From 089a56adee21211c6199f31c1d38e79eb1c014fb Mon Sep 17 00:00:00 2001
From: packetcat <packetcat@nullrouted.space>
Date: Fri, 3 Mar 2023 14:46:48 -0500
Subject: [PATCH] let's try new config without the try_files

---
 ubuntu/molly.silvestris.systems.yml | 82 +++++++++++++++++++++--------
 1 file changed, 61 insertions(+), 21 deletions(-)

diff --git a/ubuntu/molly.silvestris.systems.yml b/ubuntu/molly.silvestris.systems.yml
index 51e5868..e0d88ec 100644
--- a/ubuntu/molly.silvestris.systems.yml
+++ b/ubuntu/molly.silvestris.systems.yml
@@ -35,17 +35,65 @@
         - location / {
             try_files $uri @proxy;
           }
-        - location ~ ^/(emoji|packs|system/media_attachments/files|system/accounts/avatars) {
-            add_header Cache-Control "public, max-age=31536000, immutable";
+        - location = /sw.js {
+            add_header Cache-Control "public, max-age=604800, must-revalidate";
+            add_header Strict-Transport-Security "max-age=63072000; includeSubDomains";
+          }
+        - location ~ ^/assets/ {
+            add_header Cache-Control "public, max-age=2419200, must-revalidate";
+            add_header Strict-Transport-Security "max-age=63072000; includeSubDomains";
+          }
+        - location ~ ^/avatars/ {
+            add_header Cache-Control "public, max-age=2419200, must-revalidate";
+            add_header Strict-Transport-Security "max-age=63072000; includeSubDomains";
+          }
+        - location ~ ^/emoji/ {
+            add_header Cache-Control "public, max-age=2419200, must-revalidate";
+            add_header Strict-Transport-Security "max-age=63072000; includeSubDomains";
+          }
+        - location ~ ^/headers/ {
+            add_header Cache-Control "public, max-age=2419200, must-revalidate";
+            add_header Strict-Transport-Security "max-age=63072000; includeSubDomains";
+          }
+        - location ~ ^/packs/ {
+            add_header Cache-Control "public, max-age=2419200, must-revalidate";
+            add_header Strict-Transport-Security "max-age=63072000; includeSubDomains";
+          }
+        - location ~ ^/shortcuts/ {
+            add_header Cache-Control "public, max-age=2419200, must-revalidate";
+            add_header Strict-Transport-Security "max-age=63072000; includeSubDomains";
+          }
+        - location ~ ^/sounds/ {
+            add_header Cache-Control "public, max-age=2419200, must-revalidate";
+            add_header Strict-Transport-Security "max-age=63072000; includeSubDomains";
+          }
+        - location ~ ^/system/ {
+            add_header Cache-Control "public, max-age=2419200, immutable";
+            add_header Strict-Transport-Security "max-age=63072000; includeSubDomains";
+          }
+        - location ^~ /api/v1/streaming {
+            proxy_set_header Host $host;
+            proxy_set_header X-Real-IP $remote_addr;
+            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+            proxy_set_header X-Forwarded-Proto $scheme;
+            proxy_set_header Proxy "";
+            proxy_pass http://streaming;
+            proxy_buffering off;
+            proxy_redirect off;
+            proxy_http_version 1.1;
+            proxy_set_header Upgrade $http_upgrade;
+            proxy_set_header Connection $connection_upgrade;
+            add_header Strict-Transport-Security "max-age=63072000; includeSubDomains";
+            tcp_nodelay on;
           }
         - location @proxy {
             proxy_set_header Host $host;
             proxy_set_header X-Real-IP $remote_addr;
             proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-            proxy_set_header X-Forwarded-Proto https;
+            proxy_set_header X-Forwarded-Proto $scheme;
             proxy_set_header Proxy "";
             proxy_pass_header Server;
-            proxy_pass http://127.0.0.1:3000;
+            proxy_pass http://backend;
             proxy_buffering on;
             proxy_redirect off;
             proxy_http_version 1.1;
@@ -53,27 +101,12 @@
             proxy_set_header Connection $connection_upgrade;
             proxy_cache CACHE;
             proxy_cache_valid 200 7d;
+            proxy_cache_valid 410 24h;
             proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
             add_header X-Cached $upstream_cache_status;
-            add_header Strict-Transport-Security max-age=31536000;
-            add_header Referrer-Policy "no-referrer, strict-origin-when-cross-origin";
             tcp_nodelay on;
           }
-        - location /api/v1/streaming {
-            proxy_set_header Host $host;
-            proxy_set_header X-Real-IP $remote_addr;
-            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-            proxy_set_header X-Forwarded-Proto https;
-            proxy_pass http://127.0.0.1:4000;
-            proxy_buffering off;
-            proxy_redirect off;
-            proxy_http_version 1.1;
-            proxy_set_header Upgrade $http_upgrade;
-            proxy_set_header Connection $connection_upgrade;
-            tcp_nodelay on;
-          }
-        - error_page 500 501 502 503 504 /500.html
-
+        - error_page 404 500 501 502 503 504 /500.html
     nginx_configs:
       gzip:
         - gzip on
@@ -96,6 +129,13 @@
         - ssl_session_timeout 1d
         - ssl_session_cache shared:SSL:50m
         - ssl_session_tickets off
+      upstreams:
+        - upstream backend {
+            server 127.0.0.1:3000 fail_timeout=0;
+          }
+        - upstream streaming {
+            server 127.0.0.1:4000 fail_timeout=0;
+          }
     nginx_snippets:
       blockbots:
         - if ($http_user_agent ~* (LanaiBotmarch|lanaibot|TinyTestBot|TinyBotTestUA) ) {