61 lines
1.6 KiB
Plaintext
61 lines
1.6 KiB
Plaintext
# Cache and security rules for static site (included by both dev and bio server blocks)
|
|
# Security headers are handled upstream by Traefik
|
|
|
|
# HTML: no-cache (always revalidate)
|
|
location ~ \.html$ {
|
|
add_header Cache-Control "no-cache, must-revalidate";
|
|
expires 0;
|
|
}
|
|
|
|
# CSS and JavaScript: long cache with immutable (hashed filenames)
|
|
location ~* \.(css|js)$ {
|
|
add_header Cache-Control "public, max-age=31536000, immutable";
|
|
access_log off;
|
|
}
|
|
|
|
# Images: long cache (30 days)
|
|
location ~* \.(jpg|jpeg|png|gif|webp|avif)$ {
|
|
add_header Cache-Control "public, max-age=2592000";
|
|
access_log off;
|
|
}
|
|
|
|
# SVG images: long cache (30 days)
|
|
location ~* \.svg$ {
|
|
add_header Cache-Control "public, max-age=2592000";
|
|
add_header Content-Type image/svg+xml;
|
|
access_log off;
|
|
}
|
|
|
|
# Fonts: long cache with immutable
|
|
location ~* \.(woff|woff2|ttf|otf|eot)$ {
|
|
add_header Cache-Control "public, max-age=31536000, immutable";
|
|
access_log off;
|
|
}
|
|
|
|
# Documents: medium cache (30 days)
|
|
location ~* \.(pdf|doc|docx)$ {
|
|
add_header Cache-Control "public, max-age=2592000";
|
|
access_log off;
|
|
}
|
|
|
|
# robots.txt and sitemap.xml: handled in default.conf with alias (variant-specific)
|
|
|
|
# favicon: long cache (30 days)
|
|
location = /favicon.svg {
|
|
add_header Cache-Control "public, max-age=2592000";
|
|
add_header Content-Type image/svg+xml;
|
|
access_log off;
|
|
}
|
|
|
|
# .well-known (security.txt, ACME, etc.)
|
|
location ^~ /.well-known/ {
|
|
add_header Cache-Control "public, max-age=86400";
|
|
}
|
|
|
|
# Deny hidden files
|
|
location ~ /\. {
|
|
deny all;
|
|
access_log off;
|
|
log_not_found off;
|
|
}
|