server { server_name deb.krd.sh; include snip.d/listen-http; include snip.d/https-alt-svc; access_log off; log_not_found off; root /var/www/deb; include snip.d/empty-favicon; location / { return 301 https://$host$request_uri; include snip.d/https-alt-svc; include snip.d/http-security-headers; } ## allow APT work as usual location ~*/(?:InRelease|Release|Packages|Sources)$ ~*/[^/]+/.*[^/]+\.(?:asc|dsc)$ { try_files $uri $uri/ =404; default_type text/plain; } ## /*/dists/*/Release.gpg location ~*^/[^/]+/.*[^/]+\.(?:gpg)$ { try_files $uri $uri/ =404; } location ~*\.(?:bz2|deb|gz|tar|udeb|xz|Z|zip|zstd?)$ ## various tarball file name extensions (sic!) ~*\.t(?:[agx]z|bz2?|[bz]2|bJ|zo|lz(?:|ma?)|zstd?|a?Z)$ { try_files $uri $uri/ =404; include snip.d/disable-comp; } } server { server_name deb.krd.sh; include snip.d/listen-https; include snip.d/ssl-krd.sh; access_log off; log_not_found off; root /var/www/deb; autoindex on; include snip.d/empty-favicon; location / { try_files $uri $uri/ =404; include snip.d/https-alt-svc; include snip.d/http-security-headers; } location ~*/(?:InRelease|Release|Packages|Sources)$ ~*\.(?:asc|build|buildinfo|changes|dsc|list|log|sources)$ { try_files $uri $uri/ =404; default_type text/plain; } location ~*\.(?:bz2|deb|gz|tar|udeb|xz|Z|zip|zstd?)$ ## various tarball file name extensions (sic!) ~*\.t(?:[agx]z|bz2?|[bz]2|bJ|zo|lz(?:|ma?)|zstd?|a?Z)$ { try_files $uri $uri/ =404; include snip.d/disable-comp; } ## "meta" usually doesn't contain sensitive data # include snip.d/deny-dotfiles; location ~*^/[^/]+/\.meta/ { try_files $uri $uri/ =404; default_type text/plain; } }