# Local Ginxsom Development Server Configuration # This configuration serves files directly from the local repo directory # Main context - specify error log here to override system default error_log logs/error.log debug; pid logs/nginx.pid; events { worker_connections 1024; } # HTTP context http { # Basic settings sendfile on; tcp_nopush on; tcp_nodelay on; keepalive_timeout 65; types_hash_max_size 2048; # MIME types (local) include mime.types; default_type application/octet-stream; # Logging (relative to prefix directory) access_log logs/access.log; # FastCGI upstream configuration upstream fastcgi_backend { server unix:/tmp/ginxsom-fcgi.sock; } # Local development server server { listen 9001; server_name localhost; # Root directory for blossom files (local blobs directory) root blobs; # Maximum upload size (adjust as needed) client_max_body_size 100M; # Security headers add_header X-Content-Type-Options nosniff; add_header X-Frame-Options DENY; add_header X-XSS-Protection "1; mode=block"; # Old working regex pattern - testing rollback location ~ "^/([a-f0-9]{64})(\.[a-zA-Z0-9]+)?$" { limit_except HEAD GET { deny all; } # Route HEAD requests to FastCGI via rewrite if ($request_method = HEAD) { rewrite ^/(.*)$ /fcgi-head/$1 last; } # GET requests served directly with explicit file extensions # Potentially in the future look at a LUA extension try_files /$1.jpg /$1.jpeg /$1.png /$1.webp /$1.gif /$1.pdf /$1.mp4 /$1.mp3 /$1.txt /$1.md=404; # Set appropriate headers for blobs add_header Cache-Control "public, max-age=31536000, immutable"; add_header X-Content-Type-Options nosniff; add_header X-Frame-Options DENY; add_header X-XSS-Protection "1; mode=block"; } # FastCGI handler for HEAD requests location ~ "^/fcgi-head/([a-f0-9]{64}).*$" { internal; fastcgi_pass fastcgi_backend; fastcgi_param REQUEST_METHOD HEAD; fastcgi_param REQUEST_URI /$1; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param QUERY_STRING $query_string; fastcgi_param CONTENT_TYPE $content_type; fastcgi_param CONTENT_LENGTH $content_length; fastcgi_param SERVER_PROTOCOL $server_protocol; fastcgi_param SERVER_SOFTWARE nginx/$nginx_version; fastcgi_param REMOTE_ADDR $remote_addr; fastcgi_param REMOTE_PORT $remote_port; fastcgi_param SERVER_ADDR $server_addr; fastcgi_param SERVER_PORT $server_port; fastcgi_param SERVER_NAME $server_name; } # Upload endpoint - requires authentication location /upload { # Pass to FastCGI application for processing include fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root/ginxsom.fcgi; fastcgi_pass fastcgi_backend; # Only allow PUT method for uploads if ($request_method !~ ^(PUT)$ ) { return 405; } } # List blobs endpoint - GET /list/ location ~ "^/list/([a-f0-9]{64}).*$" { # Pass to FastCGI application for processing include fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root/ginxsom.fcgi; fastcgi_pass fastcgi_backend; # Only allow GET method for list requests if ($request_method !~ ^(GET)$ ) { return 405; } } # Health check endpoint location /health { access_log off; return 200 "OK\n"; add_header Content-Type text/plain; } # List files endpoint for debugging location /debug/list { autoindex on; autoindex_format json; } # Root redirect location = / { return 200 "Ginxsom Local Development Server\nTry: GET /\nHealth: GET /health\n"; add_header Content-Type text/plain; } } }