mirror of
https://gitlab.com/hagrid-keyserver/hagrid.git
synced 2023-02-13 20:55:02 -05:00
122 lines
3.5 KiB
Text
122 lines
3.5 KiB
Text
# this routing file is included in the hagrid http block
|
|
# it is assumed that hagrid runs on localhost:8080
|
|
|
|
# To protect against DOS, we limit the size of possible uploads.
|
|
client_max_body_size 1m;
|
|
client_body_buffer_size 128k;
|
|
|
|
# Change all HTTP 502 errors into 500, to avoid being "marked as dead" by GnuPG
|
|
# if we ever get a spurious 502 (e.g. during a restart of hagrid).
|
|
# See https://gitlab.com/sequoia-pgp/hagrid/issues/94
|
|
error_page 502 =500 /502;
|
|
location /502 {
|
|
return 500;
|
|
}
|
|
|
|
# for x-accel-redirect forwards
|
|
location /keys {
|
|
internal;
|
|
add_header 'Access-Control-Allow-Origin' '*';
|
|
}
|
|
|
|
location /vks/v1/ {
|
|
location ~ ^/vks/v1/by-email/([^/][^/])([^/][^/])([^/]*)$ {
|
|
error_page 404 /errors/404-by-email.htm;
|
|
default_type application/pgp-keys;
|
|
add_header Content-Disposition 'attachment; filename="$1$2$3.asc"';
|
|
add_header 'Access-Control-Allow-Origin' '*';
|
|
try_files /keys/links/by-email/$1/$2/$3 =404;
|
|
}
|
|
|
|
location ~ ^/vks/v1/by-fingerprint/(?:0x)?([^/][^/])([^/][^/])(..*)$ {
|
|
error_page 404 /errors/404-by-fpr.htm;
|
|
default_type application/pgp-keys;
|
|
add_header Content-Disposition 'attachment; filename="$1$2$3.asc"';
|
|
add_header 'Access-Control-Allow-Origin' '*';
|
|
try_files /keys/links/by-fpr/$1/$2/$3 =404;
|
|
}
|
|
|
|
location ~ ^/vks/v1/by-keyid/(?:0x)?([^/][^/])([^/][^/])(.*)$ {
|
|
error_page 404 /errors/404-by-keyid.htm;
|
|
default_type application/pgp-keys;
|
|
add_header Content-Disposition 'attachment; filename="$1$2$3.asc"';
|
|
add_header 'Access-Control-Allow-Origin' '*';
|
|
try_files /keys/links/by-keyid/$1/$2/$3 =404;
|
|
}
|
|
|
|
add_header 'Access-Control-Allow-Origin' '*';
|
|
error_page 400 /errors/400-vks-invalid.htm;
|
|
return 400;
|
|
}
|
|
|
|
# Common HKP requests.
|
|
location /pks/lookup {
|
|
# sq keyserver get <KEYID>, gpg --receive-keys <KEYID>
|
|
if ($args ~ "^op=get&options=mr&search=(?:0x)?([a-fA-F0-9]{16})$") {
|
|
set $keyid $1;
|
|
set $args "";
|
|
rewrite . /vks/v1/by-keyid/$keyid last;
|
|
}
|
|
|
|
# gpg --receive-keys <FINGERPRINT>
|
|
if ($args ~ "^op=get&options=mr&search=(?:0x)?([a-fA-F0-9]{40})$") {
|
|
set $fingerprint $1;
|
|
set $args "";
|
|
rewrite . /vks/v1/by-fingerprint/$fingerprint last;
|
|
}
|
|
|
|
# gpg --locate-key <EMAIL>
|
|
if ($request_uri ~ "^/pks/lookup\?op=get&options=mr&search=([^&]{3,}%40[^&]+)") {
|
|
set $email $1;
|
|
set $args "";
|
|
rewrite . /vks/v1/by-email/$email last;
|
|
}
|
|
|
|
# gpg --search '<address@example.org>'
|
|
# strip angle brackets - we don't need them, but they cause issues
|
|
# with the Rocket framework
|
|
# see https://gitlab.com/sequoia-pgp/hagrid/issues/94
|
|
if ($request_uri ~ "^/pks/lookup\?(.*)\<(.+)\>(.*)") {
|
|
set $left $1;
|
|
set $middle $2;
|
|
set $right $3;
|
|
set $args "";
|
|
rewrite . /pks/lookup?$left$middle$right? break;
|
|
}
|
|
|
|
# forward to backend, which will like serve via x-accel-redirect
|
|
add_header 'Access-Control-Allow-Origin' '*';
|
|
proxy_pass http://127.0.0.1:8080;
|
|
}
|
|
|
|
location /pks {
|
|
proxy_pass http://127.0.0.1:8080;
|
|
}
|
|
|
|
location /manage {
|
|
proxy_pass http://127.0.0.1:8080;
|
|
}
|
|
|
|
location /verify {
|
|
proxy_pass http://127.0.0.1:8080;
|
|
}
|
|
|
|
location /search {
|
|
proxy_pass http://127.0.0.1:8080;
|
|
}
|
|
|
|
location /upload {
|
|
proxy_pass http://127.0.0.1:8080;
|
|
}
|
|
|
|
# explicitly cache the home directory
|
|
location = / {
|
|
proxy_cache static_cache;
|
|
proxy_pass http://127.0.0.1:8080;
|
|
}
|
|
|
|
# cache "about" pages
|
|
location /about {
|
|
proxy_cache static_cache;
|
|
proxy_pass http://127.0.0.1:8080;
|
|
}
|