From d0e6322f9edf328ad9951682649d4da47c93419f Mon Sep 17 00:00:00 2001
From: Knowit <charles2023@qq.com>
Date: Sun, 3 May 2026 03:18:24 +0800
Subject: [PATCH] nginx: stamp must-revalidate on the HTML entrypoint

The Cache-Control on `location = /facere.html` wasn't reaching
browsers because requests for `/` matched `location = /` and never
fell into the named location even with try_files. Set the header
on both, with `always` so it applies to all response codes.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
---
 deploy/conf.d/default.conf | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/deploy/conf.d/default.conf b/deploy/conf.d/default.conf
index 8d24970..91d01dd 100644
--- a/deploy/conf.d/default.conf
+++ b/deploy/conf.d/default.conf
@@ -13,14 +13,15 @@ server {
     location ^~ /deploy/   { deny all; return 404; }
     location = /deploy-pull.sh { deny all; return 404; }
 
-    location = / {
-        try_files /facere.html =404;
-    }
-
     # The HTML entrypoint must NOT cache long — it carries the
     # ?v=… cache-busting tags that everything else relies on.
+    location = / {
+        add_header Cache-Control "public, max-age=0, must-revalidate" always;
+        expires off;
+        try_files /facere.html =404;
+    }
     location = /facere.html {
-        add_header Cache-Control "public, max-age=0, must-revalidate";
+        add_header Cache-Control "public, max-age=0, must-revalidate" always;
         expires off;
     }