-
Notifications
You must be signed in to change notification settings - Fork 36
/
Copy pathnginx.conf
257 lines (204 loc) · 6.94 KB
/
nginx.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
worker_processes ${{NUM_WORKERS}};
error_log ${{NOTICE_LOG}} notice;
daemon ${{DAEMON}};
pcre_jit on;
events {
worker_connections 1024;
}
http {
more_set_headers 'Server: lapis';
lua_shared_dict pagecache_versions 10m;
proxy_cache_path ../luarocks-pagecache levels=1:2 keys_zone=pagecache:100m max_size=1g inactive=2h use_temp_path=off;
proxy_cache_path ../luarocks-rockcache levels=1:2 keys_zone=rockcache:100m max_size=4g inactive=10d use_temp_path=off;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header X-Frame-Options deny;
log_format combined_forwarded '$http_x_forwarded_for($remote_addr) - $remote_user [$time_local] ' '"$request" $status $body_bytes_sent ' '"$http_referer" "$http_user_agent"';
resolver 8.8.8.8 ipv6=off;
init_by_lua_block {
require "lpeg"
require "socket"
require "ltn12"
require "mime"
}
server {
client_max_body_size 15m;
listen ${{PORT}};
lua_code_cache ${{CODE_CACHE}};
access_log logs/access.log ${{LOG_FORMAT}};
include nginx/http_proxy.conf;
location / {
if ($host = rocks.moonscript.org) {
rewrite ^/(?!api) $scheme://luarocks.org$request_uri permanent;
}
default_type text/html;
set $_url "";
content_by_lua "require('lapis').serve('app')";
}
location /rock-cache/ {
allow 127.0.0.1;
deny all;
proxy_pass http://127.0.0.1:${{PORT}};
proxy_set_header Host luarocks.local;
}
location @proxy_root_for_cache {
proxy_pass http://127.0.0.1:${{PORT}};
set_by_lua $cache_version '
return assert(require("helpers.pagecache").version_for_path(ngx.var.uri))
';
set $cache_key "${{_NAME}}:$request_method:$uri:$cache_version";
proxy_cache pagecache;
proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
proxy_cache_lock on;
add_header X-Cache-Status $upstream_cache_status;
proxy_cache_valid 200 2h;
proxy_cache_key $cache_key;
add_header X-Cache-Key $cache_key;
proxy_no_cache "${{DISABLE_MANIFEST_CACHE}}";
proxy_cache_bypass "${{DISABLE_MANIFEST_CACHE}}";
proxy_hide_header X-Content-Type-Options;
proxy_hide_header X-XSS-Protection;
proxy_hide_header X-Frame-Options;
proxy_hide_header Set-Cookie;
proxy_ignore_headers Set-Cookie;
proxy_set_header Host luarocks.local;
proxy_set_header X-Original-Host $http_host;
proxy_set_header Cookie "";
proxy_set_header X-Original-Scheme $scheme;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Lapis-Proxy yes;
proxy_http_version 1.1;
gzip on;
gzip_proxied any;
gzip_comp_level 5;
gzip_types text/html application/json text/x-lua;
ssi on;
}
location ~ ^/manifest([-.].+)?$ {
echo_exec @proxy_root_for_cache;
}
location ~ /manifests/([^/]*)/(.+) {
default_type text/x-lua;
rewrite_by_lua_file "serve_file.lua";
proxy_buffering on;
proxy_buffer_size 128k;
proxy_buffers 4 256k;
proxy_busy_buffers_size 256k;
proxy_http_version 1.1;
proxy_read_timeout 10s;
proxy_send_timeout 10s;
proxy_connect_timeout 10s;
# proxy_set_header Connection "";
proxy_hide_header 'Content-Type';
proxy_ssl_server_name on;
proxy_ssl_protocols TLSv1.2;
proxy_ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
proxy_pass $_url;
}
location ~ ^/(?:dev/)?([^/]*?\.(?:rock|rockspec))$ {
default_type text/x-lua;
rewrite_by_lua_file "serve_file.lua";
proxy_buffering on;
proxy_buffer_size 128k;
proxy_buffers 4 256k;
proxy_busy_buffers_size 256k;
proxy_http_version 1.1;
proxy_read_timeout 10s;
proxy_send_timeout 10s;
proxy_connect_timeout 10s;
# proxy_set_header Connection "";
proxy_ssl_server_name on;
proxy_ssl_protocols TLSv1.2;
proxy_ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
proxy_pass $_url;
}
location /static/ {
include mime.types;
access_log off;
gzip on;
gzip_types application/x-javascript text/css image/svg+xml;
alias static/;
}
location /favicon.ico {
include mime.types;
alias static/favicon.ico;
}
# redirect old luarocks wiki links to github
location ~ ^/en\b(?<wikipath>.*) {
rewrite_by_lua "
local path = ngx.var.wikipath:gsub('_', '-')
if ngx.var.args then
path = path .. '?' .. ngx.var.args
end
return ngx.redirect('https://github.com/luarocks/luarocks/wiki' .. path)
";
}
# redirect old luarocks repository links
location /repositories/ {
rewrite ^/repositories/rocks-scm$ https://luarocks.org//m/root/development-only permanent;
rewrite ^/repositories/rocks-scm(.+)$ https://luarocks.org/dev$1 permanent;
rewrite ^/repositories/rocks$ https://luarocks.org/m/root permanent;
rewrite ^/repositories/rocks(.+)$ https://luarocks.org$1 permanent;
}
# redirect old luarocks releases links
location /releases {
rewrite ^/releases(.*$) https://luarocks.github.io/luarocks/releases$1 redirect;
}
location /doc/history.pdf {
rewrite . https://hisham.hm/papers/muhammad_2013_history.pdf redirect;
}
}
server {
server_name luarocks.local;
listen ${{PORT}};
lua_code_cache ${{CODE_CACHE}};
access_log off; # outer server will log for us
allow 127.0.0.1;
deny all;
include nginx/http_proxy.conf;
location ~ ^/rock-cache/(?<bucket_key>.*) {
set_by_lua $rock_url '
return assert(require("storage_bucket"):file_url(ngx.var.bucket_key))
';
set $cache_key "${{_NAME}}:$request_method:$bucket_key";
proxy_cache rockcache;
proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
proxy_cache_lock on;
add_header X-Cache-Status $upstream_cache_status;
proxy_cache_valid 200 10d;
proxy_cache_key $cache_key;
add_header X-Cache-Key $cache_key;
proxy_buffering on;
proxy_buffer_size 128k;
proxy_buffers 4 256k;
proxy_busy_buffers_size 256k;
proxy_http_version 1.1;
proxy_read_timeout 20s;
proxy_send_timeout 20s;
proxy_connect_timeout 10s;
proxy_pass $rock_url;
}
location / {
default_type text/html;
set $_url "";
content_by_lua "require('lapis').serve('app')";
}
}
# www redirect server
server {
listen ${{PORT}};
server_name ~^www\.(?<domain>.*)$;
location / {
rewrite ^ $scheme://$domain$request_uri permanent;
}
}
# # rocks.moonscript.org redirect server
# server {
# listen ${{PORT}};
# server_name rocks.moonscript.org;
# location / {
# rewrite ^ $scheme://luarocks.org$request_uri permanent;
# }
# }
}
# vim: set expandtab ts=2 sw=2 ft=nginx: