krd/angie-krdsh
1
0
Fork 0
Code
324dded6d2
angie-krdsh/site.avail/http-nexus.krd.sh.conf

217 lines
4.5 KiB
Plaintext
Raw Normal View History

initial commit
2024-03-22 10:24:54 +03:00
server {
server_name nexus.krd.sh;
include snip.d/listen-http;
access_log off;
log_not_found off;
root /var/www/empty;
include snip.d/https-alt-svc;
include snip.d/http-base-security-headers;
proxy_redirect ~*^http://$host(?:|:[0-9]+)/(.*)$ http://$host/$1;
keepalive_timeout 0;
include snip.d/empty-favicon;
location / {
return 301 https://$host$uri$is_args$args;
}
## allow APT work as usual
location ~*^/repository/apt_[^/]+/(?:dists|pool)/
{
gzip off;
brotli off;
proxy_pass http://127.0.0.1:8081;
proxy_method GET;
}
## allow proxy repositories only for non-public usage
location ~*^/repository/proxy_[^/]+/
{
allow 127.0.0.0/8;
allow 192.0.2.0/24;
allow 240.0.0.0/4;
deny all;
proxy_pass http://127.0.0.1:8081;
proxy_method GET;
}
## quirks
chunked_transfer_encoding off;
}
server {
server_name nexus-asis.krd.sh;
include snip.d/listen-https;
include snip.d/ssl-krd.sh;
access_log off;
log_not_found off;
root /var/www/empty;
include snip.d/http-security-headers;
include snip.d/proxy-common-headers;
include snip.d/proxy-accept-encoding;
include snip.d/proxy-connection-keepalive;
include snip.d/proxy-early-data;
proxy_redirect ~*^http://$host(?:|:[0-9]+)/(.*)$ https://$host/$1;
location / {
proxy_pass http://127.0.0.1:8081;
## quirks
client_max_body_size 1024M;
}
## allow proxy repositories only for non-public usage
location ~*^/repository/proxy_[^/]+/
{
allow 127.0.0.0/8;
allow 192.0.2.0/24;
allow 240.0.0.0/4;
deny all;
proxy_pass http://127.0.0.1:8081;
}
## quirks
chunked_transfer_encoding off;
}
server {
server_name nexus.krd.sh;
include snip.d/listen-https;
include snip.d/ssl-krd.sh;
access_log off;
log_not_found off;
root /var/www/empty;
include snip.d/http-base-security-headers;
include snip.d/proxy-common-headers;
include snip.d/proxy-accept-encoding;
include snip.d/proxy-connection-keepalive;
include snip.d/proxy-early-data;
proxy_redirect ~*^http://$host(?:|:[0-9]+)/(.*)$ https://$host/$1;
location / {
proxy_pass http://127.0.0.1:8081;
## quirks
client_max_body_size 1024M;
}
## allow proxy repositories only for non-public usage
location ~*^/repository/proxy_[^/]+/
{
allow 127.0.0.0/8;
allow 192.0.2.0/24;
allow 240.0.0.0/4;
deny all;
proxy_pass http://127.0.0.1:8081;
}
js_import njs/nexus.js;
location /static/ {
js_content nexus.statics;
}
## quirks
chunked_transfer_encoding off;
}
proxy_cache_path
/var/cache/angie/proxy/krdsh-nexus
keys_zone=krdsh_nexus:10m
levels=1:2 inactive=1h;
server {
## PITA
server_name
nexus-st-0.krd.sh
nexus-st-1.krd.sh
nexus-st-2.krd.sh
nexus-st-3.krd.sh
nexus-st-4.krd.sh
nexus-st-5.krd.sh
nexus-st-6.krd.sh
nexus-st-7.krd.sh
nexus-st-8.krd.sh
nexus-st-9.krd.sh
nexus-st-a.krd.sh
nexus-st-b.krd.sh
nexus-st-c.krd.sh
nexus-st-d.krd.sh
nexus-st-e.krd.sh
nexus-st-f.krd.sh
;
include snip.d/listen-https;
include snip.d/ssl-krd.sh;
access_log off;
# log_not_found off;
root /var/www/empty;
include snip.d/http-base-security-headers;
add_header Access-Control-Allow-Origin "https://nexus.krd.sh" always;
include snip.d/proxy-common-headers;
include snip.d/proxy-accept-encoding;
include snip.d/proxy-connection-close;
include snip.d/proxy-early-data;
proxy_ignore_headers Cache-Control;
proxy_hide_header Cache-Control;
proxy_redirect ~*^http://$host(?:|:[0-9]+)/(.*)$ https://nexus.krd.sh/$1;
location / {
return 301 https://nexus.krd.sh;
}
location /static/ {
try_files /.non-existent-uri @precache;
}
location @precache {
proxy_pass http://127.0.0.1:8081;
proxy_cache krdsh_nexus;
proxy_cache_key $uri$is_args$args;
proxy_cache_valid 200 1h;
proxy_cache_valid 30s;
proxy_ignore_client_abort on;
expires 2h;
## quirks
proxy_method GET;
proxy_buffering on;
proxy_temp_file_write_size 4m;
}
## quirks
chunked_transfer_encoding off;
}
Copy Permalink