mirror of
https://gitlab.archlinux.org/archlinux/infrastructure.git
synced 2025-01-18 08:06:16 +01:00
7b14027a45
> 2024/06/02 11:05:53 \[warn\] 30324#30324: the "listen ... http2" directive is deprecated, use the "http2" directive instead Fixes https://gitlab.archlinux.org/archlinux/infrastructure/-/issues/589
73 lines
3.1 KiB
Django/Jinja
73 lines
3.1 KiB
Django/Jinja
server {
|
|
listen 80;
|
|
listen [::]:80;
|
|
server_name {{ archive_domain }};
|
|
|
|
access_log /var/log/nginx/{{ archive_domain }}/access.log reduced;
|
|
access_log /var/log/nginx/{{ archive_domain }}/access.log.json json_reduced;
|
|
error_log /var/log/nginx/{{ archive_domain }}/error.log;
|
|
|
|
include snippets/letsencrypt.conf;
|
|
|
|
location / {
|
|
access_log off;
|
|
return 301 https://$server_name$request_uri;
|
|
}
|
|
}
|
|
|
|
server {
|
|
listen 443 ssl;
|
|
listen [::]:443 ssl;
|
|
http2 on;
|
|
server_name {{ archive_domain }};
|
|
|
|
access_log /var/log/nginx/{{ archive_domain }}/access.log reduced;
|
|
access_log /var/log/nginx/{{ archive_domain }}/access.log.json json_reduced;
|
|
error_log /var/log/nginx/{{ archive_domain }}/error.log;
|
|
|
|
ssl_certificate /etc/letsencrypt/live/{{ archive_domain }}/fullchain.pem;
|
|
ssl_certificate_key /etc/letsencrypt/live/{{ archive_domain }}/privkey.pem;
|
|
ssl_trusted_certificate /etc/letsencrypt/live/{{ archive_domain }}/chain.pem;
|
|
|
|
root {{ archive_dir }};
|
|
|
|
location /.all/ {
|
|
# XXX: This regex is reused for /repos/ below! Change both if you change this!
|
|
location ~ ^/.all/(?<filename>(?<pkgname>(?<pkgname_first_char>[^/])[^/]*)-(?<pkgver>[^-/]+)-(?<pkgrel>[0-9.]+)-(?<arch>[^-/]+)\.pkg\.tar(|\.(gz|bz2|xz|zst|lrz|lzo|Z|lz4|lz))(?<sig>\.sig)?)$ {
|
|
# https://stackoverflow.com/questions/22512112/nginx-rewrite-proxy-if-file-not-exists
|
|
try_files $uri @archive1;
|
|
}
|
|
}
|
|
|
|
# XXX: This regex is the same as for .all above. Change both if you change this!
|
|
location ~ ^/(?:repos/\d+/.*|packages/.*)/(?<filename>(?<pkgname>(?<pkgname_first_char>[^/])[^/]*)-(?<pkgver>[^-/]+)-(?<pkgrel>[0-9.]+)-(?<arch>[^-/]+)\.pkg\.tar(|\.(gz|bz2|xz|zst|lrz|lzo|Z|lz4|lz))(?<sig>\.sig)?)$ {
|
|
# https://stackoverflow.com/questions/22512112/nginx-rewrite-proxy-if-file-not-exists
|
|
try_files $uri @archive2;
|
|
}
|
|
# archive.org download URLs look like:
|
|
# https://archive.org/download/archlinux_pkg_lucene__/lucene++-1.4.2-3-i686.pkg.tar.xz
|
|
# We need to remove @.+ in the identifier (archlinux_pkg_*) but keep it in the filename at the end.
|
|
location /archive.org/ {
|
|
# Rewrite @, + and . into _
|
|
# This is recursive so it will work even for multiple replacement,
|
|
# with up to 10 replacements for each character (nginx recursion limit).
|
|
# Idea from https://stackoverflow.com/a/15934256
|
|
rewrite ^/archive\.org/([^@]*)@(.*)/(.*)$ /archive.org/$1_$2/$3;
|
|
rewrite ^/archive\.org/([^\.]*)\.(.*)/(.*)$ /archive.org/$1_$2/$3;
|
|
rewrite ^/archive\.org/([^\+]*)\+(.*)/(.*)$ /archive.org/$1_$2/$3;
|
|
# Once there are no more @.+ in the identifier part, redirect to archive.org
|
|
rewrite ^/archive\.org/([^@\+\.]*/.*)$ https://archive.org/download/$1 redirect;
|
|
}
|
|
|
|
location @archive1 {
|
|
rewrite ^ /packages/$pkgname_first_char/$pkgname/$filename;
|
|
}
|
|
|
|
location @archive2 {
|
|
rewrite ^ /archive.org/archlinux_pkg_$pkgname/$filename last;
|
|
}
|
|
|
|
autoindex on;
|
|
autoindex_exact_size off;
|
|
}
|