mirror of
https://gitlab.archlinux.org/archlinux/infrastructure.git
synced 2024-09-20 19:05:40 +02:00
Fix nginx alias traversal
[1] 641060d635/docs/en/plugins/aliastraversal.md
Fix #291
This commit is contained in:
parent
9209db2211
commit
d94f18a750
@ -30,16 +30,16 @@ server {
|
||||
ssl_certificate_key /etc/letsencrypt/live/{{ archmanweb_domain }}/privkey.pem;
|
||||
ssl_trusted_certificate /etc/letsencrypt/live/{{ archmanweb_domain }}/chain.pem;
|
||||
|
||||
location /favicon.ico {
|
||||
location = /favicon.ico {
|
||||
alias {{ archmanweb_dir }}/repo/collected_static/favicon.ico;
|
||||
}
|
||||
|
||||
# Client-cache for Django's static assets
|
||||
location /static {
|
||||
location /static/ {
|
||||
expires 30d;
|
||||
add_header Pragma public;
|
||||
add_header Cache-Control "public";
|
||||
alias {{ archmanweb_dir }}/repo/collected_static;
|
||||
alias {{ archmanweb_dir }}/repo/collected_static/;
|
||||
}
|
||||
|
||||
location / {
|
||||
|
@ -44,5 +44,5 @@ archweb_db_backup_table_objs: 'ALL_IN_SCHEMA'
|
||||
archweb_db_backup_sequence_objs: 'ALL_IN_SCHEMA'
|
||||
|
||||
archweb_retro_repository: 'https://gitlab.archlinux.org/archlinux/archweb-retro.git'
|
||||
archweb_retro_dir: '/srv/http/archweb-retro'
|
||||
archweb_retro_dir: '/srv/http/archweb-retro/'
|
||||
archweb_retro_commit_hash: '7eee8e20d3970c7c21ecef7ae8c9032e4b4a6d79'
|
||||
|
@ -85,35 +85,35 @@ server {
|
||||
return 200 '{"m.homeserver": {"base_url": "https://{{ matrix_domain }}"}, "m.identity_server": {"base_url": "https://matrix.org"} }';
|
||||
}
|
||||
|
||||
location /robots.txt {
|
||||
location = /robots.txt {
|
||||
alias {{ archweb_dir }}/archlinux.org/robots.txt;
|
||||
}
|
||||
|
||||
location /humans.txt {
|
||||
location = /humans.txt {
|
||||
alias {{ archweb_dir }}/archlinux.org/humans.txt;
|
||||
}
|
||||
|
||||
location /google7827eadf026b4a87.html {
|
||||
location = /google7827eadf026b4a87.html {
|
||||
alias {{ archweb_dir }}/archlinux.org/google7827eadf026b4a87.html;
|
||||
}
|
||||
|
||||
location /BingSiteAuth.xml {
|
||||
location = /BingSiteAuth.xml {
|
||||
alias {{ archweb_dir }}/archlinux.org/BingSiteAuth.xml;
|
||||
}
|
||||
|
||||
location /favicon.ico {
|
||||
location = /favicon.ico {
|
||||
alias {{ archweb_dir }}/collected_static/favicon.ico;
|
||||
}
|
||||
|
||||
location /pacman {
|
||||
location /pacman/ {
|
||||
alias {{ archweb_dir }}/archlinux.org/pacman/;
|
||||
}
|
||||
|
||||
location /netcfg {
|
||||
location /netcfg/ {
|
||||
alias {{ archweb_dir }}/archlinux.org/netcfg/;
|
||||
}
|
||||
|
||||
location /logos {
|
||||
location /logos/ {
|
||||
alias {{ archweb_dir }}/archlinux.org/logos/;
|
||||
}
|
||||
|
||||
@ -121,23 +121,23 @@ server {
|
||||
deny all;
|
||||
}
|
||||
|
||||
location /iso {
|
||||
location /iso/ {
|
||||
alias {{ archweb_rsync_iso_dir }};
|
||||
}
|
||||
|
||||
# Cache django's css, js and png files.
|
||||
location /static {
|
||||
location /static/ {
|
||||
expires 30d;
|
||||
add_header Pragma public;
|
||||
add_header Cache-Control "public";
|
||||
alias {{ archweb_dir }}/collected_static;
|
||||
alias {{ archweb_dir }}/collected_static/;
|
||||
}
|
||||
|
||||
location /img {
|
||||
alias {{ archweb_dir }}/media/img;
|
||||
location /img/ {
|
||||
alias {{ archweb_dir }}/media/img/;
|
||||
}
|
||||
|
||||
location /retro {
|
||||
location /retro/ {
|
||||
alias {{ archweb_retro_dir }};
|
||||
}
|
||||
|
||||
|
@ -106,35 +106,35 @@ server {
|
||||
return 200 '{"m.homeserver": {"base_url": "https://{{ matrix_domain }}"}, "m.identity_server": {"base_url": "https://matrix.org"} }';
|
||||
}
|
||||
|
||||
location /robots.txt {
|
||||
location = /robots.txt {
|
||||
alias {{ archweb_dir }}/archlinux.org/robots.txt;
|
||||
}
|
||||
|
||||
location /humans.txt {
|
||||
location = /humans.txt {
|
||||
alias {{ archweb_dir }}/archlinux.org/humans.txt;
|
||||
}
|
||||
|
||||
location /google7827eadf026b4a87.html {
|
||||
location = /google7827eadf026b4a87.html {
|
||||
alias {{ archweb_dir }}/archlinux.org/google7827eadf026b4a87.html;
|
||||
}
|
||||
|
||||
location /BingSiteAuth.xml {
|
||||
location = /BingSiteAuth.xml {
|
||||
alias {{ archweb_dir }}/archlinux.org/BingSiteAuth.xml;
|
||||
}
|
||||
|
||||
location /favicon.ico {
|
||||
location = /favicon.ico {
|
||||
alias {{ archweb_dir }}/collected_static/favicon.ico;
|
||||
}
|
||||
|
||||
location /pacman {
|
||||
location /pacman/ {
|
||||
alias {{ archweb_dir }}/archlinux.org/pacman/;
|
||||
}
|
||||
|
||||
location /netcfg {
|
||||
location /netcfg/ {
|
||||
alias {{ archweb_dir }}/archlinux.org/netcfg/;
|
||||
}
|
||||
|
||||
location /logos {
|
||||
location /logos/ {
|
||||
alias {{ archweb_dir }}/archlinux.org/logos/;
|
||||
}
|
||||
|
||||
@ -142,23 +142,23 @@ server {
|
||||
deny all;
|
||||
}
|
||||
|
||||
location /iso {
|
||||
location /iso/ {
|
||||
alias {{ archweb_rsync_iso_dir }};
|
||||
}
|
||||
|
||||
# Cache django's css, js and png files.
|
||||
location /static {
|
||||
location /static/ {
|
||||
expires 30d;
|
||||
add_header Pragma public;
|
||||
add_header Cache-Control "public";
|
||||
alias {{ archweb_dir }}/collected_static;
|
||||
alias {{ archweb_dir }}/collected_static/;
|
||||
}
|
||||
|
||||
location /img {
|
||||
alias {{ archweb_dir }}/media/img;
|
||||
location /img/ {
|
||||
alias {{ archweb_dir }}/media/img/;
|
||||
}
|
||||
|
||||
location /retro {
|
||||
location /retro/ {
|
||||
alias {{ archweb_retro_dir }};
|
||||
}
|
||||
|
||||
|
@ -41,7 +41,7 @@ server {
|
||||
return 403;
|
||||
}
|
||||
|
||||
location /robots.txt {
|
||||
location = /robots.txt {
|
||||
alias {{ archwiki_dir }}/robots.txt;
|
||||
}
|
||||
|
||||
|
@ -30,8 +30,8 @@ server {
|
||||
ssl_certificate_key /etc/letsencrypt/live/{{ patchwork_domain }}/privkey.pem;
|
||||
ssl_trusted_certificate /etc/letsencrypt/live/{{ patchwork_domain }}/chain.pem;
|
||||
|
||||
location /static {
|
||||
alias {{ patchwork_dir }}/htdocs/static;
|
||||
location /static/ {
|
||||
alias {{ patchwork_dir }}/htdocs/static/;
|
||||
}
|
||||
|
||||
location / {
|
||||
|
@ -30,13 +30,13 @@ server {
|
||||
ssl_certificate_key /etc/letsencrypt/live/{{ security_tracker_domain }}/privkey.pem;
|
||||
ssl_trusted_certificate /etc/letsencrypt/live/{{ security_tracker_domain }}/chain.pem;
|
||||
|
||||
location /google9fb65bdd43709b25.html {
|
||||
location = /google9fb65bdd43709b25.html {
|
||||
# verification code for anthraxx
|
||||
return 200 "google-site-verification: google9fb65bdd43709b25.html";
|
||||
}
|
||||
|
||||
location /static {
|
||||
alias {{ security_tracker_dir }}/tracker/static;
|
||||
location /static/ {
|
||||
alias {{ security_tracker_dir }}/tracker/static/;
|
||||
}
|
||||
|
||||
location / {
|
||||
|
Loading…
Reference in New Issue
Block a user