Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update hb5p configs #1406

Merged
merged 4 commits into from
Jul 20, 2022
Merged

Update hb5p configs #1406

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
e3327d6
Update hb5p cache expiration conf
swalkinshaw Jul 19, 2022
c5320cf
Update cross origin requests confs
swalkinshaw Jul 19, 2022
a36214c
Update mime types
swalkinshaw Jul 19, 2022
8c0dee6
[skip ci] Update CHANGELOG
swalkinshaw Jul 20, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,3 +1,6 @@
### HEAD
* Fix #905, #831 - Update hb5p Nginx configs ([#1406](https://github.com/roots/trellis/pull/1406))

### 1.16.0: July 18th, 2022
* Fix Ansible 6 support - remove broken and unused `cli` import ([#1404](https://github.com/roots/trellis/pull/1404))
* Fix #1400 - update shared path permission ([#1403](https://github.com/roots/trellis/pull/1403))
Expand Down
61 changes: 61 additions & 0 deletions roles/nginx/templates/h5bp/directive-only/cache_expiration.conf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,61 @@
map $sent_http_content_type $expires {
default 1y;

# No content
"" off;

# CSS
~*text/css 1y;

# Data interchange
~*application/atom\+xml 1h;
~*application/rdf\+xml 1h;
~*application/rss\+xml 1h;

~*application/json 0;
~*application/ld\+json 0;
~*application/schema\+json 0;
~*application/geo\+json 0;
~*application/xml 0;
~*text/calendar 0;
~*text/xml 0;

# Favicon (cannot be renamed!) and cursor images
~*image/vnd.microsoft.icon 1w;
~*image/x-icon 1w;

# HTML
~*text/html 0;

# JavaScript
~*application/javascript 1y;
~*application/x-javascript 1y;
~*text/javascript 1y;

# Manifest files
~*application/manifest\+json 1w;
~*application/x-web-app-manifest\+json 0;
~*text/cache-manifest 0;

# Markdown
~*text/markdown 0;

# Media files
~*audio/ 1y;
~*image/ 1y;
~*video/ 1y;

# WebAssembly
~*application/wasm 1y;

# Web fonts
~*font/ 1y;
~*application/vnd.ms-fontobject 1y;
~*application/x-font-ttf 1y;
~*application/x-font-woff 1y;
~*application/font-woff 1y;
~*application/font-woff2 1y;

# Other
~*text/x-cross-domain-policy 1w;
}
14 changes: 0 additions & 14 deletions roles/nginx/templates/h5bp/directive-only/cross-domain-insecure.conf
View file
Open in desktop

This file was deleted.

18 changes: 18 additions & 0 deletions roles/nginx/templates/h5bp/directive-only/cross-origin-requests.conf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
# ----------------------------------------------------------------------
# | Cross-origin requests |
# ----------------------------------------------------------------------

# Allow cross-origin requests.
#
# https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS
# https://enable-cors.org/
# https://www.w3.org/TR/cors/

# (!) Do not use this without understanding the consequences.
# This will permit access from any other website.
# Instead of using this file, consider using a specific rule such as
# allowing access based on (sub)domain:
#
# add_header Access-Control-Allow-Origin "subdomain.example.com";

add_header Access-Control-Allow-Origin $cors;
45 changes: 0 additions & 45 deletions roles/nginx/templates/h5bp/location/expires.conf
View file
Open in desktop

This file was deleted.

41 changes: 21 additions & 20 deletions roles/nginx/templates/h5bp/mime.types
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,15 +6,21 @@ types {
application/json json map topojson;
application/ld+json jsonld;
application/rss+xml rss;
application/vnd.geo+json geojson;
application/xml rdf xml;
# Normalize to standard type.
# https://tools.ietf.org/html/rfc7946#section-12
application/geo+json geojson;
application/xml xml;
# Normalize to standard type.
# https://tools.ietf.org/html/rfc3870#section-2
application/rdf+xml rdf;


# JavaScript

# Normalize to standard type.
# https://tools.ietf.org/html/rfc4329#section-7.2
application/javascript js mjs;
# Servers should use text/javascript for JavaScript resources.
# https://html.spec.whatwg.org/multipage/scripting.html#scriptingLanguages
text/javascript js mjs;
application/wasm wasm;


# Manifest files
Expand All @@ -32,9 +38,12 @@ types {
audio/ogg oga ogg opus;
audio/x-realaudio ra;
audio/x-wav wav;
image/apng apng;
image/avif avif avifs;
image/bmp bmp;
image/gif gif;
image/jpeg jpeg jpg;
image/jxl jxl;
image/jxr jxr hdp wdp;
image/png png;
image/svg+xml svg svgz;
Expand All @@ -51,7 +60,6 @@ types {
video/x-flv flv;
video/x-mng mng;
video/x-ms-asf asf asx;
video/x-ms-wmv wmv;
video/x-msvideo avi;

# Serving `.ico` image files with a different media type
Expand All @@ -73,20 +81,12 @@ types {

# Web fonts

application/font-woff woff;
application/font-woff2 woff2;
font/woff woff;
font/woff2 woff2;
application/vnd.ms-fontobject eot;

# Browsers usually ignore the font media types and simply sniff
# the bytes to figure out the font type.
# https://mimesniff.spec.whatwg.org/#matching-a-font-type-pattern
#
# However, Blink and WebKit based browsers will show a warning
# in the console if the following font types are served with any
# other media types.

application/x-font-ttf ttc ttf;
font/opentype otf;
font/ttf ttf;
font/collection ttc;
font/otf otf;


# Other
Expand Down Expand Up @@ -122,10 +122,11 @@ types {
application/xhtml+xml xhtml;
application/xslt+xml xsl;
application/zip zip;
text/calendar ics;
text/css css;
text/csv csv;
text/html htm html shtml;
text/markdown md;
text/markdown md markdown;
text/mathml mml;
text/plain txt;
text/vcard vcard vcf;
Expand Down
29 changes: 29 additions & 0 deletions roles/nginx/templates/nginx.conf.j2
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -204,6 +204,35 @@ http {
include includes.d/http/*.conf;
{% endblock -%}

# Add Access-Control-Allow-Origin.
# h5bp/directive-only/cross-origin-requests.conf
map $sent_http_content_type $cors {
# Images
image/bmp "*";
image/gif "*";
image/jpeg "*";
image/png "*";
image/svg+xml "*";
image/webp "*";
image/x-icon "*";

# Web fonts
font/collection "*";
application/vnd.ms-fontobject "*";
font/eot "*";
font/opentype "*";
font/otf "*";
application/x-font-ttf "*";
font/ttf "*";
application/font-woff "*";
application/x-font-woff "*";
font/woff "*";
application/font-woff2 "*";
font/woff2 "*";
}

include h5bp/directive-only/cache_expiration.conf;

{% block sites_enabled -%}
# Include files in the sites-enabled folder. server{} configuration files should be
# placed in the sites-available folder, and then the configuration should be enabled
Expand Down
4 changes: 2 additions & 2 deletions roles/wordpress-setup/templates/wordpress-site.conf.j2
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -190,11 +190,11 @@ server {
{% endif -%}

{% if h5bp_cross_domain_fonts_enabled -%}
include h5bp/location/cross-domain-fonts.conf;
include h5bp/directive-only/cross-origin-requests.conf;
{% endif -%}

{% if h5bp_expires_enabled -%}
include h5bp/location/expires.conf;
expires $expires;
{% endif -%}

{% if h5bp_protect_system_files_enabled -%}
Expand Down