From dd77e6a951560394a0ebc93caf70dde03d7756f6 Mon Sep 17 00:00:00 2001
From: "Leandro F. L." <lfluvisotto@gmail.com>
Date: Tue, 1 Oct 2024 19:49:28 -0300
Subject: [PATCH] Updating nginx magento2.conf according to latest version of
 nginx.conf in Magento 2 Open Source repository

---
 nginx/etc/nginx/available.d/magento2.conf | 28 +++++++++++++++--------
 1 file changed, 19 insertions(+), 9 deletions(-)

diff --git a/nginx/etc/nginx/available.d/magento2.conf b/nginx/etc/nginx/available.d/magento2.conf
index 3620a98..ce1ae0a 100644
--- a/nginx/etc/nginx/available.d/magento2.conf
+++ b/nginx/etc/nginx/available.d/magento2.conf
@@ -51,7 +51,7 @@ location / {
 }
 
 location /pub/ {
-    location ~ ^/pub/media/(downloadable|customer|import|theme_customization/.*\.xml) {
+    location ~ ^/pub/media/(downloadable|customer|import|custom_options|theme_customization/.*\.xml) {
         deny all;
     }
     alias $MAGE_ROOT/pub/;
@@ -63,18 +63,18 @@ location /static/ {
     # expires max;
 
     # Remove signature of the static files that is used to overcome the browser cache
-    location ~ ^/static/version {
-        rewrite ^/static/(version[^/]+/)?(.*)$ /static/$2 last;
+    location ~ ^/static/version\d*/ {
+        rewrite ^/static/version\d*/(.*)$ /static/$1 last;
     }
 
-    location ~* \.(ico|jpg|jpeg|png|gif|svg|js|css|swf|eot|ttf|otf|woff|woff2|json)$ {
+    location ~* \.(ico|jpg|jpeg|png|gif|svg|svgz|webp|avif|avifs|js|css|eot|ttf|otf|woff|woff2|html|json|webmanifest)$ {
         add_header Cache-Control "public";
         add_header X-Frame-Options "SAMEORIGIN";
         add_header Access-Control-Allow-Origin "*";     # Allow use from CDN origin
         expires +1y;
 
         if (!-f $request_filename) {
-            rewrite ^/static/?(.*)$ /static.php?resource=$1 last;
+            rewrite ^/static/(version\d*/)?(.*)$ /static.php?resource=$2 last;
         }
     }
 
@@ -84,11 +84,11 @@ location /static/ {
         expires    off;
 
         if (!-f $request_filename) {
-           rewrite ^/static/?(.*)$ /static.php?resource=$1 last;
+           rewrite ^/static/(version\d*/)?(.*)$ /static.php?resource=$2 last;
         }
     }
     if (!-f $request_filename) {
-        rewrite ^/static/?(.*)$ /static.php?resource=$1 last;
+        rewrite ^/static/(version\d*/)?(.*)$ /static.php?resource=$2 last;
     }
     add_header X-Frame-Options "SAMEORIGIN";
 }
@@ -106,7 +106,7 @@ location /media/ {
         deny all;
     }
 
-    location ~* \.(ico|jpg|jpeg|png|gif|svg|js|css|swf|eot|ttf|otf|woff|woff2)$ {
+    location ~* \.(ico|jpg|jpeg|png|gif|svg|svgz|webp|avif|avifs|js|css|eot|ttf|otf|woff|woff2)$ {
         add_header Cache-Control "public";
         add_header X-Frame-Options "SAMEORIGIN";
         expires +1y;
@@ -133,6 +133,16 @@ location /media/import/ {
     deny all;
 }
 
+location /media/custom_options/ {
+    deny all;
+}
+
+location /errors/ {
+    location ~* \.xml$ {
+        deny all;
+    }
+}
+
 location ~* ^/dev/tests/acceptance/utils($|/) {
     root $MAGE_ROOT;
 
@@ -189,6 +199,6 @@ gzip_types
 gzip_vary on;
 
 # Banned locations (only reached if the earlier PHP entry point regexes don't match)
-location ~* (\.php$|\.htaccess$|\.git) {
+location ~* (\.php$|\.phtml$|\.htaccess$|\.htpasswd$|\.git) {
     deny all;
 }