infrastructure/roles/archweb/templates/nginx.d.conf.j2

upstream archweb {
    server unix:///run/uwsgi/archweb.sock;
}

{% if archweb_domains_templates -%}
{% for domain in archweb_domains_templates | dict2items(key_name='domain_name', value_name='template_name') %}
{% include domain['template_name'] %}
{% endfor %}
{%- endif %}

{% if archweb_domains_redirects %}
{% for domain in archweb_domains_redirects | dict2items(key_name='domain', value_name='redirect') %}

server {
    listen       80;
    listen       [::]:80;
    server_name  {{ domain['domain'] }};

    access_log   /var/log/nginx/{{ archweb_domain }}/access.log reduced;
    error_log    /var/log/nginx/{{ archweb_domain }}/error.log;

    include snippets/letsencrypt.conf;

    location / {
        access_log off;
        return 301 https://$server_name$request_uri;
    }
}

server {
    listen       443 ssl http2;
    listen       [::]:443 ssl http2;
    server_name  {{ domain['domain'] }};

    access_log   /var/log/nginx/{{ archweb_domain }}/access.log reduced;
    error_log    /var/log/nginx/{{ archweb_domain }}/error.log;

    ssl_certificate      /etc/letsencrypt/live/{{ archweb_domain }}/fullchain.pem;
    ssl_certificate_key  /etc/letsencrypt/live/{{ archweb_domain }}/privkey.pem;
    ssl_trusted_certificate /etc/letsencrypt/live/{{ archweb_domain }}/chain.pem;

    location / {
        access_log off;
        return 301 https://{{ archweb_domain }}{{ domain['redirect']|default('$request_uri') }};
    }
}
{% endfor %}

server {
{% else %}

server {
{% endif %}
    listen       80;
    listen       [::]:80;
    server_name  {{ archweb_domain }};

    access_log   /var/log/nginx/{{ archweb_domain }}/access.log reduced;
    error_log    /var/log/nginx/{{ archweb_domain }}/error.log;

    include snippets/letsencrypt.conf;

    location /check_network_status.txt {
        access_log off;
        add_header Cache-Control "max-age=0, must-revalidate";
        return 200 'NetworkManager is online';
    }

    location / {
        access_log off;
        return 301 https://$server_name$request_uri;
    }
}

server {
    listen       443 ssl http2;
    listen       [::]:443 ssl http2;
    server_name  {{ archweb_domain }};

    access_log   /var/log/nginx/{{ archweb_domain }}/access.log reduced;
    error_log    /var/log/nginx/{{ archweb_domain }}/error.log;

    ssl_certificate      /etc/letsencrypt/live/{{ archweb_domain }}/fullchain.pem;
    ssl_certificate_key  /etc/letsencrypt/live/{{ archweb_domain }}/privkey.pem;
    ssl_trusted_certificate /etc/letsencrypt/live/{{ archweb_domain }}/chain.pem;

    location /.well-known/matrix/server {
        add_header Content-Type application/json;
        return 200 '{"m.server": "{{ matrix_domain }}:443"}';
    }

    location /robots.txt {
        alias {{ archweb_dir }}/archlinux.org/robots.txt;
    }

    location /humans.txt {
        alias {{ archweb_dir }}/archlinux.org/humans.txt;
    }

    location /google7827eadf026b4a87.html {
        alias {{ archweb_dir }}/archlinux.org/google7827eadf026b4a87.html;
    }

    location /BingSiteAuth.xml {
        alias {{ archweb_dir }}/archlinux.org/BingSiteAuth.xml;
    }

    location /favicon.ico {
        alias {{ archweb_dir }}/collected_static/favicon.ico;
    }

    location /pacman {
        alias {{ archweb_dir }}/archlinux.org/pacman/;
    }

    location /netcfg {
        alias {{ archweb_dir }}/archlinux.org/netcfg/;
    }

    location /logos {
        alias {{ archweb_dir }}/archlinux.org/logos/;
    }

    location ~ ^/iso/(.*\.(iso|img|tar\.gz|sfs)$) {
        deny all;
    }

    location /iso {
        alias {{ archweb_rsync_iso_dir }};
    }

    # Cache django's css, js and png files.
    location /static {
        expires 30d;
        add_header Pragma public;
        add_header Cache-Control "public";
        alias {{ archweb_dir }}/collected_static;
    }

    location /img {
        alias {{ archweb_dir }}/media/img;
    }

    location /retro {
        alias {{ archweb_retro_dir }};
    }

    location / {
        access_log   /var/log/nginx/{{ archweb_domain }}/access.log main;
        include uwsgi_params;
        uwsgi_pass archweb;
    }
}