diff --git a/nginx-mempool.conf b/nginx-mempool.conf index 7514a6dc5..9e441f277 100644 --- a/nginx-mempool.conf +++ b/nginx-mempool.conf @@ -5,26 +5,35 @@ index index.html; + # enable browser and proxy caching + add_header Cache-Control "public, no-transform"; + + # vary cache if user changes language preference + add_header Vary Accept-Language; + add_header Vary Cookie; + # fallback for all URLs i.e. /address/foo /tx/foo /block/000 location / { - add_header Vary Cookie; try_files /$lang/$uri /$lang/$uri/ $uri $uri/ /en-US/$uri @index-redirect; + expires 10m; + } + location /resources { + try_files /$lang/$uri /$lang/$uri/ $uri $uri/ /en-US/$uri @index-redirect; + expires 1h; } location @index-redirect { - add_header Vary Cookie; rewrite (.*) /$lang/index.html; } # location block using regex are matched in order # used to rewrite resources from // to /en-US/ - location ~ ^/(ar|bg|bs|ca|cs|da|de|et|el|es|eo|eu|fa|fr|gl|ko|hr|id|it|he|ka|lv|lt|hu|mk|ms|nl|ja|ka|no|nb|nn|pl|pt|pt-BR|ro|ru|sk|sl|sr|sh|fi|sv|th|tr|uk|vi|zh)/resources/ { - add_header Vary Cookie; + location ~ ^/(ar|bg|bs|ca|cs|da|de|et|el|es|eo|eu|fa|fr|gl|ko|hr|id|it|he|ka|lv|lt|hu|mk|ms|nl|ja|nb|nn|pl|pt|pt-BR|ro|ru|sk|sl|sr|sh|fi|sv|th|tr|uk|vi|zh|hi)/resources/ { rewrite ^/[a-zA-Z-]*/resources/(.*) /en-US/resources/$1; } # used for cookie override - location ~ ^/(ar|bg|bs|ca|cs|da|de|et|el|es|eo|eu|fa|fr|gl|ko|hr|id|it|he|ka|lv|lt|hu|mk|ms|nl|ja|ka|no|nb|nn|pl|pt|pt-BR|ro|ru|sk|sl|sr|sh|fi|sv|th|tr|uk|vi|zh)/ { - add_header Vary Cookie; + location ~ ^/(ar|bg|bs|ca|cs|da|de|et|el|es|eo|eu|fa|fr|gl|ko|hi|hr|id|it|he|ka|lv|lt|hu|mk|ms|nl|ja|ka|no|nb|nn|pl|pt|pt-BR|ro|ru|sk|sl|sr|sh|fi|sv|th|tr|uk|vi|zh)/ { + location ~ ^/(ar|bg|bs|ca|cs|da|de|et|el|es|eo|eu|fa|fr|gl|ko|hr|id|it|he|ka|lv|lt|hu|mk|ms|nl|ja|nb|nn|pl|pt|pt-BR|ro|ru|sk|sl|sr|sh|fi|sv|th|tr|uk|vi|zh|hi)/ { try_files $uri $uri/ /$1/index.html =404; } diff --git a/nginx.conf b/nginx.conf index 4b932adee..d091c37fe 100644 --- a/nginx.conf +++ b/nginx.conf @@ -93,6 +93,7 @@ http { ~*^nb nb; ~*^pl pl; ~*^pt pt; + ~*^ru ru; ~*^sl sl; ~*^fi fi; ~*^sv sv; @@ -100,7 +101,7 @@ http { ~*^uk uk; ~*^vi vi; ~*^zh zh; - ~*^ru ru; + ~*^hi hi; } map $cookie_lang $lang { @@ -123,6 +124,7 @@ http { ~*^nb nb; ~*^pl pl; ~*^pt pt; + ~*^ru ru; ~*^sl sl; ~*^fi fi; ~*^sv sv; @@ -130,7 +132,7 @@ http { ~*^uk uk; ~*^vi vi; ~*^zh zh; - ~*^ru ru; + ~*^hi hi; } server { diff --git a/production/nginx-mempool.conf b/production/nginx-mempool.conf index 8a5759bd4..e2474199f 100644 --- a/production/nginx-mempool.conf +++ b/production/nginx-mempool.conf @@ -2,9 +2,13 @@ index index.html; + # tor onion redirect add_header Onion-Location http://mempoolhqx4isw62xs7abwphsq7ldayuidyx2v2oethdhhj6mlo2r6ad.onion$request_uri; + + # HSTS preload enable add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"; + # generate frame configuration from origin header set $frameOptions "DENY"; set $contentSecurityPolicy "frame-ancestors 'none'"; if ($http_referer ~ ^https://mempool.space/) @@ -17,47 +21,44 @@ set $frameOptions "ALLOW-FROM https://mempool.ninja"; set $contentSecurityPolicy "frame-ancestors https://mempool.ninja"; } - if ($http_referer ~ ^https://node100.bitcoin.wiz.biz/) - { - set $frameOptions "ALLOW-FROM https://node100.bitcoin.wiz.biz"; - set $contentSecurityPolicy "frame-ancestors https://node100.bitcoin.wiz.biz"; - } if ($http_referer ~ ^https://wiz.biz/) { set $frameOptions "ALLOW-FROM https://wiz.biz"; set $contentSecurityPolicy "frame-ancestors https://wiz.biz"; } + # restrict usage of frames add_header X-Frame-Options $frameOptions; add_header Content-Security-Policy $contentSecurityPolicy; + # enable browser and proxy caching + add_header Cache-Control "public, no-transform"; + + # vary cache if user changes language preference + add_header Vary Accept-Language; + add_header Vary Cookie; + # fallback for all URLs i.e. /address/foo /tx/foo /block/000 location / { try_files /$lang/$uri /$lang/$uri/ $uri $uri/ /en-US/$uri @index-redirect; - add_header Cache-Control "public, no-transform"; - add_header Vary Cookie; expires 10m; } location /resources { try_files /$lang/$uri /$lang/$uri/ $uri $uri/ /en-US/$uri @index-redirect; - add_header Cache-Control "public, no-transform"; - add_header Vary Cookie; expires 1h; } location @index-redirect { - add_header Vary Cookie; rewrite (.*) /$lang/index.html; } # location block using regex are matched in order # used to rewrite resources from // to /en-US/ - location ~ ^/(ar|bg|bs|ca|cs|da|de|et|el|es|eo|eu|fa|fr|gl|ko|hr|id|it|he|ka|lv|lt|hu|mk|ms|nl|ja|ka|no|nb|nn|pl|pt|pt-BR|ro|ru|sk|sl|sr|sh|fi|sv|th|tr|uk|vi|zh)/resources/ { + location ~ ^/(ar|bg|bs|ca|cs|da|de|et|el|es|eo|eu|fa|fr|gl|ko|hr|id|it|he|ka|lv|lt|hu|mk|ms|nl|ja|nb|nn|pl|pt|pt-BR|ro|ru|sk|sl|sr|sh|fi|sv|th|tr|uk|vi|zh|hi)/resources/ { rewrite ^/[a-zA-Z-]*/resources/(.*) /en-US/resources/$1; } # used for cookie override - location ~ ^/(ar|bg|bs|ca|cs|da|de|et|el|es|eo|eu|fa|fr|gl|ko|hr|id|it|he|ka|lv|lt|hu|mk|ms|nl|ja|ka|no|nb|nn|pl|pt|pt-BR|ro|ru|sk|sl|sr|sh|fi|sv|th|tr|uk|vi|zh)/ { - add_header Vary Cookie; + location ~ ^/(ar|bg|bs|ca|cs|da|de|et|el|es|eo|eu|fa|fr|gl|ko|hr|id|it|he|ka|lv|lt|hu|mk|ms|nl|ja|nb|nn|pl|pt|pt-BR|ro|ru|sk|sl|sr|sh|fi|sv|th|tr|uk|vi|zh|hi)/ { try_files $uri $uri/ /$1/index.html =404; } diff --git a/production/nginx.conf b/production/nginx.conf index dc68ef6b6..2b440e2fe 100644 --- a/production/nginx.conf +++ b/production/nginx.conf @@ -104,6 +104,7 @@ http { ~*^nb nb; ~*^pl pl; ~*^pt pt; + ~*^ru ru; ~*^sl sl; ~*^fi fi; ~*^sv sv; @@ -111,7 +112,7 @@ http { ~*^uk uk; ~*^vi vi; ~*^zh zh; - ~*^ru ru; + ~*^hi hi; } map $cookie_lang $lang { @@ -134,6 +135,7 @@ http { ~*^nb nb; ~*^pl pl; ~*^pt pt; + ~*^ru ru; ~*^sl sl; ~*^fi fi; ~*^sv sv; @@ -141,7 +143,7 @@ http { ~*^uk uk; ~*^vi vi; ~*^zh zh; - ~*^ru ru; + ~*^hi hi; } upstream electrs-mainnet {