From 1e5c7a6f0a6868a30faac1dcd798e2082bc97703 Mon Sep 17 00:00:00 2001 From: Konstantin Demin Date: Mon, 20 May 2024 16:36:19 +0300 Subject: [PATCH] layout, formatting, etc --- njs/nexus.js | 2 +- site.avail/http-ci.krd.sh.conf | 112 +++++++++++++++++ site.avail/http-deb.krd.sh.conf | 18 +-- site.avail/http-git.krd.sh.conf | 119 +++--------------- site.avail/http-nexus.krd.sh.conf | 86 ++++--------- site.avail/http-nodejs-org.krd.sh.conf | 21 ++-- ...t.krd.sh.conf => http-200-git.krd.sh.conf} | 0 site.d/http-210-ci.krd.sh.conf | 1 + ...krd.sh.conf => http-220-nexus.krd.sh.conf} | 0 ....krd.sh.conf => http-230-quay.krd.sh.conf} | 0 ...h.conf => http-300-nodejs-org.krd.sh.conf} | 0 11 files changed, 176 insertions(+), 183 deletions(-) create mode 100644 site.avail/http-ci.krd.sh.conf rename site.d/{http-160-git.krd.sh.conf => http-200-git.krd.sh.conf} (100%) create mode 120000 site.d/http-210-ci.krd.sh.conf rename site.d/{http-170-nexus.krd.sh.conf => http-220-nexus.krd.sh.conf} (100%) rename site.d/{http-180-quay.krd.sh.conf => http-230-quay.krd.sh.conf} (100%) rename site.d/{http-150-nodejs-org.krd.sh.conf => http-300-nodejs-org.krd.sh.conf} (100%) diff --git a/njs/nexus.js b/njs/nexus.js index a5ad0f2..58933db 100644 --- a/njs/nexus.js +++ b/njs/nexus.js @@ -6,4 +6,4 @@ function statics(r) { r.return(307, s); } -export default {statics}; +export default { statics }; diff --git a/site.avail/http-ci.krd.sh.conf b/site.avail/http-ci.krd.sh.conf new file mode 100644 index 0000000..59bd1b4 --- /dev/null +++ b/site.avail/http-ci.krd.sh.conf @@ -0,0 +1,112 @@ +upstream krdsh_ci { + server 127.0.0.1:8000; +} +upstream krdsh_ci_grpc { + server 127.0.0.1:9000; +} + +proxy_cache_path + /var/cache/angie/proxy/krdsh-ci + keys_zone=krdsh_cache_ci:10m + levels=1:2 inactive=1h; + +server { + server_name ci.krd.sh; + + include snip.d/listen-http; + + access_log off; + log_not_found off; + + root /var/www/empty; + + include snip.d/https-alt-svc; + include snip.d/http-security-headers; + + keepalive_timeout 0; + + include snip.d/empty-favicon; + + location / + { + return 301 https://$host$uri$is_args$args; + } +} + +server { + server_name ci.krd.sh; + + include snip.d/listen-https; + include snip.d/ssl-krd.sh; + + access_log off; + log_not_found off; + + root /var/www/empty; + + include snip.d/http-security-headers; + + include snip.d/proxy-common-headers; + include snip.d/proxy-accept-encoding; + include snip.d/proxy-connection-keepalive; + include snip.d/proxy-early-data; + + proxy_redirect ~*^http://$host(?:|:[0-9]+)/(.*)$ https://$host/$1; + + location / + { + proxy_pass http://krdsh_ci; + + ## quirks + client_max_body_size 512M; + proxy_buffering off; + } + + location @precache + { + proxy_pass http://krdsh_ci; + + proxy_cache krdsh_cache_ci; + + proxy_cache_key $uri; + + expires 2h; + proxy_cache_valid 200 4h; + proxy_cache_valid 10s; + proxy_ignore_client_abort on; + + proxy_ignore_headers Cache-Control Expires; + proxy_hide_header Cache-Control; + proxy_hide_header Expires; + + ## quirks + proxy_method GET; + proxy_temp_file_write_size 4m; + } + + location /assets/ + { + try_files /.non-existent-uri @precache; + } +} + +server { + server_name ci.krd.sh; + + include snip.d/listen-grpcs; + include snip.d/ssl-krd.sh; + + access_log off; + log_not_found off; + + root /var/www/empty; + + include snip.d/http-security-headers; + + include snip.d/grpc-accept-encoding; + + location / + { + grpc_pass grpc://krdsh_ci_grpc; + } +} diff --git a/site.avail/http-deb.krd.sh.conf b/site.avail/http-deb.krd.sh.conf index 7118ef3..aa45f29 100644 --- a/site.avail/http-deb.krd.sh.conf +++ b/site.avail/http-deb.krd.sh.conf @@ -12,7 +12,8 @@ server { include snip.d/empty-favicon; - location / { + location / + { return 301 https://$host$request_uri; include snip.d/https-alt-svc; @@ -24,8 +25,8 @@ server { location ~*/(?:InRelease|Release|Packages|Sources)$ ~*/[^/]+/.*[^/]+\.(?:asc|dsc)$ { - default_type text/plain; try_files $uri $uri/ =404; + default_type text/plain; } ## /*/dists/*/Release.gpg @@ -38,9 +39,8 @@ server { ## various tarball file name extensions (sic!) ~*\.t(?:[agx]z|bz2?|[bz]2|bJ|zo|lz(?:|ma?)|zstd?|a?Z)$ { - gzip off; - brotli off; try_files $uri $uri/ =404; + include snip.d/disable-comp; } } @@ -58,7 +58,8 @@ server { include snip.d/empty-favicon; - location / { + location / + { try_files $uri $uri/ =404; include snip.d/https-alt-svc; @@ -68,24 +69,23 @@ server { location ~*/(?:InRelease|Release|Packages|Sources)$ ~*\.(?:asc|build|buildinfo|changes|dsc|list|log|sources)$ { - default_type text/plain; try_files $uri $uri/ =404; + default_type text/plain; } location ~*\.(?:bz2|deb|gz|tar|udeb|xz|Z|zip|zstd?)$ ## various tarball file name extensions (sic!) ~*\.t(?:[agx]z|bz2?|[bz]2|bJ|zo|lz(?:|ma?)|zstd?|a?Z)$ { - gzip off; - brotli off; try_files $uri $uri/ =404; + include snip.d/disable-comp; } ## "meta" usually doesn't contain sensitive data # include snip.d/deny-dotfiles; location ~*^/[^/]+/\.meta/ { - default_type text/plain; try_files $uri $uri/ =404; + default_type text/plain; } } diff --git a/site.avail/http-git.krd.sh.conf b/site.avail/http-git.krd.sh.conf index f15523d..fc2f67f 100644 --- a/site.avail/http-git.krd.sh.conf +++ b/site.avail/http-git.krd.sh.conf @@ -1,25 +1,14 @@ upstream krdsh_git { server 127.0.0.1:3000; } -upstream krdsh_ci { - server 127.0.0.1:8000; -} -upstream krdsh_ci_grpc { - server 127.0.0.1:9000; -} proxy_cache_path /var/cache/angie/proxy/krdsh-git keys_zone=krdsh_cache_git:10m levels=1:2 inactive=1h; -proxy_cache_path - /var/cache/angie/proxy/krdsh-ci - keys_zone=krdsh_cache_ci:10m - levels=1:2 inactive=1h; - server { - server_name git.krd.sh ci.krd.sh; + server_name git.krd.sh; include snip.d/listen-http; @@ -35,7 +24,8 @@ server { include snip.d/empty-favicon; - location / { + location / + { return 301 https://$host$uri$is_args$args; } } @@ -58,111 +48,40 @@ server { include snip.d/proxy-connection-keepalive; include snip.d/proxy-early-data; - proxy_redirect ~*^http://(ci|git)\.krd\.sh(?:|:[0-9]+)/(.*)$ https://$1.krd.sh/$2; + proxy_redirect ~*^http://$host(?:|:[0-9]+)/(.*)$ https://$host/$1; - location / { + location / + { proxy_pass http://krdsh_git; + ## quirks client_max_body_size 512M; - chunked_transfer_encoding off; } - location @precache { + location @precache + { proxy_pass http://krdsh_git; proxy_cache krdsh_cache_git; + proxy_cache_key $uri; - proxy_cache_valid 200 1h; - proxy_cache_valid 30s; + + expires 2h; + proxy_cache_valid 200 4h; + proxy_cache_valid 10s; proxy_ignore_client_abort on; - proxy_ignore_headers Cache-Control; - proxy_hide_header Cache-Control; - expires 2h; + proxy_ignore_headers Cache-Control Expires; + proxy_hide_header Cache-Control; + proxy_hide_header Expires; ## quirks - chunked_transfer_encoding off; proxy_method GET; - proxy_buffering on; proxy_temp_file_write_size 4m; } - location /assets/ { + location /assets/ + { try_files /.non-existent-uri @precache; - # proxy_pass http://krdsh_git; - } -} - -server { - server_name ci.krd.sh; - - include snip.d/listen-https; - include snip.d/ssl-krd.sh; - - access_log off; - log_not_found off; - - root /var/www/empty; - - include snip.d/http-security-headers; - - include snip.d/proxy-common-headers; - include snip.d/proxy-accept-encoding; - include snip.d/proxy-connection-keepalive; - include snip.d/proxy-early-data; - - proxy_redirect ~*^http://(ci|git)\.krd\.sh(?:|:[0-9]+)/(.*)$ https://$1.krd.sh/$2; - - location / { - proxy_pass http://krdsh_ci; - ## quirks - chunked_transfer_encoding off; - client_max_body_size 16M; - proxy_buffering off; - } - - location @precache { - proxy_pass http://krdsh_ci; - - proxy_cache krdsh_cache_ci; - proxy_cache_key $uri; - proxy_cache_valid 200 1h; - proxy_cache_valid 30s; - proxy_ignore_client_abort on; - - proxy_ignore_headers Cache-Control; - proxy_hide_header Cache-Control; - expires 2h; - - ## quirks - chunked_transfer_encoding off; - proxy_method GET; - proxy_buffering on; - proxy_temp_file_write_size 4m; - } - - location /assets/ { - try_files /.non-existent-uri @precache; - # proxy_pass http://krdsh_ci; - } -} - -server { - server_name ci.krd.sh; - - include snip.d/listen-grpcs; - include snip.d/ssl-krd.sh; - - access_log off; - log_not_found off; - - root /var/www/empty; - - include snip.d/http-security-headers; - - include snip.d/grpc-accept-encoding; - - location / { - grpc_pass grpc://krdsh_ci_grpc; } } diff --git a/site.avail/http-nexus.krd.sh.conf b/site.avail/http-nexus.krd.sh.conf index 3e7d945..4b0362b 100644 --- a/site.avail/http-nexus.krd.sh.conf +++ b/site.avail/http-nexus.krd.sh.conf @@ -26,7 +26,8 @@ server { include snip.d/empty-favicon; - location / { + location / + { return 301 https://$host$uri$is_args$args; } @@ -34,11 +35,11 @@ server { location ~*^/repository/apt_[^/]+/(?:dists|pool)/ { - gzip off; - brotli off; - proxy_pass http://krdsh_nexus; + proxy_method GET; + + include snip.d/disable-comp; } ## allow proxy repositories only for non-public usage @@ -51,53 +52,9 @@ server { deny all; proxy_pass http://krdsh_nexus; + proxy_method GET; } - - ## quirks - chunked_transfer_encoding off; -} - -server { - server_name nexus-asis.krd.sh; - - include snip.d/listen-https; - include snip.d/ssl-krd.sh; - - access_log off; - log_not_found off; - - root /var/www/empty; - - include snip.d/http-security-headers; - - include snip.d/proxy-common-headers; - include snip.d/proxy-accept-encoding; - include snip.d/proxy-connection-keepalive; - include snip.d/proxy-early-data; - - proxy_redirect ~*^http://$host(?:|:[0-9]+)/(.*)$ https://$host/$1; - - location / { - proxy_pass http://krdsh_nexus; - ## quirks - client_max_body_size 1024M; - } - - ## allow proxy repositories only for non-public usage - - location ~*^/repository/proxy_[^/]+/ - { - allow 127.0.0.0/8; - allow 192.0.2.0/24; - allow 240.0.0.0/4; - deny all; - - proxy_pass http://krdsh_nexus; - } - - ## quirks - chunked_transfer_encoding off; } server { @@ -120,10 +77,12 @@ server { proxy_redirect ~*^http://$host(?:|:[0-9]+)/(.*)$ https://$host/$1; - location / { + location / + { proxy_pass http://krdsh_nexus; + ## quirks - client_max_body_size 1024M; + client_max_body_size 10G; } ## allow proxy repositories only for non-public usage @@ -140,12 +99,10 @@ server { js_import njs/nexus.js; - location /static/ { + location /static/ + { js_content nexus.statics; } - - ## quirks - chunked_transfer_encoding off; } server { @@ -186,8 +143,9 @@ server { include snip.d/proxy-connection-close; include snip.d/proxy-early-data; - proxy_ignore_headers Cache-Control; - proxy_hide_header Cache-Control; + proxy_ignore_headers Cache-Control Expires; + proxy_hide_header Cache-Control; + proxy_hide_header Expires; proxy_redirect ~*^http://$host(?:|:[0-9]+)/(.*)$ https://nexus.krd.sh/$1; @@ -203,18 +161,16 @@ server { proxy_pass http://krdsh_nexus; proxy_cache krdsh_cache_nexus; - proxy_cache_key $uri$is_args$args; - proxy_cache_valid 200 1h; - proxy_cache_valid 30s; - proxy_ignore_client_abort on; + + proxy_cache_key $uri; + expires 2h; + proxy_cache_valid 200 4h; + proxy_cache_valid 10s; + proxy_ignore_client_abort on; ## quirks proxy_method GET; - proxy_buffering on; proxy_temp_file_write_size 4m; } - - ## quirks - chunked_transfer_encoding off; } diff --git a/site.avail/http-nodejs-org.krd.sh.conf b/site.avail/http-nodejs-org.krd.sh.conf index cdb53ba..38b28d7 100644 --- a/site.avail/http-nodejs-org.krd.sh.conf +++ b/site.avail/http-nodejs-org.krd.sh.conf @@ -14,7 +14,8 @@ server { root /var/www/empty; - location / { + location / + { try_files /.non-existent-uri @redirect; } @@ -42,29 +43,33 @@ server { include snip.d/proxy-accept-encoding; include snip.d/proxy-connection-close; - location @redirect { + location @redirect + { return 301 https://nodejs.org$request_uri; } - location @download { + location @download + { proxy_pass https://nodejs.org$uri$is_args$args; proxy_redirect https://nodejs.org $scheme://$server_name; proxy_cache nodejs_org; - proxy_cache_key $uri$is_args$args; + + proxy_cache_key $uri; + + expires 30m; proxy_cache_valid 200 1h; proxy_cache_valid 30s; proxy_ignore_client_abort on; - proxy_ignore_headers Cache-Control; - proxy_hide_header Cache-Control; - expires 30m; + proxy_ignore_headers Cache-Control Expires; + proxy_hide_header Cache-Control; + proxy_hide_header Expires; ## quirks chunked_transfer_encoding off; proxy_method GET; - proxy_buffering on; proxy_temp_file_write_size 4m; } } diff --git a/site.d/http-160-git.krd.sh.conf b/site.d/http-200-git.krd.sh.conf similarity index 100% rename from site.d/http-160-git.krd.sh.conf rename to site.d/http-200-git.krd.sh.conf diff --git a/site.d/http-210-ci.krd.sh.conf b/site.d/http-210-ci.krd.sh.conf new file mode 120000 index 0000000..2700969 --- /dev/null +++ b/site.d/http-210-ci.krd.sh.conf @@ -0,0 +1 @@ +../site.avail/http-ci.krd.sh.conf \ No newline at end of file diff --git a/site.d/http-170-nexus.krd.sh.conf b/site.d/http-220-nexus.krd.sh.conf similarity index 100% rename from site.d/http-170-nexus.krd.sh.conf rename to site.d/http-220-nexus.krd.sh.conf diff --git a/site.d/http-180-quay.krd.sh.conf b/site.d/http-230-quay.krd.sh.conf similarity index 100% rename from site.d/http-180-quay.krd.sh.conf rename to site.d/http-230-quay.krd.sh.conf diff --git a/site.d/http-150-nodejs-org.krd.sh.conf b/site.d/http-300-nodejs-org.krd.sh.conf similarity index 100% rename from site.d/http-150-nodejs-org.krd.sh.conf rename to site.d/http-300-nodejs-org.krd.sh.conf