92 lines
2.0 KiB
Plaintext
92 lines
2.0 KiB
Plaintext
server {
|
|
server_name deb.krd.sh;
|
|
|
|
include snip.d/listen-http;
|
|
|
|
include snip.d/https-alt-svc;
|
|
|
|
access_log off;
|
|
log_not_found off;
|
|
|
|
root /var/www/deb;
|
|
|
|
include snip.d/empty-favicon;
|
|
|
|
location /
|
|
{
|
|
return 301 https://$host$request_uri;
|
|
|
|
include snip.d/https-alt-svc;
|
|
include snip.d/http-security-headers;
|
|
}
|
|
|
|
## allow APT work as usual
|
|
|
|
location ~*/(?:InRelease|Release|Packages|Sources)$
|
|
~*/[^/]+/.*[^/]+\.(?:asc|dsc)$
|
|
{
|
|
try_files $uri $uri/ =404;
|
|
default_type text/plain;
|
|
}
|
|
|
|
## /*/dists/*/Release.gpg
|
|
location ~*^/[^/]+/.*[^/]+\.(?:gpg)$
|
|
{
|
|
try_files $uri $uri/ =404;
|
|
}
|
|
|
|
location ~*\.(?:bz2|deb|gz|tar|udeb|xz|Z|zip|zstd?)$
|
|
## various tarball file name extensions (sic!)
|
|
~*\.t(?:[agx]z|bz2?|[bz]2|bJ|zo|lz(?:|ma?)|zstd?|a?Z)$
|
|
{
|
|
try_files $uri $uri/ =404;
|
|
include snip.d/disable-comp;
|
|
}
|
|
}
|
|
|
|
server {
|
|
server_name deb.krd.sh;
|
|
|
|
include snip.d/listen-https;
|
|
include snip.d/ssl-krd.sh;
|
|
|
|
access_log off;
|
|
log_not_found off;
|
|
|
|
root /var/www/deb;
|
|
autoindex on;
|
|
|
|
include snip.d/empty-favicon;
|
|
|
|
location /
|
|
{
|
|
try_files $uri $uri/ =404;
|
|
|
|
include snip.d/https-alt-svc;
|
|
include snip.d/http-security-headers;
|
|
}
|
|
|
|
location ~*/(?:InRelease|Release|Packages|Sources)$
|
|
~*\.(?:asc|build|buildinfo|changes|dsc|list|log|sources)$
|
|
{
|
|
try_files $uri $uri/ =404;
|
|
default_type text/plain;
|
|
}
|
|
|
|
location ~*\.(?:bz2|deb|gz|tar|udeb|xz|Z|zip|zstd?)$
|
|
## various tarball file name extensions (sic!)
|
|
~*\.t(?:[agx]z|bz2?|[bz]2|bJ|zo|lz(?:|ma?)|zstd?|a?Z)$
|
|
{
|
|
try_files $uri $uri/ =404;
|
|
include snip.d/disable-comp;
|
|
}
|
|
|
|
## "meta" usually doesn't contain sensitive data
|
|
# include snip.d/deny-dotfiles;
|
|
location ~*^/[^/]+/\.meta/
|
|
{
|
|
try_files $uri $uri/ =404;
|
|
default_type text/plain;
|
|
}
|
|
}
|