Merge pull request #3338 from Minnozz/fix-nginx-location

Make nginx config safer
2024-05-05 01:59:01 +00:00 · 2024-04-03 19:22:16 +02:00 · 2024-04-03 19:22:16 +02:00 · 5082806b82
parent d1d91f0c2b 75bc4f8cb0
commit 5082806b82
2 changed files with 19 additions and 21 deletions
--- a/nginx/development
+++ b/nginx/development
@ -64,7 +64,7 @@ server {
    # directly serve static files from the
    # bookwyrm filesystem using sendfile.
    # make the logs quieter by not reporting these requests
-    location ~ ^/static/ {
+    location /static/ {
        root /app;
        try_files $uri =404;
        add_header X-Cache-Status STATIC;
@ -72,15 +72,14 @@ server {
    }

    # same with image files not in static folder
-    location ~ \.(bmp|ico|jpg|jpeg|png|svg|tif|tiff|webp)$ {
-        root /app;
-        try_files $uri =404;
-        add_header X-Cache-Status STATIC;
-        access_log off;
-    }
-
-    # block access to any non-image files from images
-    location ~ ^/images/ {
+    location /images/ {
+        location ~ \.(bmp|ico|jpg|jpeg|png|svg|tif|tiff|webp)$ {
+            root /app;
+            try_files $uri =404;
+            add_header X-Cache-Status STATIC;
+            access_log off;
+        }
+        # block access to any non-image files from images
        return 403;
    }

--- a/nginx/production
+++ b/nginx/production
@ -96,23 +96,22 @@ server {
 #     # directly serve static files from the
 #     # bookwyrm filesystem using sendfile.
 #     # make the logs quieter by not reporting these requests
-#     location ~ ^/static/ {
+#     location /static/ {
 #         root /app;
 #         try_files $uri =404;
 #         add_header X-Cache-Status STATIC;
 #         access_log off;
 #     }
-
+#
 #     # same with image files not in static folder
-#     location ~ \.(bmp|ico|jpg|jpeg|png|svg|tif|tiff|webp)$ {
-#         root /app;
-#         try_files $uri =404;
-#         add_header X-Cache-Status STATIC;
-#         access_log off;
-#     }
-
-#     # block access to any non-image files from images
-#     location ~ ^/images/ {
+#     location /images/ {
+#         location ~ \.(bmp|ico|jpg|jpeg|png|svg|tif|tiff|webp)$ {
+#             root /app;
+#             try_files $uri =404;
+#             add_header X-Cache-Status STATIC;
+#             access_log off;
+#         }
+#         # block access to any non-image files from images
 #         return 403;
 #     }
 #