split up nginx files
This commit is contained in:
Vincent Breitmoser
parent
6681fd583e
commit
d3e1fc0ae9
|
|
@ -0,0 +1,69 @@
|
|||
# this routing file is included in the hagrid http block
|
||||
# it is assumed that hagrid runs on localhost:8080
|
||||
|
||||
location /by-email/ {
|
||||
rewrite "^/by-email/([^/]{2})([^/]*)$" /by-email/$1/$2 break;
|
||||
default_type application/pgp-keys;
|
||||
add_header Content-Disposition 'attachment; filename="$1$2.asc"';
|
||||
try_files /$uri =404;
|
||||
}
|
||||
|
||||
location /by-fingerprint/ {
|
||||
rewrite ^/by-fingerprint/(0x)?([^/][^/])(..*)$ /by-fingerprint/$2$3 break;
|
||||
default_type application/pgp-keys;
|
||||
add_header Content-Disposition 'attachment; filename="$2$3.asc"';
|
||||
try_files /by-fpr/$2/$3 @fallback;
|
||||
}
|
||||
|
||||
location /by-keyid/ {
|
||||
rewrite ^/by-keyid/(0x)?([^/][^/])(.*)$ /by-keyid/$2$3 break;
|
||||
default_type application/pgp-keys;
|
||||
add_header Content-Disposition 'attachment; filename="$2$3.asc"';
|
||||
try_files /by-keyid/$2/$3 @fallback;
|
||||
}
|
||||
|
||||
# Pass queries that we do not understand to hagrid.
|
||||
location @fallback {
|
||||
proxy_pass http://127.0.0.1:8080;
|
||||
}
|
||||
|
||||
# Common HKP requests.
|
||||
location /pks/lookup {
|
||||
# sq keyserver get <KEYID>, gpg --receive-keys <KEYID>
|
||||
if ($args ~ "^op=get&options=mr&?search=(0x)?([A-F0-9]{2})([A-F0-9]{14})$") {
|
||||
set $dir $2;
|
||||
set $file $3;
|
||||
rewrite . /by-keyid/$dir/$file;
|
||||
}
|
||||
|
||||
# gpg --receive-keys <FINGERPRINT>
|
||||
if ($args ~ "^op=get&options=mr&?search=(0x)?([A-F0-9]{2})([A-F0-9]{38})$") {
|
||||
set $dir $2;
|
||||
set $file $3;
|
||||
rewrite . /by-fingerprint/$dir/$file;
|
||||
}
|
||||
|
||||
# gpg --locate-key <EMAIL>
|
||||
if ($args ~ "^op=get&options=mr&?search=(..)([^&]*)(@|%40)([^&]*)") {
|
||||
set $dir $1;
|
||||
set $local $2;
|
||||
set $horst $4;
|
||||
rewrite . /by-email/$dir/$local%40$horst;
|
||||
}
|
||||
|
||||
proxy_pass http://127.0.0.1:8080;
|
||||
}
|
||||
|
||||
location = / {
|
||||
proxy_cache static_cache;
|
||||
proxy_pass http://127.0.0.1:8080;
|
||||
}
|
||||
|
||||
location = /about {
|
||||
proxy_cache static_cache;
|
||||
proxy_pass http://127.0.0.1:8080;
|
||||
}
|
||||
|
||||
location /vks/ {
|
||||
proxy_pass http://127.0.0.1:8080;
|
||||
}
|
||||
|
|
@ -0,0 +1,34 @@
|
|||
# allow 6 requests per min -> one each 10s on avg.
|
||||
limit_req_zone $binary_remote_addr zone=mylimit:10m rate=6r/m;
|
||||
|
||||
proxy_cache_path /tmp/nginx_cache use_temp_path=off keys_zone=static_cache:10m;
|
||||
proxy_cache_valid 200 5m;
|
||||
|
||||
server {
|
||||
listen [::]:443 ssl ipv6only=on; # managed by Certbot
|
||||
listen 443 ssl; # managed by Certbot
|
||||
ssl_certificate /etc/letsencrypt/live/edge.keys.openpgp.org/fullchain.pem; # managed by Certbot
|
||||
ssl_certificate_key /etc/letsencrypt/live/edge.keys.openpgp.org/privkey.pem; # managed by Certbot
|
||||
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
|
||||
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
|
||||
|
||||
rewrite_log on;
|
||||
error_log /home/hagrid/error.log notice;
|
||||
|
||||
root /home/hagrid/run/public;
|
||||
server_name edge.keys.openpgp.org; # managed by Certbot
|
||||
|
||||
include hagrid-routes.conf;
|
||||
}
|
||||
|
||||
server {
|
||||
if ($host = edge.keys.openpgp.org) {
|
||||
return 301 https://$host$request_uri;
|
||||
} # managed by Certbot
|
||||
|
||||
|
||||
listen 80 ;
|
||||
listen [::]:80 ;
|
||||
server_name edge.keys.openpgp.org;
|
||||
return 404; # managed by Certbot
|
||||
}
|
||||
67
nginx.conf
67
nginx.conf
|
|
@ -23,72 +23,7 @@ http {
|
|||
|
||||
root dist/public;
|
||||
|
||||
location /by-email/ {
|
||||
rewrite "^/by-email/([^/]{2})([^/]*)$" /by-email/$1/$2 break;
|
||||
default_type application/pgp-keys;
|
||||
add_header Content-Disposition 'attachment; filename="$1$2.asc"';
|
||||
try_files /$uri =404;
|
||||
}
|
||||
|
||||
location /by-fingerprint/ {
|
||||
rewrite ^/by-fingerprint/(0x)?([^/][^/])(..*)$ /by-fingerprint/$2$3 break;
|
||||
default_type application/pgp-keys;
|
||||
add_header Content-Disposition 'attachment; filename="$2$3.asc"';
|
||||
try_files /by-fpr/$2/$3 @fallback;
|
||||
}
|
||||
|
||||
location /by-keyid/ {
|
||||
rewrite ^/by-keyid/(0x)?([^/][^/])(.*)$ /by-keyid/$2$3 break;
|
||||
default_type application/pgp-keys;
|
||||
add_header Content-Disposition 'attachment; filename="$2$3.asc"';
|
||||
try_files /by-keyid/$2/$3 @fallback;
|
||||
}
|
||||
|
||||
# Pass queries that we do not understand to hagrid.
|
||||
location @fallback {
|
||||
proxy_pass http://127.0.0.1:8080;
|
||||
}
|
||||
|
||||
# Common HKP requests.
|
||||
location /pks/lookup {
|
||||
# sq keyserver get <KEYID>, gpg --receive-keys <KEYID>
|
||||
if ($args ~ "^op=get&options=mr&?search=(0x)?([A-F0-9]{2})([A-F0-9]{14})$") {
|
||||
set $dir $2;
|
||||
set $file $3;
|
||||
rewrite . /by-keyid/$dir/$file;
|
||||
}
|
||||
|
||||
# gpg --receive-keys <FINGERPRINT>
|
||||
if ($args ~ "^op=get&options=mr&?search=(0x)?([A-F0-9]{2})([A-F0-9]{38})$") {
|
||||
set $dir $2;
|
||||
set $file $3;
|
||||
rewrite . /by-fingerprint/$dir/$file;
|
||||
}
|
||||
|
||||
# gpg --locate-key <EMAIL>
|
||||
if ($args ~ "^op=get&options=mr&?search=(..)([^&]*)(@|%40)([^&]*)") {
|
||||
set $dir $1;
|
||||
set $local $2;
|
||||
set $horst $4;
|
||||
rewrite . /by-email/$dir/$local%40$horst;
|
||||
}
|
||||
|
||||
proxy_pass http://127.0.0.1:8080;
|
||||
}
|
||||
|
||||
location = / {
|
||||
proxy_cache static_cache;
|
||||
proxy_pass http://127.0.0.1:8080;
|
||||
}
|
||||
|
||||
location = /about {
|
||||
proxy_cache static_cache;
|
||||
proxy_pass http://127.0.0.1:8080;
|
||||
}
|
||||
|
||||
location /vks/ {
|
||||
proxy_pass http://127.0.0.1:8080;
|
||||
}
|
||||
include hagrid-routes.conf;
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue