error_log stderr; pid nginx/nginx.pid; daemon off; http { # allow 6 requests per min -> one each 10s on avg. limit_req_zone $binary_remote_addr zone=mylimit:10m rate=6r/m; server { listen 127.0.0.1:8090; access_log nginx/access_log; include /etc/nginx/mime.types; default_type application/octet-stream; root dist/public; location /by-email/ { rewrite "^/by-email/([^/]{2})([^/]*)$" /by-email/$1/$2 break; default_type application/pgp-keys; add_header Content-Disposition 'attachment; filename="$1$2.asc"'; try_files /$uri =404; } location /by-fingerprint/ { rewrite ^/by-fingerprint/(0x)?([^/][^/])(..*)$ $2/$3 break; default_type application/pgp-keys; add_header Content-Disposition 'attachment; filename="$2$3.asc"'; try_files /by-fpr/$uri =404; } location /by-keyid/ { rewrite ^/by-keyid/(0x)?([^/][^/])(.*)$ /by-keyid/$2/$3 break; default_type application/pgp-keys; add_header Content-Disposition 'attachment; filename="$2$3.asc"'; try_files /$uri =404; } # Common HKP requests. location /pks/lookup { # sq keyserver get , gpg --receive-keys if ($args ~* "^op=get&options=mr&?search=(0x)?([A-F0-9]{2})([A-F0-9]{14})$") { set $dir $2; set $file $3; rewrite . /by-keyid/$dir/$file; } # gpg --receive-keys if ($args ~* "^op=get&options=mr&?search=(0x)?([A-F0-9]{2})([A-F0-9]{38})$") { set $dir $2; set $file $3; rewrite . /by-fingerprint/$dir/$file; } # gpg --locate-key if ($args ~* "^op=get&options=mr&?search=(..)([^&]*)(@|%40)([^&]*)") { set $dir $1; set $local $2; set $horst $4; rewrite . /by-email/$dir/$local%40$horst; } proxy_pass http://127.0.0.1:8080; } location = / { proxy_pass http://127.0.0.1:8080; } location = /about { proxy_pass http://127.0.0.1:8080; } location ^~ /vks/ { proxy_pass http://127.0.0.1:8080; } } } events { worker_connections 4096; }