hagrid-keyserver--hagrid/hagrid-routes.conf

# this routing file is included in the hagrid http block
# it is assumed that hagrid runs on localhost:8080

# To protect against DOS, we limit the size of possible uploads.
client_max_body_size 1m;
client_body_buffer_size 128k;

# Change all HTTP 502 errors into 500, to avoid being "marked as dead" by GnuPG
# if we ever get a spurious 502 (e.g. during a restart of hagrid).
# See https://gitlab.com/sequoia-pgp/hagrid/issues/94
error_page 502 =500 /502;
location /502 {
    return 500;
}

# for x-accel-redirect forwards
location /keys {
    internal;
    add_header 'Access-Control-Allow-Origin' '*';
}

location /vks/v1/ {
    location ~ ^/vks/v1/by-email/([^/][^/])([^/][^/])([^/]*)$ {
        error_page 404 /errors/404-by-email.htm;
        default_type application/pgp-keys;
        add_header Content-Disposition 'attachment; filename="$1$2$3.asc"';
        add_header 'Access-Control-Allow-Origin' '*';
        try_files /keys/links/by-email/$1/$2/$3 =404;
    }

    location ~ ^/vks/v1/by-fingerprint/(?:0x)?([^/][^/])([^/][^/])(..*)$ {
        error_page 404 /errors/404-by-fpr.htm;
        default_type application/pgp-keys;
        add_header Content-Disposition 'attachment; filename="$1$2$3.asc"';
        add_header 'Access-Control-Allow-Origin' '*';
        try_files /keys/links/by-fpr/$1/$2/$3 =404;
    }

    location ~ ^/vks/v1/by-keyid/(?:0x)?([^/][^/])([^/][^/])(.*)$ {
        error_page 404 /errors/404-by-keyid.htm;
        default_type application/pgp-keys;
        add_header Content-Disposition 'attachment; filename="$1$2$3.asc"';
        add_header 'Access-Control-Allow-Origin' '*';
        try_files /keys/links/by-keyid/$1/$2/$3 =404;
    }

    add_header 'Access-Control-Allow-Origin' '*';
    error_page 400 /errors/400-vks-invalid.htm;
    return 400;
}

# Common HKP requests.
location /pks/lookup {
    # sq keyserver get <KEYID>, gpg --receive-keys <KEYID>
    if ($args ~ "^op=get&options=mr&search=(?:0x)?([a-fA-F0-9]{16})$") {
        set $keyid $1;
        set $args "";
        rewrite . /vks/v1/by-keyid/$keyid last;
    }

    # gpg --receive-keys <FINGERPRINT>
    if ($args ~ "^op=get&options=mr&search=(?:0x)?([a-fA-F0-9]{40})$") {
        set $fingerprint $1;
        set $args "";
        rewrite . /vks/v1/by-fingerprint/$fingerprint last;
    }

    # gpg --locate-key <EMAIL>
    if ($request_uri ~ "^/pks/lookup\?op=get&options=mr&search=([^&]{3,}%40[^&]+)") {
        set $email $1;
        set $args "";
        rewrite . /vks/v1/by-email/$email last;
    }

    # gpg --search '<address@example.org>'
    # strip angle brackets - we don't need them, but they cause issues
    # with the Rocket framework
    # see https://gitlab.com/sequoia-pgp/hagrid/issues/94
    if ($request_uri ~ "^/pks/lookup\?(.*)\<(.+)\>(.*)") {
        set $left $1;
        set $middle $2;
        set $right $3;
        set $args "";
        rewrite . /pks/lookup?$left$middle$right? break;
    }

    # forward to backend, which will like serve via x-accel-redirect
    add_header 'Access-Control-Allow-Origin' '*';
    proxy_pass http://127.0.0.1:8080;
}

location /pks {
    proxy_pass http://127.0.0.1:8080;
}

location /manage {
    proxy_pass http://127.0.0.1:8080;
}

location /verify {
    proxy_pass http://127.0.0.1:8080;
}

location /search {
    proxy_pass http://127.0.0.1:8080;
}

location /upload {
    proxy_pass http://127.0.0.1:8080;
}

# explicitly cache the home directory
location = / {
    proxy_cache static_cache;
    proxy_pass http://127.0.0.1:8080;
}

# cache "about" pages
location /about {
    proxy_cache static_cache;
    proxy_pass http://127.0.0.1:8080;
}
split up nginx files 2019-02-27 10:39:38 +00:00			`# this routing file is included in the hagrid http block`
			`# it is assumed that hagrid runs on localhost:8080`

Limit size of uploads. - Fixes #70. 2019-03-06 12:40:36 +00:00			`# To protect against DOS, we limit the size of possible uploads.`
			`client_max_body_size 1m;`
increase buffer size in nginx config 2019-06-06 13:06:06 +00:00			`client_body_buffer_size 128k;`
Limit size of uploads. - Fixes #70. 2019-03-06 12:40:36 +00:00
redirect all HTTP 502 errors to HTTP 500 in nginx 2019-05-14 13:57:10 +00:00			`# Change all HTTP 502 errors into 500, to avoid being "marked as dead" by GnuPG`
			`# if we ever get a spurious 502 (e.g. during a restart of hagrid).`
			`# See https://gitlab.com/sequoia-pgp/hagrid/issues/94`
			`error_page 502 =500 /502;`
			`location /502 {`
			`return 500;`
			`}`

add CORS headers to /vks/v1 and /pks/lookup endpoints 2019-05-14 16:52:28 +00:00			`# for x-accel-redirect forwards`
			`location /keys {`
			`internal;`
			`add_header 'Access-Control-Allow-Origin' '*';`
			`}`

update hagrid-routes again 2019-05-04 00:42:56 +00:00			`location /vks/v1/ {`
			`location ~ ^/vks/v1/by-email/([^/][^/])([^/][^/])([^/]*)$ {`
handle more errors in nginx 2019-06-11 15:18:42 +00:00			`error_page 404 /errors/404-by-email.htm;`
update hagrid-routes again 2019-05-04 00:42:56 +00:00			`default_type application/pgp-keys;`
			`add_header Content-Disposition 'attachment; filename="$1$2$3.asc"';`
add CORS headers to /vks/v1 and /pks/lookup endpoints 2019-05-14 16:52:28 +00:00			`add_header 'Access-Control-Allow-Origin' '*';`
handle more errors in nginx 2019-06-11 15:18:42 +00:00			`try_files /keys/links/by-email/$1/$2/$3 =404;`
update hagrid-routes again 2019-05-04 00:42:56 +00:00			`}`
split up nginx files 2019-02-27 10:39:38 +00:00
update hagrid-routes again 2019-05-04 00:42:56 +00:00			`location ~ ^/vks/v1/by-fingerprint/(?:0x)?([^/][^/])([^/][^/])(..*)$ {`
handle more errors in nginx 2019-06-11 15:18:42 +00:00			`error_page 404 /errors/404-by-fpr.htm;`
update hagrid-routes again 2019-05-04 00:42:56 +00:00			`default_type application/pgp-keys;`
			`add_header Content-Disposition 'attachment; filename="$1$2$3.asc"';`
add CORS headers to /vks/v1 and /pks/lookup endpoints 2019-05-14 16:52:28 +00:00			`add_header 'Access-Control-Allow-Origin' '*';`
handle more errors in nginx 2019-06-11 15:18:42 +00:00			`try_files /keys/links/by-fpr/$1/$2/$3 =404;`
update hagrid-routes again 2019-05-04 00:42:56 +00:00			`}`

			`location ~ ^/vks/v1/by-keyid/(?:0x)?([^/][^/])([^/][^/])(.*)$ {`
handle more errors in nginx 2019-06-11 15:18:42 +00:00			`error_page 404 /errors/404-by-keyid.htm;`
update hagrid-routes again 2019-05-04 00:42:56 +00:00			`default_type application/pgp-keys;`
			`add_header Content-Disposition 'attachment; filename="$1$2$3.asc"';`
add CORS headers to /vks/v1 and /pks/lookup endpoints 2019-05-14 16:52:28 +00:00			`add_header 'Access-Control-Allow-Origin' '*';`
handle more errors in nginx 2019-06-11 15:18:42 +00:00			`try_files /keys/links/by-keyid/$1/$2/$3 =404;`
update hagrid-routes again 2019-05-04 00:42:56 +00:00			`}`
split up nginx files 2019-02-27 10:39:38 +00:00
add CORS headers to /vks/v1 and /pks/lookup endpoints 2019-05-14 16:52:28 +00:00			`add_header 'Access-Control-Allow-Origin' '*';`
handle more errors in nginx 2019-06-11 15:18:42 +00:00			`error_page 400 /errors/400-vks-invalid.htm;`
			`return 400;`
split up nginx files 2019-02-27 10:39:38 +00:00			`}`

			`# Common HKP requests.`
			`location /pks/lookup {`
			`# sq keyserver get <KEYID>, gpg --receive-keys <KEYID>`
update hagrid-routes again 2019-05-04 00:42:56 +00:00			`if ($args ~ "^op=get&options=mr&search=(?:0x)?([a-fA-F0-9]{16})$") {`
			`set $keyid $1;`
			`set $args "";`
			`rewrite . /vks/v1/by-keyid/$keyid last;`
split up nginx files 2019-02-27 10:39:38 +00:00			`}`

			`# gpg --receive-keys <FINGERPRINT>`
update hagrid-routes again 2019-05-04 00:42:56 +00:00			`if ($args ~ "^op=get&options=mr&search=(?:0x)?([a-fA-F0-9]{40})$") {`
			`set $fingerprint $1;`
			`set $args "";`
			`rewrite . /vks/v1/by-fingerprint/$fingerprint last;`
split up nginx files 2019-02-27 10:39:38 +00:00			`}`

			`# gpg --locate-key <EMAIL>`
update hagrid-routes again 2019-05-04 00:42:56 +00:00			`if ($request_uri ~ "^/pks/lookup\?op=get&options=mr&search=([^&]{3,}%40[^&]+)") {`
			`set $email $1;`
			`set $args "";`
			`rewrite . /vks/v1/by-email/$email last;`
split up nginx files 2019-02-27 10:39:38 +00:00			`}`

rewrite requests to workaround angular bracket issue unescaped angular brackets aren't allowed, but used by gnupg. this causes issues with Rocket that we can't fix in Hagrid. see https://gitlab.com/sequoia-pgp/hagrid/issues/94 upstream rocket bug https://github.com/SergioBenitez/Rocket/pull/941#issuecomment-492035708 2019-06-10 15:30:13 +00:00			`# gpg --search '<address@example.org>'`
			`# strip angle brackets - we don't need them, but they cause issues`
			`# with the Rocket framework`
			`# see https://gitlab.com/sequoia-pgp/hagrid/issues/94`
			`if ($request_uri ~ "^/pks/lookup\?(.)\<(.+)\>(.)") {`
			`set $left $1;`
			`set $middle $2;`
			`set $right $3;`
			`set $args "";`
			`rewrite . /pks/lookup?$left$middle$right? break;`
			`}`

add CORS headers to /vks/v1 and /pks/lookup endpoints 2019-05-14 16:52:28 +00:00			`# forward to backend, which will like serve via x-accel-redirect`
			`add_header 'Access-Control-Allow-Origin' '*';`
split up nginx files 2019-02-27 10:39:38 +00:00			`proxy_pass http://127.0.0.1:8080;`
			`}`

fix paths handling in hagrid (for nginx, too) 2019-04-28 20:41:41 +00:00			`location /pks {`
Add missing route for /pks/add. 2019-03-06 11:30:37 +00:00			`proxy_pass http://127.0.0.1:8080;`
			`}`

fix paths handling in hagrid (for nginx, too) 2019-04-28 20:41:41 +00:00			`location /manage {`
Serve /apidoc, improve README. - Fixes #63. 2019-03-06 15:39:52 +00:00			`proxy_pass http://127.0.0.1:8080;`
			`}`

Rework API 2019-05-23 23:01:24 +00:00			`location /verify {`
			`proxy_pass http://127.0.0.1:8080;`
			`}`

split human-readable interface and hkp 2019-06-11 14:59:27 +00:00			`location /search {`
			`proxy_pass http://127.0.0.1:8080;`
			`}`

Rework API 2019-05-23 23:01:24 +00:00			`location /upload {`
split up nginx files 2019-02-27 10:39:38 +00:00			`proxy_pass http://127.0.0.1:8080;`
			`}`
Rename functions, templates, paths to delete key bindings. - This change consistently names things related to key binding deletion. - It also moves it out of the /vks/v1 prefix. Iff we decide to make (parts of) it machine-usable, we can (partially) move it back in. 2019-03-12 13:02:47 +00:00
fix paths handling in hagrid (for nginx, too) 2019-04-28 20:41:41 +00:00			`# explicitly cache the home directory`
			`location = / {`
			`proxy_cache static_cache;`
Rename functions, templates, paths to delete key bindings. - This change consistently names things related to key binding deletion. - It also moves it out of the /vks/v1 prefix. Iff we decide to make (parts of) it machine-usable, we can (partially) move it back in. 2019-03-12 13:02:47 +00:00			`proxy_pass http://127.0.0.1:8080;`
			`}`
Rename functions, templates, paths to publish key bindings. - This change consistently names things related to key publishing. - It also moves it out of the /vks/v1 prefix. Iff we decide to make (parts of) it machine-usable, we can (partially) move it back in. 2019-03-12 13:47:46 +00:00
fix paths handling in hagrid (for nginx, too) 2019-04-28 20:41:41 +00:00			`# cache "about" pages`
			`location /about {`
			`proxy_cache static_cache;`
Rename functions, templates, paths to publish key bindings. - This change consistently names things related to key publishing. - It also moves it out of the /vks/v1 prefix. Iff we decide to make (parts of) it machine-usable, we can (partially) move it back in. 2019-03-12 13:47:46 +00:00			`proxy_pass http://127.0.0.1:8080;`
			`}`