From 93f5d62db2001be339955b2737ff0a4c47ae360c Mon Sep 17 00:00:00 2001
From: "Jan Alexander Steffens (heftig)" <jan.steffens@gmail.com>
Date: Thu, 5 Sep 2019 20:48:44 +0200
Subject: [PATCH] nginx: Use matchless https redirection
https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/#taxing-rewrites
---
roles/archive/templates/nginx.d.conf.j2 | 2 +-
roles/archweb/defaults/main.yml | 2 +-
roles/archweb/templates/nginx.d.conf.j2 | 12 ++++++------
roles/archwiki/templates/nginx.d.conf.j2 | 2 +-
roles/conf.archlinux.org/templates/nginx.d.conf.j2 | 2 +-
roles/flyspray/templates/nginx.d.conf.j2 | 2 +-
roles/grafana/templates/nginx.d.conf.j2 | 2 +-
roles/kanboard/templates/nginx.d.conf.j2 | 2 +-
roles/mailman/templates/nginx.d.conf.j2 | 4 ++--
roles/matrix/templates/nginx.d.conf.j2 | 2 +-
roles/patchwork/templates/nginx.d.conf.j2 | 2 +-
roles/planet/templates/nginx.d.conf.j2 | 2 +-
roles/public_html/templates/nginx.d.conf.j2 | 2 +-
roles/security_tracker/templates/nginx.d.conf.j2 | 2 +-
roles/sources/templates/nginx.d.conf.j2 | 2 +-
roles/zabbix-server/templates/nginx.d.conf.j2 | 2 +-
16 files changed, 22 insertions(+), 22 deletions(-)
diff --git a/roles/archive/templates/nginx.d.conf.j2 b/roles/archive/templates/nginx.d.conf.j2
index 1d6baeab0..3a5dc37e2 100644
--- a/roles/archive/templates/nginx.d.conf.j2
+++ b/roles/archive/templates/nginx.d.conf.j2
@@ -10,7 +10,7 @@ server {
location / {
access_log off;
- rewrite ^(.*) https://$server_name$1 permanent;
+ return 301 https://$server_name$request_uri;
}
}
diff --git a/roles/archweb/defaults/main.yml b/roles/archweb/defaults/main.yml
index fb1e6a66b..117ad23a8 100644
--- a/roles/archweb/defaults/main.yml
+++ b/roles/archweb/defaults/main.yml
@@ -5,7 +5,7 @@ archweb_alternate_domains: ['archlinux.org', 'master-key.archlinux.org', 'dev.ar
archweb_domains_redirects:
'master-key.archlinux.org': '/master-keys'
'dev.archlinux.org': '/'
- 'packages.archlinux.org': '/packages$1'
+ 'packages.archlinux.org': '/packages$request_uri'
archweb_repository: 'https://github.com/archlinux/archweb.git'
archweb_version: release_2019-08-01
archweb_site: true
diff --git a/roles/archweb/templates/nginx.d.conf.j2 b/roles/archweb/templates/nginx.d.conf.j2
index a89014ba8..0cb859cd4 100644
--- a/roles/archweb/templates/nginx.d.conf.j2
+++ b/roles/archweb/templates/nginx.d.conf.j2
@@ -16,7 +16,7 @@ server {
location / {
access_log off;
- rewrite ^(.*) https://{{ domain }}$1 permanent;
+ return 301 https://$server_name$request_uri;
}
}
@@ -34,12 +34,12 @@ server {
location / {
access_log off;
- rewrite ^(.*) https://{{ archweb_domain }}
+ return 301 https://{{ archweb_domain }}
{%- if archweb_domains_redirects -%}
- {{ archweb_domains_redirects[domain]|default('$1') }}
+ {{ archweb_domains_redirects[domain]|default('$request_uri') }}
{%- else -%}
- $1
- {%- endif %} permanent;
+ $request_uri
+ {%- endif %};
}
}
{% endfor %}
@@ -66,7 +66,7 @@ server {
location / {
access_log off;
- rewrite ^(.*) https://{{ archweb_domain }}$1 permanent;
+ return 301 https://$server_name$request_uri;
}
}
diff --git a/roles/archwiki/templates/nginx.d.conf.j2 b/roles/archwiki/templates/nginx.d.conf.j2
index b9458cf13..b49a9dcdf 100644
--- a/roles/archwiki/templates/nginx.d.conf.j2
+++ b/roles/archwiki/templates/nginx.d.conf.j2
@@ -14,7 +14,7 @@ server {
location / {
access_log off;
- rewrite ^(.*) https://$server_name$1 permanent;
+ return 301 https://$server_name$request_uri;
}
}
diff --git a/roles/conf.archlinux.org/templates/nginx.d.conf.j2 b/roles/conf.archlinux.org/templates/nginx.d.conf.j2
index 71d59aeed..366fc62b4 100644
--- a/roles/conf.archlinux.org/templates/nginx.d.conf.j2
+++ b/roles/conf.archlinux.org/templates/nginx.d.conf.j2
@@ -10,7 +10,7 @@ server {
location / {
access_log off;
- rewrite ^(.*) https://$server_name$1 permanent;
+ return 301 https://$server_name$request_uri;
}
}
diff --git a/roles/flyspray/templates/nginx.d.conf.j2 b/roles/flyspray/templates/nginx.d.conf.j2
index 6fe3cf716..fdd90de4e 100644
--- a/roles/flyspray/templates/nginx.d.conf.j2
+++ b/roles/flyspray/templates/nginx.d.conf.j2
@@ -14,7 +14,7 @@ server {
location / {
access_log off;
- rewrite ^(.*) https://$server_name$1 permanent;
+ return 301 https://$server_name$request_uri;
}
}
diff --git a/roles/grafana/templates/nginx.d.conf.j2 b/roles/grafana/templates/nginx.d.conf.j2
index ce2e119d3..64ddc8e8c 100644
--- a/roles/grafana/templates/nginx.d.conf.j2
+++ b/roles/grafana/templates/nginx.d.conf.j2
@@ -14,7 +14,7 @@ server {
location / {
access_log off;
- rewrite ^(.*) https://$server_name$1 permanent;
+ return 301 https://$server_name$request_uri;
}
}
diff --git a/roles/kanboard/templates/nginx.d.conf.j2 b/roles/kanboard/templates/nginx.d.conf.j2
index 36cdd05ab..6f4aaefdb 100644
--- a/roles/kanboard/templates/nginx.d.conf.j2
+++ b/roles/kanboard/templates/nginx.d.conf.j2
@@ -14,7 +14,7 @@ server {
location / {
access_log off;
- rewrite ^(.*) https://$server_name$1 permanent;
+ return 301 https://$server_name$request_uri;
}
}
diff --git a/roles/mailman/templates/nginx.d.conf.j2 b/roles/mailman/templates/nginx.d.conf.j2
index 0a06de73a..b532b439c 100644
--- a/roles/mailman/templates/nginx.d.conf.j2
+++ b/roles/mailman/templates/nginx.d.conf.j2
@@ -10,7 +10,7 @@ server {
location / {
access_log off;
- rewrite ^(.*) https://{{ mailman_domain }}$1 permanent;
+ return 301 https://{{ mailman_domain }}$request_uri;
}
}
@@ -28,6 +28,6 @@ server {
location / {
access_log off;
- rewrite ^(.*) https://{{ mailman_domain }}$1 permanent;
+ return 301 https://{{ mailman_domain }}$request_uri;
}
}
diff --git a/roles/matrix/templates/nginx.d.conf.j2 b/roles/matrix/templates/nginx.d.conf.j2
index 27c0e338f..51d8678eb 100644
--- a/roles/matrix/templates/nginx.d.conf.j2
+++ b/roles/matrix/templates/nginx.d.conf.j2
@@ -14,7 +14,7 @@ server {
location / {
access_log off;
- rewrite ^(.*) https://{{ matrix_domain }}$1 permanent;
+ return 301 https://$server_name$request_uri;
}
}
diff --git a/roles/patchwork/templates/nginx.d.conf.j2 b/roles/patchwork/templates/nginx.d.conf.j2
index 8b3ba43c0..5c9e783f7 100644
--- a/roles/patchwork/templates/nginx.d.conf.j2
+++ b/roles/patchwork/templates/nginx.d.conf.j2
@@ -14,7 +14,7 @@ server {
location / {
access_log off;
- rewrite ^(.*) https://{{ patchwork_domain }}$1 permanent;
+ return 301 https://$server_name$request_uri;
}
}
diff --git a/roles/planet/templates/nginx.d.conf.j2 b/roles/planet/templates/nginx.d.conf.j2
index b48488cc0..4fa466471 100644
--- a/roles/planet/templates/nginx.d.conf.j2
+++ b/roles/planet/templates/nginx.d.conf.j2
@@ -10,7 +10,7 @@ server {
location / {
access_log off;
- rewrite ^(.*) https://$server_name$1 permanent;
+ return 301 https://$server_name$request_uri;
}
}
diff --git a/roles/public_html/templates/nginx.d.conf.j2 b/roles/public_html/templates/nginx.d.conf.j2
index 55e1d4830..b2aee0577 100644
--- a/roles/public_html/templates/nginx.d.conf.j2
+++ b/roles/public_html/templates/nginx.d.conf.j2
@@ -11,7 +11,7 @@ server {
location / {
access_log off;
- rewrite ^(.*) https://$server_name$1 permanent;
+ return 301 https://$server_name$request_uri;
}
}
diff --git a/roles/security_tracker/templates/nginx.d.conf.j2 b/roles/security_tracker/templates/nginx.d.conf.j2
index 8e699b87e..cfdd87267 100644
--- a/roles/security_tracker/templates/nginx.d.conf.j2
+++ b/roles/security_tracker/templates/nginx.d.conf.j2
@@ -14,7 +14,7 @@ server {
location / {
access_log off;
- rewrite ^(.*) https://$server_name$1 permanent;
+ return 301 https://$server_name$request_uri;
}
}
diff --git a/roles/sources/templates/nginx.d.conf.j2 b/roles/sources/templates/nginx.d.conf.j2
index 26464029d..f325ee988 100644
--- a/roles/sources/templates/nginx.d.conf.j2
+++ b/roles/sources/templates/nginx.d.conf.j2
@@ -10,7 +10,7 @@ server {
location / {
access_log off;
- rewrite ^(.*) https://$server_name$1 permanent;
+ return 301 https://$server_name$request_uri;
}
}
diff --git a/roles/zabbix-server/templates/nginx.d.conf.j2 b/roles/zabbix-server/templates/nginx.d.conf.j2
index 1c243c950..6860edb30 100644
--- a/roles/zabbix-server/templates/nginx.d.conf.j2
+++ b/roles/zabbix-server/templates/nginx.d.conf.j2
@@ -14,7 +14,7 @@ server {
location / {
access_log off;
- rewrite ^(.*) https://$server_name$1 permanent;
+ return 301 https://$server_name$request_uri;
}
}
--
GitLab