# prepare for letsencrypt # https://community.centminmod.com/posts/17774/ location ~ /.well-known { location ~ /.well-known/acme-challenge/(.*) { more_set_headers "Content-Type: text/plain"; } } location ~* \.(gif|jpg|jpeg|png|ico)$ { gzip_static off; #add_header Pragma public; #add_header X-Frame-Options SAMEORIGIN; #add_header X-Xss-Protection "1; mode=block" always; #add_header X-Content-Type-Options "nosniff" always; add_header Access-Control-Allow-Origin *; add_header Cache-Control "public, must-revalidate, proxy-revalidate, immutable, stale-while-revalidate=86400, stale-if-error=604800"; access_log off; expires 30d; break; } location ~* \.(3gp|wmv|avi|asf|asx|mpg|mpeg|mp4|pls|mp3|mid|wav|swf|flv|exe|zip|tar|rar|gz|tgz|bz2|uha|7z|doc|docx|xls|xlsx|pdf|iso|test|bin)$ { gzip_static off; sendfile off; sendfile_max_chunk 1m; #add_header Pragma public; #add_header X-Frame-Options SAMEORIGIN; #add_header X-Xss-Protection "1; mode=block" always; #add_header X-Content-Type-Options "nosniff" always; add_header Access-Control-Allow-Origin *; add_header Cache-Control "public, must-revalidate, proxy-revalidate, immutable, stale-while-revalidate=86400, stale-if-error=604800"; access_log off; expires 30d; break; } location ~* \.(js|json)$ { #add_header Pragma public; #add_header X-Frame-Options SAMEORIGIN; #add_header X-Xss-Protection "1; mode=block" always; #add_header X-Content-Type-Options "nosniff" always; #add_header Referrer-Policy "strict-origin-when-cross-origin"; add_header Access-Control-Allow-Origin *; add_header Cache-Control "public, must-revalidate, proxy-revalidate, immutable, stale-while-revalidate=86400, stale-if-error=604800"; access_log off; expires 30d; break; } location ~* \.(css)$ { #add_header Pragma public; #add_header X-Frame-Options SAMEORIGIN; #add_header X-Xss-Protection "1; mode=block" always; #add_header X-Content-Type-Options "nosniff" always; #add_header Referrer-Policy "strict-origin-when-cross-origin"; add_header Access-Control-Allow-Origin *; add_header Cache-Control "public, must-revalidate, proxy-revalidate, immutable, stale-while-revalidate=86400, stale-if-error=604800"; access_log off; expires 30d; break; } # location ~* \.(html|htm|txt)$ { #add_header Pragma public; #add_header X-Frame-Options SAMEORIGIN; #add_header X-Xss-Protection "1; mode=block" always; #add_header X-Content-Type-Options "nosniff" always; #add_header Referrer-Policy "strict-origin-when-cross-origin"; #add_header Cache-Control "public, must-revalidate, proxy-revalidate"; #access_log off; #expires 1d; #break; # } location ~* \.(eot|svg|ttf|woff|woff2)$ { #add_header Pragma public; #add_header X-Frame-Options SAMEORIGIN; #add_header X-Xss-Protection "1; mode=block" always; #add_header X-Content-Type-Options "nosniff" always; #add_header Referrer-Policy "strict-origin-when-cross-origin"; add_header Access-Control-Allow-Origin *; add_header Cache-Control "public, must-revalidate, proxy-revalidate"; access_log off; expires 365d; break; }