Commit d1053c03 authored by Evangelos Foutras's avatar Evangelos Foutras 🐱
Browse files

Merge branch 'nginx_single_path_location_blocks' into 'master'

Fix nginx "single path" location blocks

Closes #293

See merge request !455
parents d7f69d80 453bff74
Pipeline #11666 passed with stage
in 34 seconds
......@@ -30,7 +30,7 @@ server {
ssl_certificate_key /etc/letsencrypt/live/{{ archweb_domain }}/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/{{ archweb_domain }}/chain.pem;
location /releng/netboot {
location /releng/netboot/ {
access_log /var/log/nginx/{{ archweb_domain }}/access.log main;
access_log /var/log/nginx/{{ archweb_domain }}/access.log.json json_main;
include uwsgi_params;
......@@ -38,11 +38,11 @@ server {
}
# Cache django's css, js and png files.
location /static {
location /static/ {
expires 30d;
add_header Pragma public;
add_header Cache-Control "public";
alias /srv/http/archweb/collected_static;
alias /srv/http/archweb/collected_static/;
}
location / {
......
......@@ -78,12 +78,12 @@ server {
error_page 503 /503.html;
location /.well-known/matrix/server {
location = /.well-known/matrix/server {
default_type application/json;
return 200 '{"m.server": "{{ matrix_domain }}:443"}';
}
location /.well-known/matrix/client {
location = /.well-known/matrix/client {
default_type application/json;
add_header Access-Control-Allow-Origin *;
return 200 '{"m.homeserver": {"base_url": "https://{{ matrix_domain }}"}, "m.identity_server": {"base_url": "https://matrix.org"} }';
......
......@@ -38,7 +38,7 @@ server {
include snippets/letsencrypt.conf;
location /.well-known {
location /.well-known/ {
add_header Access-Control-Allow-Origin *;
return 301 https://$server_name$request_uri;
}
......@@ -62,7 +62,7 @@ server {
ssl_certificate_key /etc/letsencrypt/live/{{ archweb_domain }}/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/{{ archweb_domain }}/chain.pem;
location /.well-known {
location /.well-known/ {
add_header Access-Control-Allow-Origin *;
return 301 https://{{ archweb_domain }}{{ domain['redirect']|default('$request_uri') }};
}
......@@ -108,12 +108,12 @@ server {
ssl_certificate_key /etc/letsencrypt/live/{{ archweb_domain }}/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/{{ archweb_domain }}/chain.pem;
location /.well-known/matrix/server {
location = /.well-known/matrix/server {
default_type application/json;
return 200 '{"m.server": "{{ matrix_domain }}:443"}';
}
location /.well-known/matrix/client {
location = /.well-known/matrix/client {
default_type application/json;
add_header Access-Control-Allow-Origin *;
return 200 '{"m.homeserver": {"base_url": "https://{{ matrix_domain }}"}, "m.identity_server": {"base_url": "https://matrix.org"} }';
......
......@@ -19,7 +19,7 @@ server {
access_log /var/log/nginx/{{ repos_domain }}/access.log reduced;
access_log /var/log/nginx/{{ repos_domain }}/access.log.json json_reduced;
location /lastupdate {
location = /lastupdate {
allow all;
}
......
......@@ -43,15 +43,15 @@ server {
deny all;
}
location /setup {
location /setup/ {
deny all;
}
location /attachments {
location /attachments/ {
location ~ \.php$ {return 403;}
}
location /cache {
location /cache/ {
location ~ \.php$ {return 403;}
}
......
......@@ -31,7 +31,7 @@ server {
root {{ keycloak_domain }};
# https://w3c.github.io/webappsec-change-password-url/
location /.well-known/change-password {
location = /.well-known/change-password {
return 302 https://$server_name/auth/realms/archlinux/account/#/security/signingin;
}
......
......@@ -29,16 +29,16 @@ server {
ssl_trusted_certificate /etc/letsencrypt/live/{{ lists_domain }}/chain.pem;
# redirect old urls
location /mailman {
location /mailman/ {
rewrite ^/mailman/(.*) /$1 permanent;
}
location /icons {
alias /usr/lib/mailman/icons;
location /icons/ {
alias /usr/lib/mailman/icons/;
}
location /pipermail {
alias /var/lib/mailman/archives/public;
location ~ ^/pipermail(?:/(.*))?$ {
alias /var/lib/mailman/archives/public/$1;
add_header Cache-Control "public, no-cache";
autoindex on;
}
......
......@@ -30,7 +30,7 @@ server {
ssl_certificate_key /etc/letsencrypt/live/{{ domain }}/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/{{ domain }}/chain.pem;
location /.well-known/mta-sts.txt {
location = /.well-known/mta-sts.txt {
default_type text/plain;
return 200 'version: STSv1\nmode: testing\nmax_age: 604800\nmx: {{ config.mx | join('\\nmx: ')}}\n';
}
......
location /.well-known/acme-challenge {
location /.well-known/acme-challenge/ {
root {{ letsencrypt_validation_dir }};
default_type "text/plain";
try_files $uri =404;
......
......@@ -23,7 +23,7 @@ server {
}
# https://man.archlinux.org/man/NetworkManager.conf.5#CONNECTIVITY_SECTION
location /nm-check.txt {
location = /nm-check.txt {
access_log off;
add_header Cache-Control "max-age=0, must-revalidate";
return 200 'NetworkManager is online\n';
......
......@@ -47,12 +47,12 @@ server {
add_header Cache-Control "public, must-revalidate, proxy-revalidate";
}
location /api {
location /api/ {
proxy_set_header X-Real-IP $remote_addr;
proxy_pass http://127.0.0.1:8484;
}
location /api/v0/build/report {
location = /api/v0/build/report {
client_max_body_size 25M;
proxy_set_header X-Real-IP $remote_addr;
proxy_pass http://127.0.0.1:8484;
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment