Commit d1053c03 authored by Evangelos Foutras's avatar Evangelos Foutras 🐱
Browse files

Merge branch 'nginx_single_path_location_blocks' into 'master'

Fix nginx "single path" location blocks

Closes #293

See merge request !455
parents d7f69d80 453bff74
Pipeline #11666 passed with stage
in 34 seconds
...@@ -30,7 +30,7 @@ server { ...@@ -30,7 +30,7 @@ server {
ssl_certificate_key /etc/letsencrypt/live/{{ archweb_domain }}/privkey.pem; ssl_certificate_key /etc/letsencrypt/live/{{ archweb_domain }}/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/{{ archweb_domain }}/chain.pem; ssl_trusted_certificate /etc/letsencrypt/live/{{ archweb_domain }}/chain.pem;
location /releng/netboot { location /releng/netboot/ {
access_log /var/log/nginx/{{ archweb_domain }}/access.log main; access_log /var/log/nginx/{{ archweb_domain }}/access.log main;
access_log /var/log/nginx/{{ archweb_domain }}/access.log.json json_main; access_log /var/log/nginx/{{ archweb_domain }}/access.log.json json_main;
include uwsgi_params; include uwsgi_params;
...@@ -38,11 +38,11 @@ server { ...@@ -38,11 +38,11 @@ server {
} }
# Cache django's css, js and png files. # Cache django's css, js and png files.
location /static { location /static/ {
expires 30d; expires 30d;
add_header Pragma public; add_header Pragma public;
add_header Cache-Control "public"; add_header Cache-Control "public";
alias /srv/http/archweb/collected_static; alias /srv/http/archweb/collected_static/;
} }
location / { location / {
......
...@@ -78,12 +78,12 @@ server { ...@@ -78,12 +78,12 @@ server {
error_page 503 /503.html; error_page 503 /503.html;
location /.well-known/matrix/server { location = /.well-known/matrix/server {
default_type application/json; default_type application/json;
return 200 '{"m.server": "{{ matrix_domain }}:443"}'; return 200 '{"m.server": "{{ matrix_domain }}:443"}';
} }
location /.well-known/matrix/client { location = /.well-known/matrix/client {
default_type application/json; default_type application/json;
add_header Access-Control-Allow-Origin *; add_header Access-Control-Allow-Origin *;
return 200 '{"m.homeserver": {"base_url": "https://{{ matrix_domain }}"}, "m.identity_server": {"base_url": "https://matrix.org"} }'; return 200 '{"m.homeserver": {"base_url": "https://{{ matrix_domain }}"}, "m.identity_server": {"base_url": "https://matrix.org"} }';
......
...@@ -38,7 +38,7 @@ server { ...@@ -38,7 +38,7 @@ server {
include snippets/letsencrypt.conf; include snippets/letsencrypt.conf;
location /.well-known { location /.well-known/ {
add_header Access-Control-Allow-Origin *; add_header Access-Control-Allow-Origin *;
return 301 https://$server_name$request_uri; return 301 https://$server_name$request_uri;
} }
...@@ -62,7 +62,7 @@ server { ...@@ -62,7 +62,7 @@ server {
ssl_certificate_key /etc/letsencrypt/live/{{ archweb_domain }}/privkey.pem; ssl_certificate_key /etc/letsencrypt/live/{{ archweb_domain }}/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/{{ archweb_domain }}/chain.pem; ssl_trusted_certificate /etc/letsencrypt/live/{{ archweb_domain }}/chain.pem;
location /.well-known { location /.well-known/ {
add_header Access-Control-Allow-Origin *; add_header Access-Control-Allow-Origin *;
return 301 https://{{ archweb_domain }}{{ domain['redirect']|default('$request_uri') }}; return 301 https://{{ archweb_domain }}{{ domain['redirect']|default('$request_uri') }};
} }
...@@ -108,12 +108,12 @@ server { ...@@ -108,12 +108,12 @@ server {
ssl_certificate_key /etc/letsencrypt/live/{{ archweb_domain }}/privkey.pem; ssl_certificate_key /etc/letsencrypt/live/{{ archweb_domain }}/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/{{ archweb_domain }}/chain.pem; ssl_trusted_certificate /etc/letsencrypt/live/{{ archweb_domain }}/chain.pem;
location /.well-known/matrix/server { location = /.well-known/matrix/server {
default_type application/json; default_type application/json;
return 200 '{"m.server": "{{ matrix_domain }}:443"}'; return 200 '{"m.server": "{{ matrix_domain }}:443"}';
} }
location /.well-known/matrix/client { location = /.well-known/matrix/client {
default_type application/json; default_type application/json;
add_header Access-Control-Allow-Origin *; add_header Access-Control-Allow-Origin *;
return 200 '{"m.homeserver": {"base_url": "https://{{ matrix_domain }}"}, "m.identity_server": {"base_url": "https://matrix.org"} }'; return 200 '{"m.homeserver": {"base_url": "https://{{ matrix_domain }}"}, "m.identity_server": {"base_url": "https://matrix.org"} }';
......
...@@ -19,7 +19,7 @@ server { ...@@ -19,7 +19,7 @@ server {
access_log /var/log/nginx/{{ repos_domain }}/access.log reduced; access_log /var/log/nginx/{{ repos_domain }}/access.log reduced;
access_log /var/log/nginx/{{ repos_domain }}/access.log.json json_reduced; access_log /var/log/nginx/{{ repos_domain }}/access.log.json json_reduced;
location /lastupdate { location = /lastupdate {
allow all; allow all;
} }
......
...@@ -43,15 +43,15 @@ server { ...@@ -43,15 +43,15 @@ server {
deny all; deny all;
} }
location /setup { location /setup/ {
deny all; deny all;
} }
location /attachments { location /attachments/ {
location ~ \.php$ {return 403;} location ~ \.php$ {return 403;}
} }
location /cache { location /cache/ {
location ~ \.php$ {return 403;} location ~ \.php$ {return 403;}
} }
......
...@@ -31,7 +31,7 @@ server { ...@@ -31,7 +31,7 @@ server {
root {{ keycloak_domain }}; root {{ keycloak_domain }};
# https://w3c.github.io/webappsec-change-password-url/ # https://w3c.github.io/webappsec-change-password-url/
location /.well-known/change-password { location = /.well-known/change-password {
return 302 https://$server_name/auth/realms/archlinux/account/#/security/signingin; return 302 https://$server_name/auth/realms/archlinux/account/#/security/signingin;
} }
......
...@@ -29,16 +29,16 @@ server { ...@@ -29,16 +29,16 @@ server {
ssl_trusted_certificate /etc/letsencrypt/live/{{ lists_domain }}/chain.pem; ssl_trusted_certificate /etc/letsencrypt/live/{{ lists_domain }}/chain.pem;
# redirect old urls # redirect old urls
location /mailman { location /mailman/ {
rewrite ^/mailman/(.*) /$1 permanent; rewrite ^/mailman/(.*) /$1 permanent;
} }
location /icons { location /icons/ {
alias /usr/lib/mailman/icons; alias /usr/lib/mailman/icons/;
} }
location /pipermail { location ~ ^/pipermail(?:/(.*))?$ {
alias /var/lib/mailman/archives/public; alias /var/lib/mailman/archives/public/$1;
add_header Cache-Control "public, no-cache"; add_header Cache-Control "public, no-cache";
autoindex on; autoindex on;
} }
......
...@@ -30,7 +30,7 @@ server { ...@@ -30,7 +30,7 @@ server {
ssl_certificate_key /etc/letsencrypt/live/{{ domain }}/privkey.pem; ssl_certificate_key /etc/letsencrypt/live/{{ domain }}/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/{{ domain }}/chain.pem; ssl_trusted_certificate /etc/letsencrypt/live/{{ domain }}/chain.pem;
location /.well-known/mta-sts.txt { location = /.well-known/mta-sts.txt {
default_type text/plain; default_type text/plain;
return 200 'version: STSv1\nmode: testing\nmax_age: 604800\nmx: {{ config.mx | join('\\nmx: ')}}\n'; return 200 'version: STSv1\nmode: testing\nmax_age: 604800\nmx: {{ config.mx | join('\\nmx: ')}}\n';
} }
......
location /.well-known/acme-challenge { location /.well-known/acme-challenge/ {
root {{ letsencrypt_validation_dir }}; root {{ letsencrypt_validation_dir }};
default_type "text/plain"; default_type "text/plain";
try_files $uri =404; try_files $uri =404;
......
...@@ -23,7 +23,7 @@ server { ...@@ -23,7 +23,7 @@ server {
} }
# https://man.archlinux.org/man/NetworkManager.conf.5#CONNECTIVITY_SECTION # https://man.archlinux.org/man/NetworkManager.conf.5#CONNECTIVITY_SECTION
location /nm-check.txt { location = /nm-check.txt {
access_log off; access_log off;
add_header Cache-Control "max-age=0, must-revalidate"; add_header Cache-Control "max-age=0, must-revalidate";
return 200 'NetworkManager is online\n'; return 200 'NetworkManager is online\n';
......
...@@ -47,12 +47,12 @@ server { ...@@ -47,12 +47,12 @@ server {
add_header Cache-Control "public, must-revalidate, proxy-revalidate"; add_header Cache-Control "public, must-revalidate, proxy-revalidate";
} }
location /api { location /api/ {
proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Real-IP $remote_addr;
proxy_pass http://127.0.0.1:8484; proxy_pass http://127.0.0.1:8484;
} }
location /api/v0/build/report { location = /api/v0/build/report {
client_max_body_size 25M; client_max_body_size 25M;
proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Real-IP $remote_addr;
proxy_pass http://127.0.0.1:8484; proxy_pass http://127.0.0.1:8484;
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment