138 lines
4.4 KiB
Plaintext
138 lines
4.4 KiB
Plaintext
# Local Ginxsom Development Server Configuration
|
|
# This configuration serves files directly from the local repo directory
|
|
|
|
# Main context - specify error log here to override system default
|
|
error_log logs/error.log debug;
|
|
pid logs/nginx.pid;
|
|
|
|
events {
|
|
worker_connections 1024;
|
|
}
|
|
|
|
# HTTP context
|
|
http {
|
|
# Basic settings
|
|
sendfile on;
|
|
tcp_nopush on;
|
|
tcp_nodelay on;
|
|
keepalive_timeout 65;
|
|
types_hash_max_size 2048;
|
|
|
|
# MIME types (local)
|
|
include mime.types;
|
|
default_type application/octet-stream;
|
|
|
|
# Logging (relative to prefix directory)
|
|
access_log logs/access.log;
|
|
|
|
# FastCGI upstream configuration
|
|
upstream fastcgi_backend {
|
|
server unix:/tmp/ginxsom-fcgi.sock;
|
|
}
|
|
|
|
# Local development server
|
|
server {
|
|
listen 9001;
|
|
server_name localhost;
|
|
|
|
# Root directory for blossom files (local blobs directory)
|
|
root blobs;
|
|
|
|
# Maximum upload size (adjust as needed)
|
|
client_max_body_size 100M;
|
|
|
|
# Security headers
|
|
add_header X-Content-Type-Options nosniff;
|
|
add_header X-Frame-Options DENY;
|
|
add_header X-XSS-Protection "1; mode=block";
|
|
|
|
# Old working regex pattern - testing rollback
|
|
location ~ "^/([a-f0-9]{64})(\.[a-zA-Z0-9]+)?$" {
|
|
limit_except HEAD GET {
|
|
deny all;
|
|
}
|
|
|
|
# Route HEAD requests to FastCGI via rewrite
|
|
if ($request_method = HEAD) {
|
|
rewrite ^/(.*)$ /fcgi-head/$1 last;
|
|
}
|
|
|
|
# GET requests served directly with explicit file extensions
|
|
# Potentially in the future look at a LUA extension
|
|
try_files /$1.jpg /$1.jpeg /$1.png /$1.webp /$1.gif /$1.pdf /$1.mp4 /$1.mp3 /$1.txt /$1.md=404;
|
|
|
|
# Set appropriate headers for blobs
|
|
add_header Cache-Control "public, max-age=31536000, immutable";
|
|
add_header X-Content-Type-Options nosniff;
|
|
add_header X-Frame-Options DENY;
|
|
add_header X-XSS-Protection "1; mode=block";
|
|
}
|
|
|
|
|
|
# FastCGI handler for HEAD requests
|
|
location ~ "^/fcgi-head/([a-f0-9]{64}).*$" {
|
|
internal;
|
|
fastcgi_pass fastcgi_backend;
|
|
fastcgi_param REQUEST_METHOD HEAD;
|
|
fastcgi_param REQUEST_URI /$1;
|
|
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
|
fastcgi_param QUERY_STRING $query_string;
|
|
fastcgi_param CONTENT_TYPE $content_type;
|
|
fastcgi_param CONTENT_LENGTH $content_length;
|
|
fastcgi_param SERVER_PROTOCOL $server_protocol;
|
|
fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
|
|
fastcgi_param REMOTE_ADDR $remote_addr;
|
|
fastcgi_param REMOTE_PORT $remote_port;
|
|
fastcgi_param SERVER_ADDR $server_addr;
|
|
fastcgi_param SERVER_PORT $server_port;
|
|
fastcgi_param SERVER_NAME $server_name;
|
|
}
|
|
|
|
|
|
# Upload endpoint - requires authentication
|
|
location /upload {
|
|
# Pass to FastCGI application for processing
|
|
include fastcgi_params;
|
|
fastcgi_param SCRIPT_FILENAME $document_root/ginxsom.fcgi;
|
|
fastcgi_pass fastcgi_backend;
|
|
|
|
# Only allow PUT method for uploads
|
|
if ($request_method !~ ^(PUT)$ ) {
|
|
return 405;
|
|
}
|
|
}
|
|
|
|
# List blobs endpoint - GET /list/<pubkey>
|
|
location ~ "^/list/([a-f0-9]{64}).*$" {
|
|
# Pass to FastCGI application for processing
|
|
include fastcgi_params;
|
|
fastcgi_param SCRIPT_FILENAME $document_root/ginxsom.fcgi;
|
|
fastcgi_pass fastcgi_backend;
|
|
|
|
# Only allow GET method for list requests
|
|
if ($request_method !~ ^(GET)$ ) {
|
|
return 405;
|
|
}
|
|
}
|
|
|
|
# Health check endpoint
|
|
location /health {
|
|
access_log off;
|
|
return 200 "OK\n";
|
|
add_header Content-Type text/plain;
|
|
}
|
|
|
|
# List files endpoint for debugging
|
|
location /debug/list {
|
|
autoindex on;
|
|
autoindex_format json;
|
|
}
|
|
|
|
# Root redirect
|
|
location = / {
|
|
return 200 "Ginxsom Local Development Server\nTry: GET /<sha256>\nHealth: GET /health\n";
|
|
add_header Content-Type text/plain;
|
|
}
|
|
}
|
|
}
|