mirror of
https://gitlab.archlinux.org/archlinux/infrastructure.git
synced 2026-03-07 10:11:45 +01:00
93 lines
3.3 KiB
Django/Jinja
93 lines
3.3 KiB
Django/Jinja
limit_req_zone $binary_remote_addr zone=scrapelimit:10m rate=10r/s;
|
|
|
|
map $http_upgrade $connection_upgrade {
|
|
default upgrade;
|
|
'' close;
|
|
}
|
|
|
|
map $remote_addr $foobar {
|
|
213.133.111.15 http://127.0.0.1:3000; # gitlab.archlinux.org
|
|
2a01:4f8:222:174c::1 http://127.0.0.1:3000; # gitlab.archlinux.org
|
|
116.202.134.150 http://127.0.0.1:3000; # scuree-runner1.archlinux.org
|
|
2a01:4f8:231:4e1e::2 http://127.0.0.1:3000; # secure-runner1.archlinux.org
|
|
157.180.104.115 http://127.0.0.1:3000; # runner2.archlinux.org
|
|
2a01:4f9:3090:11cb::2 http://127.0.0.1:3000; # runner2.archlinux.org
|
|
142.132.185.158 http://127.0.0.1:3000; # gluebuddy.archlinux.org
|
|
2a01:4f8:c010:d02::1 http://127.0.0.1:3000; # gluebuddy.archlinux.org
|
|
168.119.250.50 http://127.0.0.1:3000; # bumpbuddy.archlinux.org
|
|
2a01:4f8:c010:baed::1 http://127.0.0.1:3000; # bumpbuddy.archlinux.org
|
|
default http://127.0.0.1:8923; # default to Anubis
|
|
# default http://127.0.0.1:3000; # bypass
|
|
}
|
|
|
|
server {
|
|
include snippets/listen-80.conf;
|
|
server_name {{ gitlab_domain }} {{ gitlab_registry_domain }};
|
|
|
|
access_log /var/log/nginx/{{ gitlab_domain }}/access.log reduced;
|
|
access_log /var/log/nginx/{{ gitlab_domain }}/access.log.json json_reduced;
|
|
error_log /var/log/nginx/{{ gitlab_domain }}/error.log;
|
|
|
|
include snippets/letsencrypt.conf;
|
|
|
|
location / {
|
|
access_log off;
|
|
return 301 https://$server_name$request_uri;
|
|
}
|
|
}
|
|
|
|
server {
|
|
include snippets/listen-443.conf;
|
|
server_name {{ gitlab_domain }} {{ gitlab_registry_domain }};
|
|
access_log /var/log/nginx/{{ gitlab_domain }}/access.log main;
|
|
access_log /var/log/nginx/{{ gitlab_domain }}/access.log.json json_main;
|
|
error_log /var/log/nginx/{{ gitlab_domain }}/error.log;
|
|
|
|
acme_certificate letsencrypt;
|
|
ssl_certificate $acme_certificate;
|
|
ssl_certificate_key $acme_certificate_key;
|
|
|
|
location / {
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Http-Version $server_protocol;
|
|
proxy_redirect http://gitlab.archlinux.org:3000/ /;
|
|
# Anubis
|
|
proxy_pass $foobar;
|
|
# proxy_pass http://127.0.0.1:8923;
|
|
# Bypass Anubis
|
|
# proxy_pass http://127.0.0.1:3000;
|
|
proxy_set_header Upgrade $http_upgrade;
|
|
proxy_set_header Connection $connection_upgrade;
|
|
proxy_read_timeout 3600;
|
|
proxy_connect_timeout 300;
|
|
client_max_body_size 10g;
|
|
}
|
|
}
|
|
|
|
server {
|
|
set_real_ip_from 127.0.0.1;
|
|
real_ip_header X-Real-IP;
|
|
listen 127.0.0.1:3000;
|
|
|
|
# server_name gitlab.archlinux.org registry.archlinux.org;
|
|
|
|
access_log /var/log/nginx/gitlab.archlinux.org/access.log main;
|
|
access_log /var/log/nginx/gitlab.archlinux.org/access.log.json json_main;
|
|
error_log /var/log/nginx/gitlab.archlinux.org/error.log;
|
|
|
|
location / {
|
|
# limit_req zone=scrapelimit burst=20 nodelay;
|
|
# limit_req_status 429;
|
|
|
|
proxy_pass http://127.0.0.1:8081;
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Forwarded-For $remote_addr;
|
|
proxy_set_header Upgrade $http_upgrade;
|
|
proxy_set_header Connection $connection_upgrade;
|
|
proxy_read_timeout 3600;
|
|
proxy_connect_timeout 300;
|
|
client_max_body_size 10g;
|
|
}
|
|
}
|