laantungir/ginxsom
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
master
ginxsom/Trash/nginx/ginxsom.conf
Your Name 8c3d2b1aac Stuck on a bug with auth, but got to push anyway.
2025-08-20 06:20:32 -04:00

132 lines
4.2 KiB
Plaintext
Raw Permalink Blame History

# Ginxsom Blossom Server Configuration
# This configuration serves files directly via nginx for maximum performance
# while handling authenticated operations through FastCGI
server {
listen 80;
server_name localhost; # Change this to your domain
# Root directory for blossom files (organized by SHA-256 hash)
root /var/lib/ginxsom/files;
# Maximum upload size (adjust as needed)
client_max_body_size 100M;
# Security headers
add_header X-Content-Type-Options nosniff;
add_header X-Frame-Options DENY;
add_header X-XSS-Protection "1; mode=block";
# Logging
access_log /var/log/nginx/ginxsom_access.log;
error_log /var/log/nginx/ginxsom_error.log;
# Static file serving - nginx handles this directly for maximum performance
# Files are stored as: /var/lib/ginxsom/files/{first2chars}/{remaining_hash}
location ~ ^/([a-f0-9]{64})$ {
set $hash $1;
set $prefix $1; # First 2 characters
set $suffix $1; # Remaining characters
# Extract first 2 chars and remaining
if ($hash ~ ^([a-f0-9]{2})([a-f0-9]{62})$) {
set $prefix $1;
set $suffix $2;
}
try_files /$prefix/$suffix =404;
# Set proper content type based on file extension in metadata
# This will be enhanced when we add metadata lookup
add_header Content-Type application/octet-stream;
add_header Cache-Control "public, max-age=31536000, immutable";
}
# HEAD requests for file existence checking
# This endpoint checks if a file exists and returns metadata
location ~ ^/head/([a-f0-9]{64})$ {
# Pass to FastCGI application for metadata lookup
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root/ginxsom.fcgi;
fastcgi_param REQUEST_METHOD HEAD;
fastcgi_param BLOSSOM_HASH $1;
fastcgi_pass unix:/run/ginxsom/ginxsom.sock;
}
# Upload endpoint - requires authentication
location /upload {
# Pass to FastCGI application for processing
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root/ginxsom.fcgi;
fastcgi_pass unix:/run/ginxsom/ginxsom.sock;
# Only allow PUT method for uploads
if ($request_method !~ ^(PUT)$ ) {
return 405;
}
}
# List endpoint - returns list of files (if enabled)
location /list {
# Pass to FastCGI application
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root/ginxsom.fcgi;
fastcgi_pass unix:/run/ginxsom/ginxsom.sock;
# Only allow GET method
if ($request_method !~ ^(GET)$ ) {
return 405;
}
}
# Mirror endpoint - for mirroring files from other servers
location /mirror {
# Pass to FastCGI application
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root/ginxsom.fcgi;
fastcgi_pass unix:/run/ginxsom/ginxsom.sock;
# Only allow PUT method
if ($request_method !~ ^(PUT)$ ) {
return 405;
}
}
# Delete endpoint - requires authentication
location ~ ^/([a-f0-9]{64})$ {
# Handle DELETE requests through FastCGI
if ($request_method = DELETE) {
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root/ginxsom.fcgi;
fastcgi_param BLOSSOM_HASH $1;
fastcgi_pass unix:/run/ginxsom/ginxsom.sock;
}
# For GET/HEAD, fall through to static file serving above
}
# Health check endpoint
location /health {
# Pass to FastCGI application
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root/ginxsom.fcgi;
fastcgi_pass unix:/run/ginxsom/ginxsom.sock;
access_log off;
}
# Deny access to hidden files and directories
location ~ /\. {
deny all;
access_log off;
log_not_found off;
}
# Deny access to backup and temporary files
location ~ ~$ {
deny all;
access_log off;
log_not_found off;
}
}
Reference in New Issue View Git Blame Copy Permalink