334 lines
14 KiB
Plaintext
334 lines
14 KiB
Plaintext
# Local Ginxsom Development Server Configuration
|
|
# Comprehensive Blossom Protocol Implementation
|
|
|
|
# Main context - specify error log here to override system default
|
|
error_log logs/error.log debug;
|
|
pid logs/nginx.pid;
|
|
|
|
events {
|
|
worker_connections 1024;
|
|
}
|
|
|
|
# HTTP context
|
|
http {
|
|
# Basic settings
|
|
sendfile on;
|
|
tcp_nopush on;
|
|
tcp_nodelay on;
|
|
keepalive_timeout 65;
|
|
types_hash_max_size 2048;
|
|
|
|
# MIME types (local)
|
|
include mime.types;
|
|
default_type application/octet-stream;
|
|
|
|
# Logging (relative to prefix directory)
|
|
access_log logs/access.log;
|
|
|
|
# FastCGI upstream configuration
|
|
upstream fastcgi_backend {
|
|
server unix:/tmp/ginxsom-fcgi.sock;
|
|
}
|
|
|
|
# Local development server
|
|
server {
|
|
listen 9001;
|
|
server_name localhost;
|
|
|
|
# Root directory for blossom files (local blobs directory)
|
|
root blobs;
|
|
|
|
# Maximum upload size (adjust as needed)
|
|
client_max_body_size 100M;
|
|
|
|
# Security headers (applied to all responses)
|
|
add_header X-Content-Type-Options nosniff;
|
|
add_header X-Frame-Options DENY;
|
|
add_header X-XSS-Protection "1; mode=block";
|
|
|
|
# 1. SPECIFIC ENDPOINTS (most specific first)
|
|
|
|
# PUT /upload (BUD-02) - File uploads
|
|
location = /upload {
|
|
if ($request_method !~ ^(PUT|HEAD)$) {
|
|
return 405;
|
|
}
|
|
fastcgi_param QUERY_STRING $query_string;
|
|
fastcgi_param REQUEST_METHOD $request_method;
|
|
fastcgi_param CONTENT_TYPE $content_type;
|
|
fastcgi_param CONTENT_LENGTH $content_length;
|
|
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
|
|
fastcgi_param REQUEST_URI $request_uri;
|
|
fastcgi_param DOCUMENT_URI $document_uri;
|
|
fastcgi_param DOCUMENT_ROOT $document_root;
|
|
fastcgi_param SERVER_PROTOCOL $server_protocol;
|
|
fastcgi_param REQUEST_SCHEME $scheme;
|
|
fastcgi_param HTTPS $https if_not_empty;
|
|
fastcgi_param GATEWAY_INTERFACE CGI/1.1;
|
|
fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
|
|
fastcgi_param REMOTE_ADDR $remote_addr;
|
|
fastcgi_param REMOTE_PORT $remote_port;
|
|
fastcgi_param SERVER_ADDR $server_addr;
|
|
fastcgi_param SERVER_PORT $server_port;
|
|
fastcgi_param SERVER_NAME $server_name;
|
|
fastcgi_param REDIRECT_STATUS 200;
|
|
fastcgi_param SCRIPT_FILENAME $document_root/ginxsom.fcgi;
|
|
fastcgi_pass fastcgi_backend;
|
|
}
|
|
|
|
# GET /list/<pubkey> (BUD-02) - List user's blobs
|
|
location ~ "^/list/([a-f0-9]{64})$" {
|
|
if ($request_method !~ ^(GET)$) {
|
|
return 405;
|
|
}
|
|
fastcgi_param QUERY_STRING $query_string;
|
|
fastcgi_param REQUEST_METHOD $request_method;
|
|
fastcgi_param CONTENT_TYPE $content_type;
|
|
fastcgi_param CONTENT_LENGTH $content_length;
|
|
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
|
|
fastcgi_param REQUEST_URI $request_uri;
|
|
fastcgi_param DOCUMENT_URI $document_uri;
|
|
fastcgi_param DOCUMENT_ROOT $document_root;
|
|
fastcgi_param SERVER_PROTOCOL $server_protocol;
|
|
fastcgi_param REQUEST_SCHEME $scheme;
|
|
fastcgi_param HTTPS $https if_not_empty;
|
|
fastcgi_param GATEWAY_INTERFACE CGI/1.1;
|
|
fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
|
|
fastcgi_param REMOTE_ADDR $remote_addr;
|
|
fastcgi_param REMOTE_PORT $remote_port;
|
|
fastcgi_param SERVER_ADDR $server_addr;
|
|
fastcgi_param SERVER_PORT $server_port;
|
|
fastcgi_param SERVER_NAME $server_name;
|
|
fastcgi_param REDIRECT_STATUS 200;
|
|
fastcgi_param SCRIPT_FILENAME $document_root/ginxsom.fcgi;
|
|
fastcgi_pass fastcgi_backend;
|
|
}
|
|
|
|
# PUT /mirror (BUD-04) - Mirror content
|
|
location = /mirror {
|
|
if ($request_method !~ ^(PUT)$) {
|
|
return 405;
|
|
}
|
|
fastcgi_param QUERY_STRING $query_string;
|
|
fastcgi_param REQUEST_METHOD $request_method;
|
|
fastcgi_param CONTENT_TYPE $content_type;
|
|
fastcgi_param CONTENT_LENGTH $content_length;
|
|
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
|
|
fastcgi_param REQUEST_URI $request_uri;
|
|
fastcgi_param DOCUMENT_URI $document_uri;
|
|
fastcgi_param DOCUMENT_ROOT $document_root;
|
|
fastcgi_param SERVER_PROTOCOL $server_protocol;
|
|
fastcgi_param REQUEST_SCHEME $scheme;
|
|
fastcgi_param HTTPS $https if_not_empty;
|
|
fastcgi_param GATEWAY_INTERFACE CGI/1.1;
|
|
fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
|
|
fastcgi_param REMOTE_ADDR $remote_addr;
|
|
fastcgi_param REMOTE_PORT $remote_port;
|
|
fastcgi_param SERVER_ADDR $server_addr;
|
|
fastcgi_param SERVER_PORT $server_port;
|
|
fastcgi_param SERVER_NAME $server_name;
|
|
fastcgi_param REDIRECT_STATUS 200;
|
|
fastcgi_param SCRIPT_FILENAME $document_root/ginxsom.fcgi;
|
|
fastcgi_pass fastcgi_backend;
|
|
}
|
|
|
|
# HEAD/PUT /media (BUD-05) - Media operations
|
|
location = /media {
|
|
if ($request_method !~ ^(HEAD|PUT)$) {
|
|
return 405;
|
|
}
|
|
fastcgi_param QUERY_STRING $query_string;
|
|
fastcgi_param REQUEST_METHOD $request_method;
|
|
fastcgi_param CONTENT_TYPE $content_type;
|
|
fastcgi_param CONTENT_LENGTH $content_length;
|
|
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
|
|
fastcgi_param REQUEST_URI $request_uri;
|
|
fastcgi_param DOCUMENT_URI $document_uri;
|
|
fastcgi_param DOCUMENT_ROOT $document_root;
|
|
fastcgi_param SERVER_PROTOCOL $server_protocol;
|
|
fastcgi_param REQUEST_SCHEME $scheme;
|
|
fastcgi_param HTTPS $https if_not_empty;
|
|
fastcgi_param GATEWAY_INTERFACE CGI/1.1;
|
|
fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
|
|
fastcgi_param REMOTE_ADDR $remote_addr;
|
|
fastcgi_param REMOTE_PORT $remote_port;
|
|
fastcgi_param SERVER_ADDR $server_addr;
|
|
fastcgi_param SERVER_PORT $server_port;
|
|
fastcgi_param SERVER_NAME $server_name;
|
|
fastcgi_param REDIRECT_STATUS 200;
|
|
fastcgi_param SCRIPT_FILENAME $document_root/ginxsom.fcgi;
|
|
fastcgi_pass fastcgi_backend;
|
|
}
|
|
|
|
# PUT /report (BUD-09) - Report content
|
|
location = /report {
|
|
if ($request_method !~ ^(PUT)$) {
|
|
return 405;
|
|
}
|
|
fastcgi_param QUERY_STRING $query_string;
|
|
fastcgi_param REQUEST_METHOD $request_method;
|
|
fastcgi_param CONTENT_TYPE $content_type;
|
|
fastcgi_param CONTENT_LENGTH $content_length;
|
|
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
|
|
fastcgi_param REQUEST_URI $request_uri;
|
|
fastcgi_param DOCUMENT_URI $document_uri;
|
|
fastcgi_param DOCUMENT_ROOT $document_root;
|
|
fastcgi_param SERVER_PROTOCOL $server_protocol;
|
|
fastcgi_param REQUEST_SCHEME $scheme;
|
|
fastcgi_param HTTPS $https if_not_empty;
|
|
fastcgi_param GATEWAY_INTERFACE CGI/1.1;
|
|
fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
|
|
fastcgi_param REMOTE_ADDR $remote_addr;
|
|
fastcgi_param REMOTE_PORT $remote_port;
|
|
fastcgi_param SERVER_ADDR $server_addr;
|
|
fastcgi_param SERVER_PORT $server_port;
|
|
fastcgi_param SERVER_NAME $server_name;
|
|
fastcgi_param REDIRECT_STATUS 200;
|
|
fastcgi_param SCRIPT_FILENAME $document_root/ginxsom.fcgi;
|
|
fastcgi_pass fastcgi_backend;
|
|
}
|
|
|
|
# Admin API endpoints (/api/*)
|
|
location /api/ {
|
|
# Handle preflight OPTIONS requests for CORS
|
|
if ($request_method = OPTIONS) {
|
|
add_header Access-Control-Allow-Origin *;
|
|
add_header Access-Control-Allow-Methods "GET, PUT, OPTIONS";
|
|
add_header Access-Control-Allow-Headers "Content-Type, Authorization";
|
|
add_header Access-Control-Max-Age 86400;
|
|
return 204;
|
|
}
|
|
|
|
if ($request_method !~ ^(GET|PUT)$) {
|
|
return 405;
|
|
}
|
|
|
|
fastcgi_param QUERY_STRING $query_string;
|
|
fastcgi_param REQUEST_METHOD $request_method;
|
|
fastcgi_param CONTENT_TYPE $content_type;
|
|
fastcgi_param CONTENT_LENGTH $content_length;
|
|
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
|
|
fastcgi_param REQUEST_URI $request_uri;
|
|
fastcgi_param DOCUMENT_URI $document_uri;
|
|
fastcgi_param DOCUMENT_ROOT $document_root;
|
|
fastcgi_param SERVER_PROTOCOL $server_protocol;
|
|
fastcgi_param REQUEST_SCHEME $scheme;
|
|
fastcgi_param HTTPS $https if_not_empty;
|
|
fastcgi_param GATEWAY_INTERFACE CGI/1.1;
|
|
fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
|
|
fastcgi_param REMOTE_ADDR $remote_addr;
|
|
fastcgi_param REMOTE_PORT $remote_port;
|
|
fastcgi_param SERVER_ADDR $server_addr;
|
|
fastcgi_param SERVER_PORT $server_port;
|
|
fastcgi_param SERVER_NAME $server_name;
|
|
fastcgi_param REDIRECT_STATUS 200;
|
|
fastcgi_param SCRIPT_FILENAME $document_root/ginxsom.fcgi;
|
|
|
|
# Support for Authorization header
|
|
fastcgi_param HTTP_AUTHORIZATION $http_authorization;
|
|
|
|
fastcgi_pass fastcgi_backend;
|
|
|
|
# CORS headers for API access
|
|
add_header Access-Control-Allow-Origin *;
|
|
add_header Access-Control-Allow-Methods "GET, PUT, OPTIONS";
|
|
add_header Access-Control-Allow-Headers "Content-Type, Authorization";
|
|
add_header Access-Control-Max-Age 86400;
|
|
}
|
|
|
|
# 2. BLOB OPERATIONS (SHA256 patterns)
|
|
|
|
# GET/HEAD/DELETE /<sha256> (BUD-01) - Blob operations with optional file extensions
|
|
location ~ "^/([a-f0-9]{64})(\.[a-zA-Z0-9]+)?$" {
|
|
# Handle DELETE method via rewrite to avoid fastcgi_param in if block
|
|
if ($request_method = DELETE) {
|
|
rewrite ^/(.*)$ /fcgi-delete/$1 last;
|
|
}
|
|
|
|
# Route HEAD requests to FastCGI for metadata
|
|
if ($request_method = HEAD) {
|
|
rewrite ^/(.*)$ /fcgi-head/$1 last;
|
|
}
|
|
|
|
# Only allow GET for file serving at this point
|
|
if ($request_method != GET) {
|
|
return 405;
|
|
}
|
|
|
|
# GET requests - serve files directly with extension fallback
|
|
try_files /$1.txt /$1.jpg /$1.jpeg /$1.png /$1.webp /$1.gif /$1.pdf /$1.mp4 /$1.mp3 /$1.md =404;
|
|
|
|
# Cache headers for blob content
|
|
add_header Cache-Control "public, max-age=31536000, immutable";
|
|
}
|
|
|
|
# Internal handler for DELETE operations
|
|
location ~ "^/fcgi-delete/([a-f0-9]{64}).*$" {
|
|
internal;
|
|
fastcgi_pass fastcgi_backend;
|
|
fastcgi_param QUERY_STRING $query_string;
|
|
fastcgi_param REQUEST_METHOD DELETE;
|
|
fastcgi_param CONTENT_TYPE $content_type;
|
|
fastcgi_param CONTENT_LENGTH $content_length;
|
|
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
|
|
fastcgi_param REQUEST_URI /$1;
|
|
fastcgi_param DOCUMENT_URI /$1;
|
|
fastcgi_param DOCUMENT_ROOT $document_root;
|
|
fastcgi_param SERVER_PROTOCOL $server_protocol;
|
|
fastcgi_param REQUEST_SCHEME $scheme;
|
|
fastcgi_param HTTPS $https if_not_empty;
|
|
fastcgi_param GATEWAY_INTERFACE CGI/1.1;
|
|
fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
|
|
fastcgi_param REMOTE_ADDR $remote_addr;
|
|
fastcgi_param REMOTE_PORT $remote_port;
|
|
fastcgi_param SERVER_ADDR $server_addr;
|
|
fastcgi_param SERVER_PORT $server_port;
|
|
fastcgi_param SERVER_NAME $server_name;
|
|
fastcgi_param REDIRECT_STATUS 200;
|
|
fastcgi_param SCRIPT_FILENAME $document_root/ginxsom.fcgi;
|
|
}
|
|
|
|
# 3. INTERNAL HANDLERS
|
|
|
|
# FastCGI handler for HEAD requests
|
|
location ~ "^/fcgi-head/([a-f0-9]{64}).*$" {
|
|
internal;
|
|
fastcgi_pass fastcgi_backend;
|
|
fastcgi_param REQUEST_METHOD HEAD;
|
|
fastcgi_param REQUEST_URI /$1;
|
|
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
|
fastcgi_param QUERY_STRING $query_string;
|
|
fastcgi_param CONTENT_TYPE $content_type;
|
|
fastcgi_param CONTENT_LENGTH $content_length;
|
|
fastcgi_param SERVER_PROTOCOL $server_protocol;
|
|
fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
|
|
fastcgi_param REMOTE_ADDR $remote_addr;
|
|
fastcgi_param REMOTE_PORT $remote_port;
|
|
fastcgi_param SERVER_ADDR $server_addr;
|
|
fastcgi_param SERVER_PORT $server_port;
|
|
fastcgi_param SERVER_NAME $server_name;
|
|
}
|
|
|
|
# 4. UTILITY ENDPOINTS
|
|
|
|
# Health check endpoint
|
|
location /health {
|
|
access_log off;
|
|
return 200 "OK\n";
|
|
add_header Content-Type text/plain;
|
|
}
|
|
|
|
# List files endpoint for debugging
|
|
location /debug/list {
|
|
autoindex on;
|
|
autoindex_format json;
|
|
}
|
|
|
|
# Root redirect
|
|
location = / {
|
|
return 200 "Ginxsom Blossom Server\nEndpoints: GET /<sha256>, PUT /upload, GET /list/<pubkey>\nHealth: GET /health\n";
|
|
add_header Content-Type text/plain;
|
|
}
|
|
}
|
|
}
|