1
0
angie-krdsh/site.avail/http-deb.krd.sh.conf

92 lines
2.0 KiB
Plaintext

server {
server_name deb.krd.sh;
include snip.d/listen-http;
include snip.d/https-alt-svc;
access_log off;
log_not_found off;
root /var/www/deb;
include snip.d/empty-favicon;
location /
{
return 301 https://$host$request_uri;
include snip.d/https-alt-svc;
include snip.d/http-security-headers;
}
## allow APT work as usual
location ~*/(?:InRelease|Release|Packages|Sources)$
~*/[^/]+/.*[^/]+\.(?:asc|dsc)$
{
try_files $uri $uri/ =404;
default_type text/plain;
}
## /*/dists/*/Release.gpg
location ~*^/[^/]+/.*[^/]+\.(?:gpg)$
{
try_files $uri $uri/ =404;
}
location ~*\.(?:bz2|deb|gz|tar|udeb|xz|Z|zip|zstd?)$
## various tarball file name extensions (sic!)
~*\.t(?:[agx]z|bz2?|[bz]2|bJ|zo|lz(?:|ma?)|zstd?|a?Z)$
{
try_files $uri $uri/ =404;
include snip.d/disable-comp;
}
}
server {
server_name deb.krd.sh;
include snip.d/listen-https;
include snip.d/ssl-krd.sh;
access_log off;
log_not_found off;
root /var/www/deb;
autoindex on;
include snip.d/empty-favicon;
location /
{
try_files $uri $uri/ =404;
include snip.d/https-alt-svc;
include snip.d/http-security-headers;
}
location ~*/(?:InRelease|Release|Packages|Sources)$
~*\.(?:asc|build|buildinfo|changes|dsc|list|log|sources)$
{
try_files $uri $uri/ =404;
default_type text/plain;
}
location ~*\.(?:bz2|deb|gz|tar|udeb|xz|Z|zip|zstd?)$
## various tarball file name extensions (sic!)
~*\.t(?:[agx]z|bz2?|[bz]2|bJ|zo|lz(?:|ma?)|zstd?|a?Z)$
{
try_files $uri $uri/ =404;
include snip.d/disable-comp;
}
## "meta" usually doesn't contain sensitive data
# include snip.d/deny-dotfiles;
location ~*^/[^/]+/\.meta/
{
try_files $uri $uri/ =404;
default_type text/plain;
}
}