Disabling static asset cache nightmare

Zorro · September 5, 2025, 4:36pm

I’m confused that something as simple as disabling cache headers on static assets appears to not be possible without editing some funky config file whose path eludes me. I’m using what equates to a default Hestia install.

Since nginx handles static assets like CSS and JS, using mod_headers in my .htaccess doesn’t work for disabling cache on these files. So I created an nginx.conf_custom file and put it in /home/foobar/conf/web/portal.foobar.com/nginx.conf_custom. It contains:

location ~* .(jpg|jpeg|png|gif|ico|css|js|woff|woff2|ttf|svg|otf|eot)$ {
add_header Cache-Control “no-cache, no-store, must-revalidate” always;
add_header Pragma “no-cache” always;
add_header Expires 0 always;
}

I ran v-rebuild-web-domain foobar portal.foobar.com and sudo systemctl restart nginx and nothing has changed. The default template contains the expires max header that for some reason I can’t override.

#=========================================================================#
# Default Web Domain Template                                             #
# DO NOT MODIFY THIS FILE! CHANGES WILL BE LOST WHEN REBUILDING DOMAINS   #
# https://hestiacp.com/docs/server-administration/web-templates.html      #
#=========================================================================#

server {
        listen      %ip%:%proxy_ssl_port% ssl;
        server_name %domain_idn% %alias_idn%;
        error_log   /var/log/%web_system%/domains/%domain%.error.log error;

        ssl_certificate     %ssl_pem%;
        ssl_certificate_key %ssl_key%;
        ssl_stapling        on;
        ssl_stapling_verify on;

        # TLS 1.3 0-RTT anti-replay
        if ($anti_replay = 307) { return 307 https://$host$request_uri; }
        if ($anti_replay = 425) { return 425; }

        include %home%/%user%/conf/web/%domain%/nginx.hsts.conf*;

        location ~ /\.(?!well-known\/|file) {
                deny all;
                return 404;
        }

        location / {
                proxy_ssl_server_name on;
                proxy_ssl_name $host;
                proxy_pass https://%ip%:%web_ssl_port%;

                location ~* ^.+\.(%proxy_extensions%)$ {
                        try_files  $uri @fallback;

                        root       %sdocroot%;
                        access_log /var/log/%web_system%/domains/%domain%.log combined;
                        access_log /var/log/%web_system%/domains/%domain%.bytes bytes;

                        expires    max;
                }
        }

        location @fallback {
                proxy_ssl_server_name on;
                proxy_ssl_name $host;
                proxy_pass https://%ip%:%web_ssl_port%;
        }

        location /error/ {
                alias %home%/%user%/web/%domain%/document_errors/;
        }

        proxy_hide_header Upgrade;

        include %home%/%user%/conf/web/%domain%/nginx.ssl.conf_*;
}

What do I do here?