mirror of
https://gitlab.archlinux.org/archlinux/infrastructure.git
synced 2025-01-18 08:06:16 +01:00
b70d04fa5c
A extra access_log entry was added with the following commands: $ cd roles $ grep -lr access_log | xargs -P 1 -n 1 sed -i '/access_log/ s/\(.*\)\( \)\(\(reduced\|main\);$\)/\1 \3\n\1.json json_\3/'
72 lines
3.1 KiB
Django/Jinja
72 lines
3.1 KiB
Django/Jinja
server {
|
|
listen 80;
|
|
listen [::]:80;
|
|
server_name {{ archive_domain }};
|
|
|
|
access_log /var/log/nginx/{{ archive_domain }}/access.log reduced;
|
|
access_log /var/log/nginx/{{ archive_domain }}/access.log.json json_reduced;
|
|
error_log /var/log/nginx/{{ archive_domain }}/error.log;
|
|
|
|
include snippets/letsencrypt.conf;
|
|
|
|
location / {
|
|
access_log off;
|
|
return 301 https://$server_name$request_uri;
|
|
}
|
|
}
|
|
|
|
server {
|
|
listen 443 ssl http2;
|
|
listen [::]:443 ssl http2;
|
|
server_name {{ archive_domain }};
|
|
|
|
access_log /var/log/nginx/{{ archive_domain }}/access.log reduced;
|
|
access_log /var/log/nginx/{{ archive_domain }}/access.log.json json_reduced;
|
|
error_log /var/log/nginx/{{ archive_domain }}/error.log;
|
|
|
|
ssl_certificate /etc/letsencrypt/live/{{ archive_domain }}/fullchain.pem;
|
|
ssl_certificate_key /etc/letsencrypt/live/{{ archive_domain }}/privkey.pem;
|
|
ssl_trusted_certificate /etc/letsencrypt/live/{{ archive_domain }}/chain.pem;
|
|
|
|
root {{ archive_dir }};
|
|
|
|
location /.all/ {
|
|
# XXX: This regex is reused for /repos/ below! Change both if you change this!
|
|
location ~ ^/.all/(?<filename>(?<pkgname>(?<pkgname_first_char>[^/])[^/]*)-(?<pkgver>[^-/]+)-(?<pkgrel>[0-9.]+)-(?<arch>[^-/]+)\.pkg\.tar(|\.(gz|bz2|xz|zst|lrz|lzo|Z|lz4|lz))(?<sig>\.sig)?)$ {
|
|
# https://stackoverflow.com/questions/22512112/nginx-rewrite-proxy-if-file-not-exists
|
|
try_files $uri @archive1;
|
|
}
|
|
}
|
|
|
|
# XXX: This regex is the same as for .all above. Change both if you change this!
|
|
location ~ ^/(?:repos/\d+/.*|packages/.*)/(?<filename>(?<pkgname>(?<pkgname_first_char>[^/])[^/]*)-(?<pkgver>[^-/]+)-(?<pkgrel>[0-9.]+)-(?<arch>[^-/]+)\.pkg\.tar(|\.(gz|bz2|xz|zst|lrz|lzo|Z|lz4|lz))(?<sig>\.sig)?)$ {
|
|
# https://stackoverflow.com/questions/22512112/nginx-rewrite-proxy-if-file-not-exists
|
|
try_files $uri @archive2;
|
|
}
|
|
# archive.org download URLs look like:
|
|
# https://archive.org/download/archlinux_pkg_lucene__/lucene++-1.4.2-3-i686.pkg.tar.xz
|
|
# We need to remove @.+ in the identifier (archlinux_pkg_*) but keep it in the filename at the end.
|
|
location /archive.org/ {
|
|
# Rewrite @, + and . into _
|
|
# This is recursive so it will work even for multiple replacement,
|
|
# with up to 10 replacements for each character (nginx recursion limit).
|
|
# Idea from https://stackoverflow.com/a/15934256
|
|
rewrite ^/archive\.org/([^@]*)@(.*)/(.*)$ /archive.org/$1_$2/$3;
|
|
rewrite ^/archive\.org/([^\.]*)\.(.*)/(.*)$ /archive.org/$1_$2/$3;
|
|
rewrite ^/archive\.org/([^\+]*)\+(.*)/(.*)$ /archive.org/$1_$2/$3;
|
|
# Once there are no more @.+ in the identifier part, redirect to archive.org
|
|
rewrite ^/archive\.org/([^@\+\.]*/.*)$ https://archive.org/download/$1 redirect;
|
|
}
|
|
|
|
location @archive1 {
|
|
rewrite ^ /packages/$pkgname_first_char/$pkgname/$filename;
|
|
}
|
|
|
|
location @archive2 {
|
|
rewrite ^ /archive.org/archlinux_pkg_$pkgname/$filename last;
|
|
}
|
|
|
|
autoindex on;
|
|
autoindex_exact_size off;
|
|
}
|