Merge pull request #3338 from Minnozz/fix-nginx-location

Make nginx config safer
bookwyrm-social · Apr 3, 2024 · 5082806 · 5082806
2 parents d1d91f0 + 75bc4f8
commit 5082806
Show file tree

Hide file tree

Showing 2 changed files with 19 additions and 21 deletions.
diff --git a/nginx/development b/nginx/development
@@ -64,23 +64,22 @@ server {
     # directly serve static files from the
     # bookwyrm filesystem using sendfile.
     # make the logs quieter by not reporting these requests
-    location ~ ^/static/ {
+    location /static/ {
         root /app;
         try_files $uri =404;
         add_header X-Cache-Status STATIC;
         access_log off;
     }
 
     # same with image files not in static folder
-    location ~ \.(bmp|ico|jpg|jpeg|png|svg|tif|tiff|webp)$ {
-        root /app;
-        try_files $uri =404;
-        add_header X-Cache-Status STATIC;
-        access_log off;
-    }
-
-    # block access to any non-image files from images
-    location ~ ^/images/ {
+    location /images/ {
+        location ~ \.(bmp|ico|jpg|jpeg|png|svg|tif|tiff|webp)$ {
+            root /app;
+            try_files $uri =404;
+            add_header X-Cache-Status STATIC;
+            access_log off;
+        }
+        # block access to any non-image files from images
         return 403;
     }
 

diff --git a/nginx/production b/nginx/production
@@ -96,23 +96,22 @@ server {
 #     # directly serve static files from the
 #     # bookwyrm filesystem using sendfile.
 #     # make the logs quieter by not reporting these requests
-#     location ~ ^/static/ {
+#     location /static/ {
 #         root /app;
 #         try_files $uri =404;
 #         add_header X-Cache-Status STATIC;
 #         access_log off;
 #     }
-
+#
 #     # same with image files not in static folder
-#     location ~ \.(bmp|ico|jpg|jpeg|png|svg|tif|tiff|webp)$ {
-#         root /app;
-#         try_files $uri =404;
-#         add_header X-Cache-Status STATIC;
-#         access_log off;
-#     }
-
-#     # block access to any non-image files from images
-#     location ~ ^/images/ {
+#     location /images/ {
+#         location ~ \.(bmp|ico|jpg|jpeg|png|svg|tif|tiff|webp)$ {
+#             root /app;
+#             try_files $uri =404;
+#             add_header X-Cache-Status STATIC;
+#             access_log off;
+#         }
+#         # block access to any non-image files from images
 #         return 403;
 #     }
 #