mirror/ infrastructure
1
1
Fork 0
mirror of https://gitlab.archlinux.org/archlinux/infrastructure.git synced 2024-05-30 19:46:09 +02:00
Code Issues

Fix nginx "single path" location blocks

This commit is contained in:
Amin Vakil 2021-10-03 15:06:54 +00:00 committed by Evangelos Foutras
parent d7f69d8046
commit 453bff7437
11 changed files with 24 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
roles/archweb/templates/ipxe.archlinux.org.j2
View File

@ -30,7 +30,7 @@ server {
ssl_certificate_key /etc/letsencrypt/live/{{ archweb_domain }}/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/{{ archweb_domain }}/chain.pem;
location /releng/netboot {
location /releng/netboot/ {
access_log /var/log/nginx/{{ archweb_domain }}/access.log main;
access_log /var/log/nginx/{{ archweb_domain }}/access.log.json json_main;
include uwsgi_params;
@ -38,11 +38,11 @@ server {
}
# Cache django's css, js and png files.
location /static {
location /static/ {
expires 30d;
add_header Pragma public;
add_header Cache-Control "public";
alias /srv/http/archweb/collected_static;
alias /srv/http/archweb/collected_static/;
}
location / {

4
roles/archweb/templates/maintenance-nginx.d.conf.j2
View File

@ -78,12 +78,12 @@ server {
error_page 503 /503.html;
location /.well-known/matrix/server {
location = /.well-known/matrix/server {
default_type application/json;
return 200 '{"m.server": "{{ matrix_domain }}:443"}';
}
location /.well-known/matrix/client {
location = /.well-known/matrix/client {
default_type application/json;
add_header Access-Control-Allow-Origin *;
return 200 '{"m.homeserver": {"base_url": "https://{{ matrix_domain }}"}, "m.identity_server": {"base_url": "https://matrix.org"} }';

8
roles/archweb/templates/nginx.d.conf.j2
View File

@ -38,7 +38,7 @@ server {
include snippets/letsencrypt.conf;
location /.well-known {
location /.well-known/ {
add_header Access-Control-Allow-Origin *;
return 301 https://$server_name$request_uri;
}
@ -62,7 +62,7 @@ server {
ssl_certificate_key /etc/letsencrypt/live/{{ archweb_domain }}/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/{{ archweb_domain }}/chain.pem;
location /.well-known {
location /.well-known/ {
add_header Access-Control-Allow-Origin *;
return 301 https://{{ archweb_domain }}{{ domain['redirect']|default('$request_uri') }};
}
@ -108,12 +108,12 @@ server {
ssl_certificate_key /etc/letsencrypt/live/{{ archweb_domain }}/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/{{ archweb_domain }}/chain.pem;
location /.well-known/matrix/server {
location = /.well-known/matrix/server {
default_type application/json;
return 200 '{"m.server": "{{ matrix_domain }}:443"}';
}
location /.well-known/matrix/client {
location = /.well-known/matrix/client {
default_type application/json;
add_header Access-Control-Allow-Origin *;
return 200 '{"m.homeserver": {"base_url": "https://{{ matrix_domain }}"}, "m.identity_server": {"base_url": "https://matrix.org"} }';

2
roles/dbscripts/templates/nginx.d.conf.j2
View File

@ -19,7 +19,7 @@ server {
access_log /var/log/nginx/{{ repos_domain }}/access.log reduced;
access_log /var/log/nginx/{{ repos_domain }}/access.log.json json_reduced;
location /lastupdate {
location = /lastupdate {
allow all;
}

6
roles/flyspray/templates/nginx.d.conf.j2
View File

@ -43,15 +43,15 @@ server {
deny all;
}
location /setup {
location /setup/ {
deny all;
}
location /attachments {
location /attachments/ {
location ~ \.php$ {return 403;}
}
location /cache {
location /cache/ {
location ~ \.php$ {return 403;}
}

2
roles/keycloak/templates/nginx.d.conf.j2
View File

@ -31,7 +31,7 @@ server {
root {{ keycloak_domain }};
# https://w3c.github.io/webappsec-change-password-url/
location /.well-known/change-password {
location = /.well-known/change-password {
return 302 https://$server_name/auth/realms/archlinux/account/#/security/signingin;
}

10
roles/mailman/templates/nginx.d.conf.j2
View File

@ -29,16 +29,16 @@ server {
ssl_trusted_certificate /etc/letsencrypt/live/{{ lists_domain }}/chain.pem;
# redirect old urls
location /mailman {
location /mailman/ {
rewrite ^/mailman/(.*) /$1 permanent;
}
location /icons {
alias /usr/lib/mailman/icons;
location /icons/ {
alias /usr/lib/mailman/icons/;
}
location /pipermail {
alias /var/lib/mailman/archives/public;
location ~ ^/pipermail(?:/(.*))?$ {
alias /var/lib/mailman/archives/public/$1;
add_header Cache-Control "public, no-cache";
autoindex on;
}

2
roles/mta_sts/templates/nginx.d.conf.j2
View File

@ -30,7 +30,7 @@ server {
ssl_certificate_key /etc/letsencrypt/live/{{ domain }}/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/{{ domain }}/chain.pem;
location /.well-known/mta-sts.txt {
location = /.well-known/mta-sts.txt {
default_type text/plain;
return 200 'version: STSv1\nmode: testing\nmax_age: 604800\nmx: {{ config.mx | join('\\nmx: ')}}\n';
}

2
roles/nginx/templates/letsencrypt.conf
View File

@ -1,4 +1,4 @@
location /.well-known/acme-challenge {
location /.well-known/acme-challenge/ {
root {{ letsencrypt_validation_dir }};
default_type "text/plain";
try_files $uri =404;

2
roles/ping/templates/nginx.d.conf.j2
View File

@ -23,7 +23,7 @@ server {
}
# https://man.archlinux.org/man/NetworkManager.conf.5#CONNECTIVITY_SECTION
location /nm-check.txt {
location = /nm-check.txt {
access_log off;
add_header Cache-Control "max-age=0, must-revalidate";
return 200 'NetworkManager is online\n';

4
roles/rebuilderd/templates/nginx.d.conf.j2
View File

@ -47,12 +47,12 @@ server {
add_header Cache-Control "public, must-revalidate, proxy-revalidate";
}
location /api {
location /api/ {
proxy_set_header X-Real-IP $remote_addr;
proxy_pass http://127.0.0.1:8484;
}
location /api/v0/build/report {
location = /api/v0/build/report {
client_max_body_size 25M;
proxy_set_header X-Real-IP $remote_addr;
proxy_pass http://127.0.0.1:8484;