mirror of
https://github.com/mempool/mempool.git
synced 2024-12-30 18:24:25 +01:00
95 lines
2.8 KiB
Plaintext
95 lines
2.8 KiB
Plaintext
# angular builds to index.html
|
|
index index.html;
|
|
|
|
# tor onion redirect
|
|
add_header Onion-Location http://$onion.onion$request_uri;
|
|
|
|
# HSTS preload enable
|
|
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
|
|
|
|
# generate frame configuration from origin header
|
|
set $frameOptions "DENY";
|
|
set $contentSecurityPolicy "frame-ancestors 'none'";
|
|
|
|
# used for iframes on https://mempool.space/network
|
|
if ($http_referer ~ ^https://mempool.space/)
|
|
{
|
|
set $frameOptions "ALLOW-FROM https://mempool.space";
|
|
set $contentSecurityPolicy "frame-ancestors https://mempool.space";
|
|
}
|
|
# used for iframes on https://mempool.ninja/network
|
|
if ($http_referer ~ ^https://mempool.ninja/)
|
|
{
|
|
set $frameOptions "ALLOW-FROM https://mempool.ninja";
|
|
set $contentSecurityPolicy "frame-ancestors https://mempool.ninja";
|
|
}
|
|
# used for iframes on https://wiz.biz/bitcoin/nodes
|
|
if ($http_referer ~ ^https://wiz.biz/)
|
|
{
|
|
set $frameOptions "ALLOW-FROM https://wiz.biz";
|
|
set $contentSecurityPolicy "frame-ancestors https://wiz.biz";
|
|
}
|
|
|
|
# restrict usage of frames
|
|
add_header X-Frame-Options $frameOptions;
|
|
add_header Content-Security-Policy $contentSecurityPolicy;
|
|
|
|
# enable browser and proxy caching
|
|
add_header Pragma "public";
|
|
add_header Cache-Control "public";
|
|
|
|
# vary cache if user changes language preference
|
|
add_header Vary Accept-Language;
|
|
add_header Vary Cookie;
|
|
|
|
# see order of nginx location rules
|
|
# https://stackoverflow.com/questions/5238377/nginx-location-priority
|
|
|
|
# for exact / requests, redirect based on $lang
|
|
# cache redirect for 10 minutes
|
|
location = / {
|
|
if ($lang != '') {
|
|
return 302 $scheme://$host/$lang$uri;
|
|
}
|
|
try_files /en-US/index.html =404;
|
|
expires 10m;
|
|
}
|
|
|
|
# used to rewrite resources from /<lang>/ to /en-US/
|
|
# cache /resources/** for 1 week since they don't change often
|
|
location ~ ^/[a-z][a-z]/resources/(.*) {
|
|
try_files $uri /en-US/resources/$1 =404;
|
|
expires 1w;
|
|
}
|
|
# cache /<lang>/main.f40e91d908a068a2.js forever since they never change
|
|
location ~ ^/([a-z][a-z])/(.+\..+\.(js|css)) {
|
|
try_files $uri =404;
|
|
expires 1y;
|
|
}
|
|
# cache everything else for 10 minutes
|
|
location ~ ^/([a-z][a-z])$ {
|
|
try_files $uri /$1/index.html /en-US/index.html =404;
|
|
expires 10m;
|
|
}
|
|
location ~ ^/([a-z][a-z])/ {
|
|
try_files $uri /$1/index.html /en-US/index.html =404;
|
|
expires 10m;
|
|
}
|
|
|
|
# cache /resources/** for 1 week since they don't change often
|
|
location /resources {
|
|
try_files $uri /en-US/$uri /en-US/index.html;
|
|
expires 1w;
|
|
}
|
|
# cache /main.f40e91d908a068a2.js forever since they never change
|
|
location ~* ^/.+\..+\.(js|css) {
|
|
try_files /$lang/$uri /en-US/$uri =404;
|
|
expires 1y;
|
|
}
|
|
# catch-all for all URLs i.e. /address/foo /tx/foo /block/000
|
|
# cache 10 minutes since they change frequently
|
|
location / {
|
|
try_files /$lang/$uri $uri /en-US/$uri /en-US/index.html =404;
|
|
expires 10m;
|
|
}
|