1
0
Fork 0
mirror of https://gitlab.com/hagrid-keyserver/hagrid.git synced 2023-02-13 20:55:02 -05:00
hagrid-keyserver--hagrid/hagrid-routes.conf
Vincent Breitmoser 9a225410c9
Rework API
2019-06-04 16:12:36 +02:00

106 lines
3 KiB
Text

# this routing file is included in the hagrid http block
# it is assumed that hagrid runs on localhost:8080
# To protect against DOS, we limit the size of possible uploads.
client_max_body_size 1m;
# Change all HTTP 502 errors into 500, to avoid being "marked as dead" by GnuPG
# if we ever get a spurious 502 (e.g. during a restart of hagrid).
# See https://gitlab.com/sequoia-pgp/hagrid/issues/94
error_page 502 =500 /502;
location /502 {
return 500;
}
# for x-accel-redirect forwards
location /keys {
internal;
add_header 'Access-Control-Allow-Origin' '*';
}
location /vks/v1/ {
location ~ ^/vks/v1/by-email/([^/][^/])([^/][^/])([^/]*)$ {
default_type application/pgp-keys;
add_header Content-Disposition 'attachment; filename="$1$2$3.asc"';
add_header 'Access-Control-Allow-Origin' '*';
try_files /keys/by-email/$1/$2/$3 @fallback;
}
location ~ ^/vks/v1/by-fingerprint/(?:0x)?([^/][^/])([^/][^/])(..*)$ {
default_type application/pgp-keys;
add_header Content-Disposition 'attachment; filename="$1$2$3.asc"';
add_header 'Access-Control-Allow-Origin' '*';
try_files /keys/by-fpr/$1/$2/$3 @fallback;
}
location ~ ^/vks/v1/by-keyid/(?:0x)?([^/][^/])([^/][^/])(.*)$ {
default_type application/pgp-keys;
add_header Content-Disposition 'attachment; filename="$1$2$3.asc"';
add_header 'Access-Control-Allow-Origin' '*';
try_files /keys/by-keyid/$1/$2/$3 @fallback;
}
proxy_pass http://127.0.0.1:8080;
}
# Pass queries that we do not understand to hagrid.
location @fallback {
add_header 'Access-Control-Allow-Origin' '*';
proxy_pass http://127.0.0.1:8080;
}
# Common HKP requests.
location /pks/lookup {
# sq keyserver get <KEYID>, gpg --receive-keys <KEYID>
if ($args ~ "^op=get&options=mr&search=(?:0x)?([a-fA-F0-9]{16})$") {
set $keyid $1;
set $args "";
rewrite . /vks/v1/by-keyid/$keyid last;
}
# gpg --receive-keys <FINGERPRINT>
if ($args ~ "^op=get&options=mr&search=(?:0x)?([a-fA-F0-9]{40})$") {
set $fingerprint $1;
set $args "";
rewrite . /vks/v1/by-fingerprint/$fingerprint last;
}
# gpg --locate-key <EMAIL>
if ($request_uri ~ "^/pks/lookup\?op=get&options=mr&search=([^&]{3,}%40[^&]+)") {
set $email $1;
set $args "";
rewrite . /vks/v1/by-email/$email last;
}
# forward to backend, which will like serve via x-accel-redirect
add_header 'Access-Control-Allow-Origin' '*';
proxy_pass http://127.0.0.1:8080;
}
location /pks {
proxy_pass http://127.0.0.1:8080;
}
location /manage {
proxy_pass http://127.0.0.1:8080;
}
location /verify {
proxy_pass http://127.0.0.1:8080;
}
location /upload {
proxy_pass http://127.0.0.1:8080;
}
# explicitly cache the home directory
location = / {
proxy_cache static_cache;
proxy_pass http://127.0.0.1:8080;
}
# cache "about" pages
location /about {
proxy_cache static_cache;
proxy_pass http://127.0.0.1:8080;
}