backup brotli modules for the future

2025-04-26 03:25:22 -04:00 · 2022-12-12 11:38:27 -05:00 · 2022-12-12 11:38:27 -05:00 · d49c1e3e99
commit d49c1e3e99
parent 68386a800a
4 changed files with 7 additions and 6 deletions
--- a/etc/nginx/modules/ngx_http_brotli_filter_module.so
+++ b/etc/nginx/modules/ngx_http_brotli_filter_module.so
--- a/etc/nginx/modules/ngx_http_brotli_static_module.so
+++ b/etc/nginx/modules/ngx_http_brotli_static_module.so
--- a/etc/nginx/nginx.conf
+++ b/etc/nginx/nginx.conf
@ -2,7 +2,8 @@ user mastodon; # changed from 'nginx'
 worker_processes auto;
 pid /run/nginx.pid;

-# jake: added
+# compiled brotli modules from https://github.com/google/ngx_brotli
+# see: https://github.com/jakejarvis/mastodon-scripts/wiki/Brotli-compression-for-nginx
 load_module modules/ngx_http_brotli_filter_module.so;
 load_module modules/ngx_http_brotli_static_module.so;

--- a/etc/nginx/sites-available/mastodon.conf
+++ b/etc/nginx/sites-available/mastodon.conf
@ -39,7 +39,7 @@ server {
  include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
  ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

-  # jake: added
+  # https://ssl-config.mozilla.org/#server=nginx&version=1.22.1&config=intermediate&openssl=1.1.1f&guideline=5.6
  ssl_stapling on;
  ssl_stapling_verify on;
  ssl_trusted_certificate /etc/letsencrypt/live/fediverse.jarv.is/chain.pem;
@ -87,19 +87,19 @@ server {

  location = /sw.js {
    add_header Cache-Control "public, max-age=604800, must-revalidate";
-    add_header Strict-Transport-Security "max-age=63072000; includeSubDomains" always;
+    add_header Strict-Transport-Security "max-age=63072000" always;
    try_files $uri =404;
  }

  location ~ ^/(assets|avatars|emoji|headers|packs|shortcuts|sounds)/ {
    add_header Cache-Control "public, max-age=2419200, must-revalidate";
-    add_header Strict-Transport-Security "max-age=63072000; includeSubDomains" always;
+    add_header Strict-Transport-Security "max-age=63072000" always;
    try_files $uri =404;
  }

  location ~ ^/system/ {
    add_header Cache-Control "public, max-age=2419200, immutable";
-    add_header Strict-Transport-Security "max-age=63072000; includeSubDomains" always;
+    add_header Strict-Transport-Security "max-age=63072000" always;
    try_files $uri =404;
  }

@ -117,7 +117,7 @@ server {
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection $connection_upgrade;

-    add_header Strict-Transport-Security "max-age=63072000; includeSubDomains" always;
+    add_header Strict-Transport-Security "max-age=63072000" always;

    # debugging
    add_header Via "1.1 $proxy_host" always;