128k;
+
+ limit_conn conn_limit_per_ip 10;
+ limit_req zone=req_limit_per_ip burst=10 nodelay;
+
+ index index.html;
+ rewrite ^ https://$server_name$request_uri? permanent;
}

server {
- listen 443 ssl;
- server_name YOUR_DOMAIN;
-
- ssl_stapling off;
- ssl_stapling_verify off;
- ssl on;
- ssl_certificate /etc/letsencrypt/live/YOUR_DOMAIN/fullchain.pem;
- ssl_certificate_key /etc/letsencrypt/live/YOUR_DOMAIN/privkey.pem;
- #ssl_dhparam /etc/ssl/certs/YOUR_DOMAIN.dhparam;
-
- ssl_session_cache builtin:1000 shared:SSL:10m;
- ssl_session_timeout 60m;
- ssl_prefer_server_ciphers on;
- ssl_protocols TLSv1.2 TLSv1.3;
- ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS';
- add_header X-Frame-Options DENY;
- add_header X-Content-Type-Options nosniff;
- add_header X-XSS-Protection "1; mode=block";
- add_header X-Download-Options noopen;
- add_header X-Permitted-Cross-Domain-Policies none;
-
- add_header X-Robots-Tag "noindex, nofollow, nosnippet, noarchive";
- add_header Strict-Transport-Security max-age=15768000;
-
- access_log /dev/null;
- error_log /dev/null;
-
- index index.html;
-
- location /newsmirror {
- root /var/www/YOUR_DOMAIN;
- try_files $uri =404;
- }
-
- location / {
- proxy_http_version 1.1;
- client_max_body_size 31M;
- proxy_set_header Upgrade $http_upgrade;
- proxy_set_header Connection "upgrade";
- proxy_set_header Host $http_host;
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
- proxy_set_header X-Forward-Proto http;
- proxy_set_header X-Nginx-Proxy true;
- expires epoch;
- proxy_no_cache 1;
- proxy_temp_file_write_size 64k;
- proxy_connect_timeout 10080s;
- proxy_send_timeout 10080;
- proxy_read_timeout 10080;
- proxy_buffer_size 64k;
- proxy_buffers 16 32k;
- proxy_busy_buffers_size 64k;
- proxy_redirect off;
- proxy_request_buffering on;
- proxy_buffering on;
- proxy_cache my_cache;
- proxy_cache_use_stale error timeout http_500 http_502 http_503 http_504;
- location ~ ^/(icons|images|media|emoji)/(.*)/(.*).(png|jpg|gif|webp|mp3|ogv|ogg|mp4) {
- expires 7d;
+ listen 443 ssl;
+ server_name YOUR_DOMAIN;
+
+ ssl_stapling off;
+ ssl_stapling_verify off;
+ ssl on;
+ ssl_certificate /etc/letsencrypt/live/YOUR_DOMAIN/fullchain.pem;
+ ssl_certificate_key /etc/letsencrypt/live/YOUR_DOMAIN/privkey.pem;
+ #ssl_dhparam /etc/ssl/certs/YOUR_DOMAIN.dhparam;
+
+ ssl_session_cache builtin:1000 shared:SSL:10m;
+ ssl_session_timeout 60m;
+ ssl_prefer_server_ciphers on;
+ ssl_protocols TLSv1.2 TLSv1.3;
+ ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS';
+ add_header X-Frame-Options DENY;
+ add_header X-Content-Type-Options nosniff;
+ add_header X-XSS-Protection "1; mode=block";
+ add_header X-Download-Options noopen;
+ add_header X-Permitted-Cross-Domain-Policies none;
+
+ add_header X-Robots-Tag "noindex, nofollow, nosnippet, noarchive";
+ add_header Strict-Transport-Security max-age=15768000;
+
+ access_log /dev/null;
+ error_log /dev/null;
+
+ index index.html;
+
+ location /newsmirror {
+ root /var/www/YOUR_DOMAIN;
+ try_files $uri =404;
+ }
+
+ location / {
+ proxy_http_version 1.1;
+ client_max_body_size 31M;
+ proxy_set_header Upgrade $http_upgrade;
+ proxy_set_header Connection "upgrade";
+ proxy_set_header Host $http_host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Forward-Proto http;
+ proxy_set_header X-Nginx-Proxy true;
+ proxy_temp_file_write_size 64k;
+ proxy_connect_timeout 10080s;
+ proxy_send_timeout 10080;
+ proxy_read_timeout 10080;
+ proxy_buffer_size 64k;
+ proxy_buffers 16 32k;
+ proxy_busy_buffers_size 64k;
+ proxy_redirect off;
+ proxy_request_buffering off;
+ proxy_buffering off;
+ location ~ ^/accounts/(avatars|headers)/(.*).(png|jpg|gif|webp|svg) {
+ expires 1d;
+ proxy_pass http://localhost:7156;
+ }
proxy_pass http://localhost:7156;
- }
- location ~ ^/icons/(.*)/(like|repeat|calendar)(.*).(png|jpg|gif|webp|mp3|ogv|ogg|mp4) {
- expires epoch;
- proxy_no_cache 1;
- proxy_pass http://localhost:7156;
- }
- location ~ ^/icons/(like|repeat|calendar)(.*).(png|jpg|gif|webp|mp3|ogv|ogg|mp4) {
- expires epoch;
- proxy_no_cache 1;
- proxy_pass http://localhost:7156;
- }
- location ~ ^/users/(.*)/(image|banner).(png|jpg|gif|webp|mp3|ogv|ogg|mp4) {
- expires epoch;
- proxy_no_cache 1;
- proxy_pass http://localhost:7156;
- }
- proxy_pass http://localhost:7156;
- }
+ }
}