Skip to content
GitLab
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Sign in
Toggle navigation
Menu
Open sidebar
Arch Linux
infrastructure
Commits
09b64ca9
Commit
09b64ca9
authored
Apr 07, 2021
by
Jelle van der Waa
🚧
Browse files
Merge branch 'nginx-alias-traversal' into 'master'
Fix nginx alias traversal Closes
#291
See merge request
!334
parents
9209db22
d94f18a7
Pipeline
#6343
passed with stage
in 47 seconds
Changes
7
Pipelines
1
Hide whitespace changes
Inline
Side-by-side
roles/archmanweb/templates/nginx.d.conf.j2
View file @
09b64ca9
...
...
@@ -30,16 +30,16 @@ server {
ssl_certificate_key /etc/letsencrypt/live/{{ archmanweb_domain }}/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/{{ archmanweb_domain }}/chain.pem;
location /favicon.ico {
location
=
/favicon.ico {
alias {{ archmanweb_dir }}/repo/collected_static/favicon.ico;
}
# Client-cache for Django's static assets
location /static {
location /static
/
{
expires 30d;
add_header Pragma public;
add_header Cache-Control "public";
alias {{ archmanweb_dir }}/repo/collected_static;
alias {{ archmanweb_dir }}/repo/collected_static
/
;
}
location / {
...
...
roles/archweb/defaults/main.yml
View file @
09b64ca9
...
...
@@ -44,5 +44,5 @@ archweb_db_backup_table_objs: 'ALL_IN_SCHEMA'
archweb_db_backup_sequence_objs
:
'
ALL_IN_SCHEMA'
archweb_retro_repository
:
'
https://gitlab.archlinux.org/archlinux/archweb-retro.git'
archweb_retro_dir
:
'
/srv/http/archweb-retro'
archweb_retro_dir
:
'
/srv/http/archweb-retro
/
'
archweb_retro_commit_hash
:
'
7eee8e20d3970c7c21ecef7ae8c9032e4b4a6d79'
roles/archweb/templates/maintenance-nginx.d.conf.j2
View file @
09b64ca9
...
...
@@ -85,35 +85,35 @@ server {
return 200 '{"m.homeserver": {"base_url": "https://{{ matrix_domain }}"}, "m.identity_server": {"base_url": "https://matrix.org"} }';
}
location /robots.txt {
location
=
/robots.txt {
alias {{ archweb_dir }}/archlinux.org/robots.txt;
}
location /humans.txt {
location
=
/humans.txt {
alias {{ archweb_dir }}/archlinux.org/humans.txt;
}
location /google7827eadf026b4a87.html {
location
=
/google7827eadf026b4a87.html {
alias {{ archweb_dir }}/archlinux.org/google7827eadf026b4a87.html;
}
location /BingSiteAuth.xml {
location
=
/BingSiteAuth.xml {
alias {{ archweb_dir }}/archlinux.org/BingSiteAuth.xml;
}
location /favicon.ico {
location
=
/favicon.ico {
alias {{ archweb_dir }}/collected_static/favicon.ico;
}
location /pacman {
location /pacman
/
{
alias {{ archweb_dir }}/archlinux.org/pacman/;
}
location /netcfg {
location /netcfg
/
{
alias {{ archweb_dir }}/archlinux.org/netcfg/;
}
location /logos {
location /logos
/
{
alias {{ archweb_dir }}/archlinux.org/logos/;
}
...
...
@@ -121,23 +121,23 @@ server {
deny all;
}
location /iso {
location /iso
/
{
alias {{ archweb_rsync_iso_dir }};
}
# Cache django's css, js and png files.
location /static {
location /static
/
{
expires 30d;
add_header Pragma public;
add_header Cache-Control "public";
alias {{ archweb_dir }}/collected_static;
alias {{ archweb_dir }}/collected_static
/
;
}
location /img {
alias {{ archweb_dir }}/media/img;
location /img
/
{
alias {{ archweb_dir }}/media/img
/
;
}
location /retro {
location /retro
/
{
alias {{ archweb_retro_dir }};
}
...
...
roles/archweb/templates/nginx.d.conf.j2
View file @
09b64ca9
...
...
@@ -106,35 +106,35 @@ server {
return 200 '{"m.homeserver": {"base_url": "https://{{ matrix_domain }}"}, "m.identity_server": {"base_url": "https://matrix.org"} }';
}
location /robots.txt {
location
=
/robots.txt {
alias {{ archweb_dir }}/archlinux.org/robots.txt;
}
location /humans.txt {
location
=
/humans.txt {
alias {{ archweb_dir }}/archlinux.org/humans.txt;
}
location /google7827eadf026b4a87.html {
location
=
/google7827eadf026b4a87.html {
alias {{ archweb_dir }}/archlinux.org/google7827eadf026b4a87.html;
}
location /BingSiteAuth.xml {
location
=
/BingSiteAuth.xml {
alias {{ archweb_dir }}/archlinux.org/BingSiteAuth.xml;
}
location /favicon.ico {
location
=
/favicon.ico {
alias {{ archweb_dir }}/collected_static/favicon.ico;
}
location /pacman {
location /pacman
/
{
alias {{ archweb_dir }}/archlinux.org/pacman/;
}
location /netcfg {
location /netcfg
/
{
alias {{ archweb_dir }}/archlinux.org/netcfg/;
}
location /logos {
location /logos
/
{
alias {{ archweb_dir }}/archlinux.org/logos/;
}
...
...
@@ -142,23 +142,23 @@ server {
deny all;
}
location /iso {
location /iso
/
{
alias {{ archweb_rsync_iso_dir }};
}
# Cache django's css, js and png files.
location /static {
location /static
/
{
expires 30d;
add_header Pragma public;
add_header Cache-Control "public";
alias {{ archweb_dir }}/collected_static;
alias {{ archweb_dir }}/collected_static
/
;
}
location /img {
alias {{ archweb_dir }}/media/img;
location /img
/
{
alias {{ archweb_dir }}/media/img
/
;
}
location /retro {
location /retro
/
{
alias {{ archweb_retro_dir }};
}
...
...
roles/archwiki/templates/nginx.d.conf.j2
View file @
09b64ca9
...
...
@@ -41,7 +41,7 @@ server {
return 403;
}
location /robots.txt {
location
=
/robots.txt {
alias {{ archwiki_dir }}/robots.txt;
}
...
...
roles/patchwork/templates/nginx.d.conf.j2
View file @
09b64ca9
...
...
@@ -30,8 +30,8 @@ server {
ssl_certificate_key /etc/letsencrypt/live/{{ patchwork_domain }}/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/{{ patchwork_domain }}/chain.pem;
location /static {
alias {{ patchwork_dir }}/htdocs/static;
location /static
/
{
alias {{ patchwork_dir }}/htdocs/static
/
;
}
location / {
...
...
roles/security_tracker/templates/nginx.d.conf.j2
View file @
09b64ca9
...
...
@@ -30,13 +30,13 @@ server {
ssl_certificate_key /etc/letsencrypt/live/{{ security_tracker_domain }}/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/{{ security_tracker_domain }}/chain.pem;
location /google9fb65bdd43709b25.html {
location
=
/google9fb65bdd43709b25.html {
# verification code for anthraxx
return 200 "google-site-verification: google9fb65bdd43709b25.html";
}
location /static {
alias {{ security_tracker_dir }}/tracker/static;
location /static
/
{
alias {{ security_tracker_dir }}/tracker/static
/
;
}
location / {
...
...
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment