fix(nginx): cleanup all nginx config files NOCHANGELOG

front/docker/funkwhale.conf.template

@@ -2,7 +2,6 @@ upstream funkwhale-api {
     server ${FUNKWHALE_API_HOST}:${FUNKWHALE_API_PORT};
 }
 
-
 # Required for websocket support.
 map $http_upgrade $connection_upgrade {
     default upgrade;
@@ -10,17 +9,44 @@ map $http_upgrade $connection_upgrade {
 }
 
 server {
-    listen 80;
-    server_name ${FUNKWHALE_HOSTNAME};
+    listen      80;
+    listen [::]:80;
+    charset     utf-8;
+    server_name _;
+
+    add_header Content-Security-Policy "default-src 'self'; connect-src https: wss: http: ws: 'self' 'unsafe-eval'; script-src 'self' 'wasm-unsafe-eval'; style-src https: http: 'self' 'unsafe-inline'; img-src https: http: 'self' data:; font-src https: http: 'self' data:; media-src https: http: 'self' data:; object-src 'none'";
+    add_header Referrer-Policy "strict-origin-when-cross-origin";
+    add_header X-Frame-Options "SAMEORIGIN" always;
+    add_header Service-Worker-Allowed "/";
 
     root /usr/share/nginx/html;
 
-    # If you are using S3 to host your files, remember to add your S3 URL to the
-    # media-src and img-src headers (e.g. img-src 'self' https://<your-S3-URL> data:).
+    # compression settings
+    gzip on;
+    gzip_comp_level    5;
+    gzip_min_length    256;
+    gzip_proxied       any;
+    gzip_vary          on;
 
-    add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'wasm-unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' ${AWS_S3_ENDPOINT_URL} data:; font-src 'self' data:; object-src 'none'; media-src ${AWS_S3_ENDPOINT_URL} 'self' data:";
-    add_header Referrer-Policy "strict-origin-when-cross-origin";
-    add_header X-Frame-Options "SAMEORIGIN" always;
+    gzip_types
+        application/javascript
+        application/vnd.geo+json
+        application/vnd.ms-fontobject
+        application/x-font-ttf
+        application/x-web-app-manifest+json
+        font/opentype
+        image/bmp
+        image/svg+xml
+        image/x-icon
+        text/cache-manifest
+        text/css
+        text/plain
+        text/vcard
+        text/vnd.rim.location.xloc
+        text/vtt
+        text/x-component
+        text/x-cross-domain-policy;
+    # end of compression settings
 
     location / {
         include /etc/nginx/funkwhale_proxy.conf;
@@ -30,24 +56,16 @@ server {
     }
 
     location /front/ {
-        add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'wasm-unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' ${AWS_S3_ENDPOINT_URL} data:; font-src 'self' data:; object-src 'none'; media-src ${AWS_S3_ENDPOINT_URL} 'self' data:";
-        add_header Referrer-Policy "strict-origin-when-cross-origin";
-        add_header Service-Worker-Allowed "/";
         alias /usr/share/nginx/html/;
-        expires 30d;
-        add_header Pragma public;
-        add_header Cache-Control "public, must-revalidate, proxy-revalidate";
+        expires 1d;
     }
 
     location = /front/embed.html {
-        add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'wasm-unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' ${AWS_S3_ENDPOINT_URL} data:; font-src 'self' data:; object-src 'none'; media-src ${AWS_S3_ENDPOINT_URL} 'self' data:";
+        add_header Content-Security-Policy "connect-src https: http: 'self'; default-src 'self'; script-src 'self' unpkg.com 'unsafe-inline' 'unsafe-eval'; style-src https: http: 'self' 'unsafe-inline'; img-src https: http: 'self' data:; font-src https: http: 'self' data:; object-src 'none'; media-src https: http: 'self' data:";
         add_header Referrer-Policy "strict-origin-when-cross-origin";
 
-        add_header X-Frame-Options "" always;
         alias /usr/share/nginx/html/embed.html;
-        expires 30d;
-        add_header Pragma public;
-        add_header Cache-Control "public, must-revalidate, proxy-revalidate";
+        expires 1d;
     }
 
     location /federation/ {
@@ -94,9 +112,4 @@ server {
         alias   ${MUSIC_DIRECTORY_PATH}/;
         add_header Access-Control-Allow-Origin '*';
     }
-
-    location /staticfiles/ {
-        # Django static files
-        alias ${STATIC_ROOT}/;
-    }
 }