Drop nested location blocks from nginx vhost overrides — they 404 assets
The first version of vhost.d/<host>_location nested four `location { … }`
blocks (for /_astro/, images, /sw.js, /llms.txt) inside the proxy's
generated `location / { … }` to set Cache-Control. nginx accepts the
syntax, but a nested location with no `proxy_pass` directive falls through
to filesystem root and 404s the asset — which is why CSS / JS / images
were missing on the live site even though the HTML loaded fine.
Astro already emits sensible Cache-Control on hashed _astro bundles, so
we don't need the proxy to set them. Removed all four nested blocks; the
vhost.d files now only carry proxy headers, gzip, and security headers,
all of which are valid inside a location {} block without proxy_pass.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
stephan
@@ -1,9 +1,13 @@
|
||||
# =============================================================================
|
||||
# nginx vhost-location override for www.nibiru-framework.com
|
||||
#
|
||||
# Same hardening + caching rules as the apex (nibiru-framework.com_location).
|
||||
# Kept as a separate file so the proxy applies them per-vhost — the www and
|
||||
# apex containers each get their own server block in the generated config.
|
||||
# Same hardening + headers as the apex (nibiru-framework.com_location).
|
||||
# Kept as a separate file so the proxy applies them per-vhost.
|
||||
#
|
||||
# IMPORTANT: do NOT add nested `location { … }` blocks here. nginx allows
|
||||
# the syntax, but a nested location with no `proxy_pass` falls through to
|
||||
# filesystem root and 404s the asset. Astro already sets sane
|
||||
# Cache-Control on hashed bundles; the proxy doesn't need to second-guess.
|
||||
#
|
||||
# If you ever decide to redirect www → apex (SEO canonical-URL pattern)
|
||||
# instead of serving from a second container, replace this file's contents
|
||||
@@ -57,27 +61,3 @@ add_header X-Content-Type-Options "nosniff" always;
|
||||
add_header X-Frame-Options "SAMEORIGIN" always;
|
||||
add_header Referrer-Policy "strict-origin-when-cross-origin" always;
|
||||
add_header Permissions-Policy "camera=(), microphone=(), geolocation=()" always;
|
||||
|
||||
# Hashed Astro/Starlight assets — 1 year, immutable.
|
||||
location ~* ^/_astro/ {
|
||||
expires 1y;
|
||||
add_header Cache-Control "public, immutable, max-age=31536000";
|
||||
}
|
||||
|
||||
# Static images / fonts — 30 days.
|
||||
location ~* \.(png|jpg|jpeg|gif|webp|avif|ico|svg|woff|woff2|ttf|otf)$ {
|
||||
expires 30d;
|
||||
add_header Cache-Control "public, max-age=2592000";
|
||||
}
|
||||
|
||||
# Service worker — never cache.
|
||||
location = /sw.js {
|
||||
expires off;
|
||||
add_header Cache-Control "no-store, no-cache, must-revalidate";
|
||||
}
|
||||
|
||||
# llms.txt — short cache for AI crawlers.
|
||||
location = /llms.txt {
|
||||
expires 1d;
|
||||
add_header Cache-Control "public, max-age=86400";
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user