From 016d18603e93df23ce3ac5ac8deeb24f892bd9b4 Mon Sep 17 00:00:00 2001
From: Florian Pritz <bluewind@xinu.at>
Date: Sat, 29 Apr 2017 23:52:50 +0200
Subject: [PATCH] dbscripts: Support rsync.archlinux.org via HTTPS
This also adds location / {} blocks to make the letsencrypt include
work.
Signed-off-by: Florian Pritz <bluewind@xinu.at>
---
roles/dbscripts/templates/nginx.d.conf.j2 | 94 ++++++++++++-----------
1 file changed, 49 insertions(+), 45 deletions(-)
diff --git a/roles/dbscripts/templates/nginx.d.conf.j2 b/roles/dbscripts/templates/nginx.d.conf.j2
index 9e16bcfab..4bf423f8c 100644
--- a/roles/dbscripts/templates/nginx.d.conf.j2
+++ b/roles/dbscripts/templates/nginx.d.conf.j2
@@ -12,41 +12,43 @@ server {
allow all;
}
- # Server at velocitynet
- allow 66.211.214.130; # dom0.archlinux.org.
- allow 66.211.214.131; # gudrun.archlinux.org.
- allow 66.211.214.132; # gerolde.archlinux.org.
- allow 2001:470:1f10:717::2/128; # gerolde's tunnel IP
+ location / {
+ # Server at velocitynet
+ allow 66.211.214.130; # dom0.archlinux.org.
+ allow 66.211.214.131; # gudrun.archlinux.org.
+ allow 66.211.214.132; # gerolde.archlinux.org.
+ allow 2001:470:1f10:717::2/128; # gerolde's tunnel IP
- # Thomas' home
- #allow 87.193.186.180; # port-87-193-186-180.static.qsc.de.
- allow 2001:1a80:3026::/48;
+ # Thomas' home
+ #allow 87.193.186.180; # port-87-193-186-180.static.qsc.de.
+ allow 2001:1a80:3026::/48;
- # orion.archlinux.org
- allow 88.198.91.70;
- allow 2a01:4f8:160:6087::1;
+ # orion.archlinux.org
+ allow 88.198.91.70;
+ allow 2a01:4f8:160:6087::1;
- # brynhild.archlinux.org
- allow 176.9.18.112;
- allow 2a01:4f8:150:1261::2;
+ # brynhild.archlinux.org
+ allow 176.9.18.112;
+ allow 2a01:4f8:150:1261::2;
- # alberich.archlinux.org
- allow 216.151.172.98;
+ # alberich.archlinux.org
+ allow 216.151.172.98;
- # allison.archlinux.de
- allow 144.76.107.12;
- allow 2a01:4f8:192:520b::2;
+ # allison.archlinux.de
+ allow 144.76.107.12;
+ allow 2a01:4f8:192:520b::2;
- auth_basic "Restricted";
- auth_basic_user_file auth/dbscripts.htpasswd;
+ auth_basic "Restricted";
+ auth_basic_user_file auth/dbscripts.htpasswd;
- autoindex on;
+ autoindex on;
+ }
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
- server_name {{ repos_domain }};
+ server_name {{ repos_domain }} {{repos_rsync_domain}};
root /srv/ftp;
{% if certfile.stat.exists %}
@@ -61,33 +63,35 @@ server {
allow all;
}
- # Server at velocitynet
- allow 66.211.214.130; # dom0.archlinux.org.
- allow 66.211.214.131; # gudrun.archlinux.org.
- allow 66.211.214.132; # gerolde.archlinux.org.
- allow 2001:470:1f10:717::2/128; # gerolde's tunnel IP
+ location / {
+ # Server at velocitynet
+ allow 66.211.214.130; # dom0.archlinux.org.
+ allow 66.211.214.131; # gudrun.archlinux.org.
+ allow 66.211.214.132; # gerolde.archlinux.org.
+ allow 2001:470:1f10:717::2/128; # gerolde's tunnel IP
- # Thomas' home
- #allow 87.193.186.180; # port-87-193-186-180.static.qsc.de.
- allow 2001:1a80:3026::/48;
+ # Thomas' home
+ #allow 87.193.186.180; # port-87-193-186-180.static.qsc.de.
+ allow 2001:1a80:3026::/48;
- # orion.archlinux.org
- allow 88.198.91.70;
- allow 2a01:4f8:160:6087::1;
+ # orion.archlinux.org
+ allow 88.198.91.70;
+ allow 2a01:4f8:160:6087::1;
- # brynhild.archlinux.org
- allow 176.9.18.112;
- allow 2a01:4f8:150:1261::2;
+ # brynhild.archlinux.org
+ allow 176.9.18.112;
+ allow 2a01:4f8:150:1261::2;
- # alberich.archlinux.org
- allow 216.151.172.98;
+ # alberich.archlinux.org
+ allow 216.151.172.98;
- # allison.archlinux.de
- allow 144.76.107.12;
- allow 2a01:4f8:192:520b::2;
+ # allison.archlinux.de
+ allow 144.76.107.12;
+ allow 2a01:4f8:192:520b::2;
- auth_basic "Restricted";
- auth_basic_user_file auth/dbscripts.htpasswd;
+ auth_basic "Restricted";
+ auth_basic_user_file auth/dbscripts.htpasswd;
- autoindex on;
+ autoindex on;
+ }
}
--
GitLab