hagrid-keyserver--hagrid/nginx.conf

error_log stderr;
pid nginx/nginx.pid;
daemon off;

http {
  # allow 6 requests per min -> one each 10s on avg.
  limit_req_zone $binary_remote_addr zone=mylimit:10m rate=6r/m;

  proxy_cache_path /tmp/nginx_cache use_temp_path=off keys_zone=static_cache:10m;
  proxy_cache_valid 200 5m;

  server {
    listen 0.0.0.0:8090;

    access_log nginx/access_log;

    # To debug the rewrite rules, enable these directives:
    #error_log stderr notice;
    #rewrite_log on;

    include /etc/nginx/mime.types;
    default_type application/octet-stream;

    root dist/public;

    location /by-email/ {
      rewrite "^/by-email/([^/]{2})([^/]*)$" /by-email/$1/$2 break;
      default_type application/pgp-keys;
      add_header Content-Disposition 'attachment; filename="$1$2.asc"';
      try_files /$uri =404;
    }

    location /by-fingerprint/ {
      rewrite ^/by-fingerprint/(0x)?([^/][^/])(..*)$ /by-fingerprint/$2$3 break;
      default_type application/pgp-keys;
      add_header Content-Disposition 'attachment; filename="$2$3.asc"';
      try_files /by-fpr/$2/$3 @fallback;
    }

    location /by-keyid/ {
      rewrite ^/by-keyid/(0x)?([^/][^/])(.*)$ /by-keyid/$2$3 break;
      default_type application/pgp-keys;
      add_header Content-Disposition 'attachment; filename="$2$3.asc"';
      try_files /by-keyid/$2/$3 @fallback;
    }

    # Pass queries that we do not understand to hagrid.
    location @fallback {
      proxy_pass http://127.0.0.1:8080;
    }

    # Common HKP requests.
    location /pks/lookup {
      # sq keyserver get <KEYID>, gpg --receive-keys <KEYID>
      if ($args ~ "^op=get&options=mr&?search=(0x)?([A-F0-9]{2})([A-F0-9]{14})$") {
        set $dir $2;
        set $file $3;
        rewrite . /by-keyid/$dir/$file;
      }

      # gpg --receive-keys <FINGERPRINT>
      if ($args ~ "^op=get&options=mr&?search=(0x)?([A-F0-9]{2})([A-F0-9]{38})$") {
        set $dir $2;
        set $file $3;
        rewrite . /by-fingerprint/$dir/$file;
      }

      # gpg --locate-key <EMAIL>
      if ($args ~ "^op=get&options=mr&?search=(..)([^&]*)(@|%40)([^&]*)") {
        set $dir $1;
        set $local $2;
        set $horst $4;
        rewrite . /by-email/$dir/$local%40$horst;
      }

      proxy_pass http://127.0.0.1:8080;
    }

    location = / {
      proxy_cache static_cache;
      proxy_pass http://127.0.0.1:8080;
    }

    location = /about {
      proxy_cache static_cache;
      proxy_pass http://127.0.0.1:8080;
    }

    location /vks/ {
      proxy_pass http://127.0.0.1:8080;
    }
  }
}

events {
  worker_connections 4096;
}
add nginx config 2018-10-25 11:38:49 -04:00			`error_log stderr;`
			`pid nginx/nginx.pid;`
			`daemon off;`

			`http {`
rate limit /pks/add to one request per 10s closes #12 2019-01-15 11:25:53 -05:00			`# allow 6 requests per min -> one each 10s on avg.`
			`limit_req_zone $binary_remote_addr zone=mylimit:10m rate=6r/m;`

Cache static sites generated by hagrid. 2019-02-26 06:58:21 -05:00			`proxy_cache_path /tmp/nginx_cache use_temp_path=off keys_zone=static_cache:10m;`
			`proxy_cache_valid 200 5m;`

add nginx config 2018-10-25 11:38:49 -04:00			`server {`
Bind to all interfaces. 2019-02-26 07:13:37 -05:00			`listen 0.0.0.0:8090;`
add nginx config 2018-10-25 11:38:49 -04:00
			`access_log nginx/access_log;`

Add debugging aid. 2019-02-26 07:57:41 -05:00			`# To debug the rewrite rules, enable these directives:`
			`#error_log stderr notice;`
			`#rewrite_log on;`

add nginx config 2018-10-25 11:38:49 -04:00			`include /etc/nginx/mime.types;`
			`default_type application/octet-stream;`

Move paths around. Server new accepts / /vks/{verify,confirm,delete} /pks/{add,lookup} 2018-11-02 06:48:02 -04:00			`root dist/public;`
add nginx config 2018-10-25 11:38:49 -04:00
Use git-style subdirectories for data files. - To address scalability concerns, we put data files into subdirectories by splitting e.g. the fingerprint into a two character prefix and the rest, using the prefix as subdirectory name, and the rest as filename. - We hide this fact from the user using rewrite rules in nginx. - Fixes #38. 2019-02-21 18:29:15 -05:00			`location /by-email/ {`
Handle common HKP queries using nginx. - Fixes #46. 2019-02-22 17:45:41 -05:00			`rewrite "^/by-email/([^/]{2})([^/]*)$" /by-email/$1/$2 break;`
add nginx config 2018-10-25 11:38:49 -04:00			`default_type application/pgp-keys;`
Provide nicer filenames for downloads. - This is especially useful for the HKP interface, where previously all downloads were named 'lookup'. 2019-02-26 06:30:42 -05:00			`add_header Content-Disposition 'attachment; filename="$1$2.asc"';`
Use git-style subdirectories for data files. - To address scalability concerns, we put data files into subdirectories by splitting e.g. the fingerprint into a two character prefix and the rest, using the prefix as subdirectory name, and the rest as filename. - We hide this fact from the user using rewrite rules in nginx. - Fixes #38. 2019-02-21 18:29:15 -05:00			`try_files /$uri =404;`
add nginx config 2018-10-25 11:38:49 -04:00			`}`

Use git-style subdirectories for data files. - To address scalability concerns, we put data files into subdirectories by splitting e.g. the fingerprint into a two character prefix and the rest, using the prefix as subdirectory name, and the rest as filename. - We hide this fact from the user using rewrite rules in nginx. - Fixes #38. 2019-02-21 18:29:15 -05:00			`location /by-fingerprint/ {`
Pass failing /by-* queries to hagrid for normalization. 2019-02-26 07:56:47 -05:00			`rewrite ^/by-fingerprint/(0x)?([^/][^/])(..*)$ /by-fingerprint/$2$3 break;`
Move paths around. Server new accepts / /vks/{verify,confirm,delete} /pks/{add,lookup} 2018-11-02 06:48:02 -04:00			`default_type application/pgp-keys;`
Provide nicer filenames for downloads. - This is especially useful for the HKP interface, where previously all downloads were named 'lookup'. 2019-02-26 06:30:42 -05:00			`add_header Content-Disposition 'attachment; filename="$2$3.asc"';`
Pass failing /by-* queries to hagrid for normalization. 2019-02-26 07:56:47 -05:00			`try_files /by-fpr/$2/$3 @fallback;`
Move paths around. Server new accepts / /vks/{verify,confirm,delete} /pks/{add,lookup} 2018-11-02 06:48:02 -04:00			`}`

Use git-style subdirectories for data files. - To address scalability concerns, we put data files into subdirectories by splitting e.g. the fingerprint into a two character prefix and the rest, using the prefix as subdirectory name, and the rest as filename. - We hide this fact from the user using rewrite rules in nginx. - Fixes #38. 2019-02-21 18:29:15 -05:00			`location /by-keyid/ {`
Pass failing /by-* queries to hagrid for normalization. 2019-02-26 07:56:47 -05:00			`rewrite ^/by-keyid/(0x)?([^/][^/])(.*)$ /by-keyid/$2$3 break;`
allow lookup by keyid and subkey fpr 2019-01-04 08:07:14 -05:00			`default_type application/pgp-keys;`
Provide nicer filenames for downloads. - This is especially useful for the HKP interface, where previously all downloads were named 'lookup'. 2019-02-26 06:30:42 -05:00			`add_header Content-Disposition 'attachment; filename="$2$3.asc"';`
Pass failing /by-* queries to hagrid for normalization. 2019-02-26 07:56:47 -05:00			`try_files /by-keyid/$2/$3 @fallback;`
			`}`

			`# Pass queries that we do not understand to hagrid.`
			`location @fallback {`
			`proxy_pass http://127.0.0.1:8080;`
allow lookup by keyid and subkey fpr 2019-01-04 08:07:14 -05:00			`}`

Handle common HKP queries using nginx. - Fixes #46. 2019-02-22 17:45:41 -05:00			`# Common HKP requests.`
			`location /pks/lookup {`
			`# sq keyserver get <KEYID>, gpg --receive-keys <KEYID>`
Case-sensitive matching on HKP requests. 2019-02-26 07:52:58 -05:00			`if ($args ~ "^op=get&options=mr&?search=(0x)?([A-F0-9]{2})([A-F0-9]{14})$") {`
Only handle machine-readable requests from nginx. - And relay the rest to hagrid. 2019-02-26 06:12:27 -05:00			`set $dir $2;`
			`set $file $3;`
Handle common HKP queries using nginx. - Fixes #46. 2019-02-22 17:45:41 -05:00			`rewrite . /by-keyid/$dir/$file;`
			`}`

			`# gpg --receive-keys <FINGERPRINT>`
Case-sensitive matching on HKP requests. 2019-02-26 07:52:58 -05:00			`if ($args ~ "^op=get&options=mr&?search=(0x)?([A-F0-9]{2})([A-F0-9]{38})$") {`
Only handle machine-readable requests from nginx. - And relay the rest to hagrid. 2019-02-26 06:12:27 -05:00			`set $dir $2;`
			`set $file $3;`
Handle common HKP queries using nginx. - Fixes #46. 2019-02-22 17:45:41 -05:00			`rewrite . /by-fingerprint/$dir/$file;`
			`}`

			`# gpg --locate-key <EMAIL>`
Case-sensitive matching on HKP requests. 2019-02-26 07:52:58 -05:00			`if ($args ~ "^op=get&options=mr&?search=(..)([^&])(@\|%40)([^&])") {`
Only handle machine-readable requests from nginx. - And relay the rest to hagrid. 2019-02-26 06:12:27 -05:00			`set $dir $1;`
			`set $local $2;`
Handle mail lookups with @ escaped. 2019-02-26 06:29:44 -05:00			`set $horst $4;`
Handle common HKP queries using nginx. - Fixes #46. 2019-02-22 17:45:41 -05:00			`rewrite . /by-email/$dir/$local%40$horst;`
			`}`
Only handle machine-readable requests from nginx. - And relay the rest to hagrid. 2019-02-26 06:12:27 -05:00
			`proxy_pass http://127.0.0.1:8080;`
Handle common HKP queries using nginx. - Fixes #46. 2019-02-22 17:45:41 -05:00			`}`

Move paths around. Server new accepts / /vks/{verify,confirm,delete} /pks/{add,lookup} 2018-11-02 06:48:02 -04:00			`location = / {`
Cache static sites generated by hagrid. 2019-02-26 06:58:21 -05:00			`proxy_cache static_cache;`
Move paths around. Server new accepts / /vks/{verify,confirm,delete} /pks/{add,lookup} 2018-11-02 06:48:02 -04:00			`proxy_pass http://127.0.0.1:8080;`
			`}`

Add a location for /about. 2019-02-26 06:33:44 -05:00			`location = /about {`
Cache static sites generated by hagrid. 2019-02-26 06:58:21 -05:00			`proxy_cache static_cache;`
Add a location for /about. 2019-02-26 06:33:44 -05:00			`proxy_pass http://127.0.0.1:8080;`
			`}`

Avoid regex match. 2019-02-26 08:32:11 -05:00			`location /vks/ {`
Move paths around. Server new accepts / /vks/{verify,confirm,delete} /pks/{add,lookup} 2018-11-02 06:48:02 -04:00			`proxy_pass http://127.0.0.1:8080;`
			`}`
add nginx config 2018-10-25 11:38:49 -04:00			`}`
			`}`

			`events {`
			`worker_connections 4096;`
			`}`