1
0

layout, formatting, etc

This commit is contained in:
Konstantin Demin 2024-05-20 16:36:19 +03:00
parent 69477f8cc0
commit 1e5c7a6f0a
Signed by: krd
GPG Key ID: 4D56F87A8BA65FD0
11 changed files with 176 additions and 183 deletions

@ -6,4 +6,4 @@ function statics(r) {
r.return(307, s); r.return(307, s);
} }
export default {statics}; export default { statics };

@ -0,0 +1,112 @@
upstream krdsh_ci {
server 127.0.0.1:8000;
}
upstream krdsh_ci_grpc {
server 127.0.0.1:9000;
}
proxy_cache_path
/var/cache/angie/proxy/krdsh-ci
keys_zone=krdsh_cache_ci:10m
levels=1:2 inactive=1h;
server {
server_name ci.krd.sh;
include snip.d/listen-http;
access_log off;
log_not_found off;
root /var/www/empty;
include snip.d/https-alt-svc;
include snip.d/http-security-headers;
keepalive_timeout 0;
include snip.d/empty-favicon;
location /
{
return 301 https://$host$uri$is_args$args;
}
}
server {
server_name ci.krd.sh;
include snip.d/listen-https;
include snip.d/ssl-krd.sh;
access_log off;
log_not_found off;
root /var/www/empty;
include snip.d/http-security-headers;
include snip.d/proxy-common-headers;
include snip.d/proxy-accept-encoding;
include snip.d/proxy-connection-keepalive;
include snip.d/proxy-early-data;
proxy_redirect ~*^http://$host(?:|:[0-9]+)/(.*)$ https://$host/$1;
location /
{
proxy_pass http://krdsh_ci;
## quirks
client_max_body_size 512M;
proxy_buffering off;
}
location @precache
{
proxy_pass http://krdsh_ci;
proxy_cache krdsh_cache_ci;
proxy_cache_key $uri;
expires 2h;
proxy_cache_valid 200 4h;
proxy_cache_valid 10s;
proxy_ignore_client_abort on;
proxy_ignore_headers Cache-Control Expires;
proxy_hide_header Cache-Control;
proxy_hide_header Expires;
## quirks
proxy_method GET;
proxy_temp_file_write_size 4m;
}
location /assets/
{
try_files /.non-existent-uri @precache;
}
}
server {
server_name ci.krd.sh;
include snip.d/listen-grpcs;
include snip.d/ssl-krd.sh;
access_log off;
log_not_found off;
root /var/www/empty;
include snip.d/http-security-headers;
include snip.d/grpc-accept-encoding;
location /
{
grpc_pass grpc://krdsh_ci_grpc;
}
}

@ -12,7 +12,8 @@ server {
include snip.d/empty-favicon; include snip.d/empty-favicon;
location / { location /
{
return 301 https://$host$request_uri; return 301 https://$host$request_uri;
include snip.d/https-alt-svc; include snip.d/https-alt-svc;
@ -24,8 +25,8 @@ server {
location ~*/(?:InRelease|Release|Packages|Sources)$ location ~*/(?:InRelease|Release|Packages|Sources)$
~*/[^/]+/.*[^/]+\.(?:asc|dsc)$ ~*/[^/]+/.*[^/]+\.(?:asc|dsc)$
{ {
default_type text/plain;
try_files $uri $uri/ =404; try_files $uri $uri/ =404;
default_type text/plain;
} }
## /*/dists/*/Release.gpg ## /*/dists/*/Release.gpg
@ -38,9 +39,8 @@ server {
## various tarball file name extensions (sic!) ## various tarball file name extensions (sic!)
~*\.t(?:[agx]z|bz2?|[bz]2|bJ|zo|lz(?:|ma?)|zstd?|a?Z)$ ~*\.t(?:[agx]z|bz2?|[bz]2|bJ|zo|lz(?:|ma?)|zstd?|a?Z)$
{ {
gzip off;
brotli off;
try_files $uri $uri/ =404; try_files $uri $uri/ =404;
include snip.d/disable-comp;
} }
} }
@ -58,7 +58,8 @@ server {
include snip.d/empty-favicon; include snip.d/empty-favicon;
location / { location /
{
try_files $uri $uri/ =404; try_files $uri $uri/ =404;
include snip.d/https-alt-svc; include snip.d/https-alt-svc;
@ -68,24 +69,23 @@ server {
location ~*/(?:InRelease|Release|Packages|Sources)$ location ~*/(?:InRelease|Release|Packages|Sources)$
~*\.(?:asc|build|buildinfo|changes|dsc|list|log|sources)$ ~*\.(?:asc|build|buildinfo|changes|dsc|list|log|sources)$
{ {
default_type text/plain;
try_files $uri $uri/ =404; try_files $uri $uri/ =404;
default_type text/plain;
} }
location ~*\.(?:bz2|deb|gz|tar|udeb|xz|Z|zip|zstd?)$ location ~*\.(?:bz2|deb|gz|tar|udeb|xz|Z|zip|zstd?)$
## various tarball file name extensions (sic!) ## various tarball file name extensions (sic!)
~*\.t(?:[agx]z|bz2?|[bz]2|bJ|zo|lz(?:|ma?)|zstd?|a?Z)$ ~*\.t(?:[agx]z|bz2?|[bz]2|bJ|zo|lz(?:|ma?)|zstd?|a?Z)$
{ {
gzip off;
brotli off;
try_files $uri $uri/ =404; try_files $uri $uri/ =404;
include snip.d/disable-comp;
} }
## "meta" usually doesn't contain sensitive data ## "meta" usually doesn't contain sensitive data
# include snip.d/deny-dotfiles; # include snip.d/deny-dotfiles;
location ~*^/[^/]+/\.meta/ location ~*^/[^/]+/\.meta/
{ {
default_type text/plain;
try_files $uri $uri/ =404; try_files $uri $uri/ =404;
default_type text/plain;
} }
} }

@ -1,25 +1,14 @@
upstream krdsh_git { upstream krdsh_git {
server 127.0.0.1:3000; server 127.0.0.1:3000;
} }
upstream krdsh_ci {
server 127.0.0.1:8000;
}
upstream krdsh_ci_grpc {
server 127.0.0.1:9000;
}
proxy_cache_path proxy_cache_path
/var/cache/angie/proxy/krdsh-git /var/cache/angie/proxy/krdsh-git
keys_zone=krdsh_cache_git:10m keys_zone=krdsh_cache_git:10m
levels=1:2 inactive=1h; levels=1:2 inactive=1h;
proxy_cache_path
/var/cache/angie/proxy/krdsh-ci
keys_zone=krdsh_cache_ci:10m
levels=1:2 inactive=1h;
server { server {
server_name git.krd.sh ci.krd.sh; server_name git.krd.sh;
include snip.d/listen-http; include snip.d/listen-http;
@ -35,7 +24,8 @@ server {
include snip.d/empty-favicon; include snip.d/empty-favicon;
location / { location /
{
return 301 https://$host$uri$is_args$args; return 301 https://$host$uri$is_args$args;
} }
} }
@ -58,111 +48,40 @@ server {
include snip.d/proxy-connection-keepalive; include snip.d/proxy-connection-keepalive;
include snip.d/proxy-early-data; include snip.d/proxy-early-data;
proxy_redirect ~*^http://(ci|git)\.krd\.sh(?:|:[0-9]+)/(.*)$ https://$1.krd.sh/$2; proxy_redirect ~*^http://$host(?:|:[0-9]+)/(.*)$ https://$host/$1;
location / { location /
{
proxy_pass http://krdsh_git; proxy_pass http://krdsh_git;
## quirks ## quirks
client_max_body_size 512M; client_max_body_size 512M;
chunked_transfer_encoding off;
} }
location @precache { location @precache
{
proxy_pass http://krdsh_git; proxy_pass http://krdsh_git;
proxy_cache krdsh_cache_git; proxy_cache krdsh_cache_git;
proxy_cache_key $uri; proxy_cache_key $uri;
proxy_cache_valid 200 1h;
proxy_cache_valid 30s; expires 2h;
proxy_cache_valid 200 4h;
proxy_cache_valid 10s;
proxy_ignore_client_abort on; proxy_ignore_client_abort on;
proxy_ignore_headers Cache-Control; proxy_ignore_headers Cache-Control Expires;
proxy_hide_header Cache-Control; proxy_hide_header Cache-Control;
expires 2h; proxy_hide_header Expires;
## quirks ## quirks
chunked_transfer_encoding off;
proxy_method GET; proxy_method GET;
proxy_buffering on;
proxy_temp_file_write_size 4m; proxy_temp_file_write_size 4m;
} }
location /assets/ { location /assets/
{
try_files /.non-existent-uri @precache; try_files /.non-existent-uri @precache;
# proxy_pass http://krdsh_git;
}
}
server {
server_name ci.krd.sh;
include snip.d/listen-https;
include snip.d/ssl-krd.sh;
access_log off;
log_not_found off;
root /var/www/empty;
include snip.d/http-security-headers;
include snip.d/proxy-common-headers;
include snip.d/proxy-accept-encoding;
include snip.d/proxy-connection-keepalive;
include snip.d/proxy-early-data;
proxy_redirect ~*^http://(ci|git)\.krd\.sh(?:|:[0-9]+)/(.*)$ https://$1.krd.sh/$2;
location / {
proxy_pass http://krdsh_ci;
## quirks
chunked_transfer_encoding off;
client_max_body_size 16M;
proxy_buffering off;
}
location @precache {
proxy_pass http://krdsh_ci;
proxy_cache krdsh_cache_ci;
proxy_cache_key $uri;
proxy_cache_valid 200 1h;
proxy_cache_valid 30s;
proxy_ignore_client_abort on;
proxy_ignore_headers Cache-Control;
proxy_hide_header Cache-Control;
expires 2h;
## quirks
chunked_transfer_encoding off;
proxy_method GET;
proxy_buffering on;
proxy_temp_file_write_size 4m;
}
location /assets/ {
try_files /.non-existent-uri @precache;
# proxy_pass http://krdsh_ci;
}
}
server {
server_name ci.krd.sh;
include snip.d/listen-grpcs;
include snip.d/ssl-krd.sh;
access_log off;
log_not_found off;
root /var/www/empty;
include snip.d/http-security-headers;
include snip.d/grpc-accept-encoding;
location / {
grpc_pass grpc://krdsh_ci_grpc;
} }
} }

@ -26,7 +26,8 @@ server {
include snip.d/empty-favicon; include snip.d/empty-favicon;
location / { location /
{
return 301 https://$host$uri$is_args$args; return 301 https://$host$uri$is_args$args;
} }
@ -34,11 +35,11 @@ server {
location ~*^/repository/apt_[^/]+/(?:dists|pool)/ location ~*^/repository/apt_[^/]+/(?:dists|pool)/
{ {
gzip off;
brotli off;
proxy_pass http://krdsh_nexus; proxy_pass http://krdsh_nexus;
proxy_method GET; proxy_method GET;
include snip.d/disable-comp;
} }
## allow proxy repositories only for non-public usage ## allow proxy repositories only for non-public usage
@ -51,53 +52,9 @@ server {
deny all; deny all;
proxy_pass http://krdsh_nexus; proxy_pass http://krdsh_nexus;
proxy_method GET; proxy_method GET;
} }
## quirks
chunked_transfer_encoding off;
}
server {
server_name nexus-asis.krd.sh;
include snip.d/listen-https;
include snip.d/ssl-krd.sh;
access_log off;
log_not_found off;
root /var/www/empty;
include snip.d/http-security-headers;
include snip.d/proxy-common-headers;
include snip.d/proxy-accept-encoding;
include snip.d/proxy-connection-keepalive;
include snip.d/proxy-early-data;
proxy_redirect ~*^http://$host(?:|:[0-9]+)/(.*)$ https://$host/$1;
location / {
proxy_pass http://krdsh_nexus;
## quirks
client_max_body_size 1024M;
}
## allow proxy repositories only for non-public usage
location ~*^/repository/proxy_[^/]+/
{
allow 127.0.0.0/8;
allow 192.0.2.0/24;
allow 240.0.0.0/4;
deny all;
proxy_pass http://krdsh_nexus;
}
## quirks
chunked_transfer_encoding off;
} }
server { server {
@ -120,10 +77,12 @@ server {
proxy_redirect ~*^http://$host(?:|:[0-9]+)/(.*)$ https://$host/$1; proxy_redirect ~*^http://$host(?:|:[0-9]+)/(.*)$ https://$host/$1;
location / { location /
{
proxy_pass http://krdsh_nexus; proxy_pass http://krdsh_nexus;
## quirks ## quirks
client_max_body_size 1024M; client_max_body_size 10G;
} }
## allow proxy repositories only for non-public usage ## allow proxy repositories only for non-public usage
@ -140,12 +99,10 @@ server {
js_import njs/nexus.js; js_import njs/nexus.js;
location /static/ { location /static/
{
js_content nexus.statics; js_content nexus.statics;
} }
## quirks
chunked_transfer_encoding off;
} }
server { server {
@ -186,8 +143,9 @@ server {
include snip.d/proxy-connection-close; include snip.d/proxy-connection-close;
include snip.d/proxy-early-data; include snip.d/proxy-early-data;
proxy_ignore_headers Cache-Control; proxy_ignore_headers Cache-Control Expires;
proxy_hide_header Cache-Control; proxy_hide_header Cache-Control;
proxy_hide_header Expires;
proxy_redirect ~*^http://$host(?:|:[0-9]+)/(.*)$ https://nexus.krd.sh/$1; proxy_redirect ~*^http://$host(?:|:[0-9]+)/(.*)$ https://nexus.krd.sh/$1;
@ -203,18 +161,16 @@ server {
proxy_pass http://krdsh_nexus; proxy_pass http://krdsh_nexus;
proxy_cache krdsh_cache_nexus; proxy_cache krdsh_cache_nexus;
proxy_cache_key $uri$is_args$args;
proxy_cache_valid 200 1h; proxy_cache_key $uri;
proxy_cache_valid 30s;
proxy_ignore_client_abort on;
expires 2h; expires 2h;
proxy_cache_valid 200 4h;
proxy_cache_valid 10s;
proxy_ignore_client_abort on;
## quirks ## quirks
proxy_method GET; proxy_method GET;
proxy_buffering on;
proxy_temp_file_write_size 4m; proxy_temp_file_write_size 4m;
} }
## quirks
chunked_transfer_encoding off;
} }

@ -14,7 +14,8 @@ server {
root /var/www/empty; root /var/www/empty;
location / { location /
{
try_files /.non-existent-uri @redirect; try_files /.non-existent-uri @redirect;
} }
@ -42,29 +43,33 @@ server {
include snip.d/proxy-accept-encoding; include snip.d/proxy-accept-encoding;
include snip.d/proxy-connection-close; include snip.d/proxy-connection-close;
location @redirect { location @redirect
{
return 301 https://nodejs.org$request_uri; return 301 https://nodejs.org$request_uri;
} }
location @download { location @download
{
proxy_pass https://nodejs.org$uri$is_args$args; proxy_pass https://nodejs.org$uri$is_args$args;
proxy_redirect https://nodejs.org $scheme://$server_name; proxy_redirect https://nodejs.org $scheme://$server_name;
proxy_cache nodejs_org; proxy_cache nodejs_org;
proxy_cache_key $uri$is_args$args;
proxy_cache_key $uri;
expires 30m;
proxy_cache_valid 200 1h; proxy_cache_valid 200 1h;
proxy_cache_valid 30s; proxy_cache_valid 30s;
proxy_ignore_client_abort on; proxy_ignore_client_abort on;
proxy_ignore_headers Cache-Control; proxy_ignore_headers Cache-Control Expires;
proxy_hide_header Cache-Control; proxy_hide_header Cache-Control;
expires 30m; proxy_hide_header Expires;
## quirks ## quirks
chunked_transfer_encoding off; chunked_transfer_encoding off;
proxy_method GET; proxy_method GET;
proxy_buffering on;
proxy_temp_file_write_size 4m; proxy_temp_file_write_size 4m;
} }
} }

@ -0,0 +1 @@
../site.avail/http-ci.krd.sh.conf