aboutsummaryrefslogtreecommitdiffstats
path: root/nginx
diff options
context:
space:
mode:
authorBryan Newbold <bnewbold@archive.org>2022-12-23 15:52:02 -0800
committerBryan Newbold <bnewbold@archive.org>2022-12-23 15:52:02 -0800
commitf3a721a9dce8801b78f7bc31e88dc912b0ec1dba (patch)
treefdae9373e78671d0031f83045e6c76de9ad616cf /nginx
parent8c2c354a74064f2d66644af8f4e44d74bf322e1f (diff)
downloadsandcrawler-f3a721a9dce8801b78f7bc31e88dc912b0ec1dba.tar.gz
sandcrawler-f3a721a9dce8801b78f7bc31e88dc912b0ec1dba.zip
move a bunch of top-level files/directories to ./extra/
Diffstat (limited to 'nginx')
-rw-r--r--nginx/README.md18
-rw-r--r--nginx/fatcat-blobs51
-rw-r--r--nginx/sandcrawler-db80
-rw-r--r--nginx/sandcrawler-minio57
4 files changed, 0 insertions, 206 deletions
diff --git a/nginx/README.md b/nginx/README.md
deleted file mode 100644
index 0369f9b..0000000
--- a/nginx/README.md
+++ /dev/null
@@ -1,18 +0,0 @@
-
-This folder contains nginx configs for partner access to sandcrawler DB
-(postgrest) and GROBID XML blobs (minio).
-
-`fatcat-blobs` is part of the fatcat.wiki ansible config, but included here to
-show how it works.
-
-## Let's Encrypt
-
-As... bnewbold?
-
- sudo certbot certonly \
- --non-interactive \
- --agree-tos \
- --email bnewbold@archive.org \
- --webroot -w /var/www/letsencrypt \
- -d sandcrawler-minio.fatcat.wiki \
- -d sandcrawler-db.fatcat.wiki
diff --git a/nginx/fatcat-blobs b/nginx/fatcat-blobs
deleted file mode 100644
index 5c692ef..0000000
--- a/nginx/fatcat-blobs
+++ /dev/null
@@ -1,51 +0,0 @@
-
-server {
- listen 80;
- listen [::]:80;
- listen 443 ssl http2;
- listen [::]:443 ssl http2;
- server_name blobs.fatcat.wiki;
-
- ssl_certificate /etc/letsencrypt/live/fatcat.wiki/fullchain.pem;
- ssl_certificate_key /etc/letsencrypt/live/fatcat.wiki/privkey.pem;
-
- #add_header Content-Security-Policy "default-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'";
- add_header X-Frame-Options "SAMEORIGIN"; # 'always' if nginx > 1.7.5
- add_header X-Content-Type-Options "nosniff"; # 'always' if nginx > 1.7.5
- add_header X-Xss-Protection "1";
- # Enable STS with one year period (breaks http; optional)
- #add_header Strict-Transport-Security "max-age=31557600; includeSubDomains";
-
- error_log /var/log/nginx/fatcat-errors.log;
- access_log /dev/null;
-
- if ($scheme = http) {
- return 301 https://$server_name$request_uri;
- }
-
- location /unpaywall/ {
- if ($request_method !~ "GET") {
- return 403;
- break;
- }
-
- #proxy_pass http://sandcrawler-minio.fatcat.wiki:9000$uri$is_args$args;
- proxy_pass http://207.241.227.141:9000$uri$is_args$args;
- proxy_redirect off;
-
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- proxy_set_header Host $http_host;
- }
-
- location / {
- default_type text/plain;
- return 504 'blobs.fatcat.wiki hosts many files; full URLs are required!\nyou probably want https://fatcat.wiki/ instead';
- }
-
- # Let's Encrypt SSL Certs
- location /.well-known/acme-challenge/ {
- root /var/www/letsencrypt;
- autoindex off;
- }
-}
diff --git a/nginx/sandcrawler-db b/nginx/sandcrawler-db
deleted file mode 100644
index 67d1a2d..0000000
--- a/nginx/sandcrawler-db
+++ /dev/null
@@ -1,80 +0,0 @@
-
-upstream postgrest {
- server localhost:3030;
- keepalive 64;
-}
-
-server {
- listen 80;
- listen [::]:80;
- listen 443 ssl http2;
- listen [::]:443 ssl http2;
- server_name sandcrawler-db.fatcat.wiki db.sandcrawler.org;
-
- ssl_certificate /etc/letsencrypt/live/sandcrawler-minio.fatcat.wiki/fullchain.pem;
- ssl_certificate_key /etc/letsencrypt/live/sandcrawler-minio.fatcat.wiki/privkey.pem;
-
- #add_header Content-Security-Policy "default-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'";
- add_header X-Frame-Options "SAMEORIGIN"; # 'always' if nginx > 1.7.5
- add_header X-Content-Type-Options "nosniff"; # 'always' if nginx > 1.7.5
- add_header X-Xss-Protection "1";
- # Enable STS with one year period (breaks http; optional)
- #add_header Strict-Transport-Security "max-age=31557600; includeSubDomains";
-
- error_log /var/log/nginx/sandcrawler-errors.log;
- access_log /dev/null;
-
- if ($scheme = http) {
- return 301 https://$server_name$request_uri;
- }
-
- location / {
-
- default_type application/json;
-
- if ($request_method !~ "GET") {
- return 403;
- break;
- }
-
- proxy_redirect off;
-
- proxy_http_version 1.1;
- proxy_set_header Connection "";
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- proxy_set_header Host $http_host;
-
- proxy_pass http://postgrest/;
- }
-
- # support /endpoint/:id url style for sha1hex lookups
- location ~ "^/(file_meta|grobid|fatcat_file)/([a-f0-9]{40})$" {
-
- if ($request_method !~ "GET") {
- return 403;
- break;
- }
-
- # assuming an upstream named "postgrest"
- # doing this rewrite as part of the proxy_pass line itself didn't seem
- # to work, so doing a formal rewrite here
- rewrite "/([a-z_]+)/([a-f0-9]{40})" /$1?sha1hex=eq.$2 break;
- proxy_pass http://postgrest;
-
- # make the response singular
- #default_type application/vnd.pgrst.object+json;
- proxy_set_header Accept "application/vnd.pgrst.object+json";
-
- proxy_http_version 1.1;
- proxy_set_header Connection "";
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- }
-
- # Let's Encrypt SSL Certs
- location /.well-known/acme-challenge/ {
- root /var/www/letsencrypt;
- autoindex off;
- }
-}
diff --git a/nginx/sandcrawler-minio b/nginx/sandcrawler-minio
deleted file mode 100644
index 2e9bfe3..0000000
--- a/nginx/sandcrawler-minio
+++ /dev/null
@@ -1,57 +0,0 @@
-
-server {
- listen 80;
- listen [::]:80;
- listen 443 ssl http2;
- listen [::]:443 ssl http2;
- server_name sandcrawler-minio.fatcat.wiki minio.sandcrawler.org;
-
- ssl_certificate /etc/letsencrypt/live/sandcrawler-minio.fatcat.wiki/fullchain.pem;
- ssl_certificate_key /etc/letsencrypt/live/sandcrawler-minio.fatcat.wiki/privkey.pem;
-
- #add_header Content-Security-Policy "default-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'";
- add_header X-Frame-Options "SAMEORIGIN"; # 'always' if nginx > 1.7.5
- add_header X-Content-Type-Options "nosniff"; # 'always' if nginx > 1.7.5
- add_header X-Xss-Protection "1";
- # Enable STS with one year period (breaks http; optional)
- #add_header Strict-Transport-Security "max-age=31557600; includeSubDomains";
-
- error_log /var/log/nginx/sandcrawler-errors.log;
- access_log /dev/null;
-
- if ($scheme = http) {
- return 301 https://$server_name$request_uri;
- }
-
- location /minio/ {
-
- # allows all HTTP verbs
-
- proxy_pass http://localhost:9000;
- proxy_redirect off;
-
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- proxy_set_header Host $http_host;
- }
-
- location / {
- if ($request_method !~ "GET") {
- return 403;
- break;
- }
-
- proxy_pass http://localhost:9000;
- proxy_redirect off;
-
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- proxy_set_header Host $http_host;
- }
-
- # Let's Encrypt SSL Certs
- location /.well-known/acme-challenge/ {
- root /var/www/letsencrypt;
- autoindex off;
- }
-}