Commit 09b64ca9 authored by Jelle van der Waa's avatar Jelle van der Waa 🚧
Browse files

Merge branch 'nginx-alias-traversal' into 'master'

Fix nginx alias traversal

Closes #291

See merge request archlinux/infrastructure!334
parents 9209db22 d94f18a7
Pipeline #6343 passed with stage
in 47 seconds
...@@ -30,16 +30,16 @@ server { ...@@ -30,16 +30,16 @@ server {
ssl_certificate_key /etc/letsencrypt/live/{{ archmanweb_domain }}/privkey.pem; ssl_certificate_key /etc/letsencrypt/live/{{ archmanweb_domain }}/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/{{ archmanweb_domain }}/chain.pem; ssl_trusted_certificate /etc/letsencrypt/live/{{ archmanweb_domain }}/chain.pem;
location /favicon.ico { location = /favicon.ico {
alias {{ archmanweb_dir }}/repo/collected_static/favicon.ico; alias {{ archmanweb_dir }}/repo/collected_static/favicon.ico;
} }
# Client-cache for Django's static assets # Client-cache for Django's static assets
location /static { location /static/ {
expires 30d; expires 30d;
add_header Pragma public; add_header Pragma public;
add_header Cache-Control "public"; add_header Cache-Control "public";
alias {{ archmanweb_dir }}/repo/collected_static; alias {{ archmanweb_dir }}/repo/collected_static/;
} }
location / { location / {
......
...@@ -44,5 +44,5 @@ archweb_db_backup_table_objs: 'ALL_IN_SCHEMA' ...@@ -44,5 +44,5 @@ archweb_db_backup_table_objs: 'ALL_IN_SCHEMA'
archweb_db_backup_sequence_objs: 'ALL_IN_SCHEMA' archweb_db_backup_sequence_objs: 'ALL_IN_SCHEMA'
archweb_retro_repository: 'https://gitlab.archlinux.org/archlinux/archweb-retro.git' archweb_retro_repository: 'https://gitlab.archlinux.org/archlinux/archweb-retro.git'
archweb_retro_dir: '/srv/http/archweb-retro' archweb_retro_dir: '/srv/http/archweb-retro/'
archweb_retro_commit_hash: '7eee8e20d3970c7c21ecef7ae8c9032e4b4a6d79' archweb_retro_commit_hash: '7eee8e20d3970c7c21ecef7ae8c9032e4b4a6d79'
...@@ -85,35 +85,35 @@ server { ...@@ -85,35 +85,35 @@ server {
return 200 '{"m.homeserver": {"base_url": "https://{{ matrix_domain }}"}, "m.identity_server": {"base_url": "https://matrix.org"} }'; return 200 '{"m.homeserver": {"base_url": "https://{{ matrix_domain }}"}, "m.identity_server": {"base_url": "https://matrix.org"} }';
} }
location /robots.txt { location = /robots.txt {
alias {{ archweb_dir }}/archlinux.org/robots.txt; alias {{ archweb_dir }}/archlinux.org/robots.txt;
} }
location /humans.txt { location = /humans.txt {
alias {{ archweb_dir }}/archlinux.org/humans.txt; alias {{ archweb_dir }}/archlinux.org/humans.txt;
} }
location /google7827eadf026b4a87.html { location = /google7827eadf026b4a87.html {
alias {{ archweb_dir }}/archlinux.org/google7827eadf026b4a87.html; alias {{ archweb_dir }}/archlinux.org/google7827eadf026b4a87.html;
} }
location /BingSiteAuth.xml { location = /BingSiteAuth.xml {
alias {{ archweb_dir }}/archlinux.org/BingSiteAuth.xml; alias {{ archweb_dir }}/archlinux.org/BingSiteAuth.xml;
} }
location /favicon.ico { location = /favicon.ico {
alias {{ archweb_dir }}/collected_static/favicon.ico; alias {{ archweb_dir }}/collected_static/favicon.ico;
} }
location /pacman { location /pacman/ {
alias {{ archweb_dir }}/archlinux.org/pacman/; alias {{ archweb_dir }}/archlinux.org/pacman/;
} }
location /netcfg { location /netcfg/ {
alias {{ archweb_dir }}/archlinux.org/netcfg/; alias {{ archweb_dir }}/archlinux.org/netcfg/;
} }
location /logos { location /logos/ {
alias {{ archweb_dir }}/archlinux.org/logos/; alias {{ archweb_dir }}/archlinux.org/logos/;
} }
...@@ -121,23 +121,23 @@ server { ...@@ -121,23 +121,23 @@ server {
deny all; deny all;
} }
location /iso { location /iso/ {
alias {{ archweb_rsync_iso_dir }}; alias {{ archweb_rsync_iso_dir }};
} }
# Cache django's css, js and png files. # Cache django's css, js and png files.
location /static { location /static/ {
expires 30d; expires 30d;
add_header Pragma public; add_header Pragma public;
add_header Cache-Control "public"; add_header Cache-Control "public";
alias {{ archweb_dir }}/collected_static; alias {{ archweb_dir }}/collected_static/;
} }
location /img { location /img/ {
alias {{ archweb_dir }}/media/img; alias {{ archweb_dir }}/media/img/;
} }
location /retro { location /retro/ {
alias {{ archweb_retro_dir }}; alias {{ archweb_retro_dir }};
} }
......
...@@ -106,35 +106,35 @@ server { ...@@ -106,35 +106,35 @@ server {
return 200 '{"m.homeserver": {"base_url": "https://{{ matrix_domain }}"}, "m.identity_server": {"base_url": "https://matrix.org"} }'; return 200 '{"m.homeserver": {"base_url": "https://{{ matrix_domain }}"}, "m.identity_server": {"base_url": "https://matrix.org"} }';
} }
location /robots.txt { location = /robots.txt {
alias {{ archweb_dir }}/archlinux.org/robots.txt; alias {{ archweb_dir }}/archlinux.org/robots.txt;
} }
location /humans.txt { location = /humans.txt {
alias {{ archweb_dir }}/archlinux.org/humans.txt; alias {{ archweb_dir }}/archlinux.org/humans.txt;
} }
location /google7827eadf026b4a87.html { location = /google7827eadf026b4a87.html {
alias {{ archweb_dir }}/archlinux.org/google7827eadf026b4a87.html; alias {{ archweb_dir }}/archlinux.org/google7827eadf026b4a87.html;
} }
location /BingSiteAuth.xml { location = /BingSiteAuth.xml {
alias {{ archweb_dir }}/archlinux.org/BingSiteAuth.xml; alias {{ archweb_dir }}/archlinux.org/BingSiteAuth.xml;
} }
location /favicon.ico { location = /favicon.ico {
alias {{ archweb_dir }}/collected_static/favicon.ico; alias {{ archweb_dir }}/collected_static/favicon.ico;
} }
location /pacman { location /pacman/ {
alias {{ archweb_dir }}/archlinux.org/pacman/; alias {{ archweb_dir }}/archlinux.org/pacman/;
} }
location /netcfg { location /netcfg/ {
alias {{ archweb_dir }}/archlinux.org/netcfg/; alias {{ archweb_dir }}/archlinux.org/netcfg/;
} }
location /logos { location /logos/ {
alias {{ archweb_dir }}/archlinux.org/logos/; alias {{ archweb_dir }}/archlinux.org/logos/;
} }
...@@ -142,23 +142,23 @@ server { ...@@ -142,23 +142,23 @@ server {
deny all; deny all;
} }
location /iso { location /iso/ {
alias {{ archweb_rsync_iso_dir }}; alias {{ archweb_rsync_iso_dir }};
} }
# Cache django's css, js and png files. # Cache django's css, js and png files.
location /static { location /static/ {
expires 30d; expires 30d;
add_header Pragma public; add_header Pragma public;
add_header Cache-Control "public"; add_header Cache-Control "public";
alias {{ archweb_dir }}/collected_static; alias {{ archweb_dir }}/collected_static/;
} }
location /img { location /img/ {
alias {{ archweb_dir }}/media/img; alias {{ archweb_dir }}/media/img/;
} }
location /retro { location /retro/ {
alias {{ archweb_retro_dir }}; alias {{ archweb_retro_dir }};
} }
......
...@@ -41,7 +41,7 @@ server { ...@@ -41,7 +41,7 @@ server {
return 403; return 403;
} }
location /robots.txt { location = /robots.txt {
alias {{ archwiki_dir }}/robots.txt; alias {{ archwiki_dir }}/robots.txt;
} }
......
...@@ -30,8 +30,8 @@ server { ...@@ -30,8 +30,8 @@ server {
ssl_certificate_key /etc/letsencrypt/live/{{ patchwork_domain }}/privkey.pem; ssl_certificate_key /etc/letsencrypt/live/{{ patchwork_domain }}/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/{{ patchwork_domain }}/chain.pem; ssl_trusted_certificate /etc/letsencrypt/live/{{ patchwork_domain }}/chain.pem;
location /static { location /static/ {
alias {{ patchwork_dir }}/htdocs/static; alias {{ patchwork_dir }}/htdocs/static/;
} }
location / { location / {
......
...@@ -30,13 +30,13 @@ server { ...@@ -30,13 +30,13 @@ server {
ssl_certificate_key /etc/letsencrypt/live/{{ security_tracker_domain }}/privkey.pem; ssl_certificate_key /etc/letsencrypt/live/{{ security_tracker_domain }}/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/{{ security_tracker_domain }}/chain.pem; ssl_trusted_certificate /etc/letsencrypt/live/{{ security_tracker_domain }}/chain.pem;
location /google9fb65bdd43709b25.html { location = /google9fb65bdd43709b25.html {
# verification code for anthraxx # verification code for anthraxx
return 200 "google-site-verification: google9fb65bdd43709b25.html"; return 200 "google-site-verification: google9fb65bdd43709b25.html";
} }
location /static { location /static/ {
alias {{ security_tracker_dir }}/tracker/static; alias {{ security_tracker_dir }}/tracker/static/;
} }
location / { location / {
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment