diff options
Diffstat (limited to 'nginx')
-rw-r--r-- | nginx/README.md | 18 | ||||
-rw-r--r-- | nginx/fatcat-blobs | 51 | ||||
-rw-r--r-- | nginx/sandcrawler-db | 80 | ||||
-rw-r--r-- | nginx/sandcrawler-minio | 57 |
4 files changed, 0 insertions, 206 deletions
diff --git a/nginx/README.md b/nginx/README.md deleted file mode 100644 index 0369f9b..0000000 --- a/nginx/README.md +++ /dev/null @@ -1,18 +0,0 @@ - -This folder contains nginx configs for partner access to sandcrawler DB -(postgrest) and GROBID XML blobs (minio). - -`fatcat-blobs` is part of the fatcat.wiki ansible config, but included here to -show how it works. - -## Let's Encrypt - -As... bnewbold? - - sudo certbot certonly \ - --non-interactive \ - --agree-tos \ - --email bnewbold@archive.org \ - --webroot -w /var/www/letsencrypt \ - -d sandcrawler-minio.fatcat.wiki \ - -d sandcrawler-db.fatcat.wiki diff --git a/nginx/fatcat-blobs b/nginx/fatcat-blobs deleted file mode 100644 index 5c692ef..0000000 --- a/nginx/fatcat-blobs +++ /dev/null @@ -1,51 +0,0 @@ - -server { - listen 80; - listen [::]:80; - listen 443 ssl http2; - listen [::]:443 ssl http2; - server_name blobs.fatcat.wiki; - - ssl_certificate /etc/letsencrypt/live/fatcat.wiki/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/fatcat.wiki/privkey.pem; - - #add_header Content-Security-Policy "default-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'"; - add_header X-Frame-Options "SAMEORIGIN"; # 'always' if nginx > 1.7.5 - add_header X-Content-Type-Options "nosniff"; # 'always' if nginx > 1.7.5 - add_header X-Xss-Protection "1"; - # Enable STS with one year period (breaks http; optional) - #add_header Strict-Transport-Security "max-age=31557600; includeSubDomains"; - - error_log /var/log/nginx/fatcat-errors.log; - access_log /dev/null; - - if ($scheme = http) { - return 301 https://$server_name$request_uri; - } - - location /unpaywall/ { - if ($request_method !~ "GET") { - return 403; - break; - } - - #proxy_pass http://sandcrawler-minio.fatcat.wiki:9000$uri$is_args$args; - proxy_pass http://207.241.227.141:9000$uri$is_args$args; - proxy_redirect off; - - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header Host $http_host; - } - - location / { - default_type text/plain; - return 504 'blobs.fatcat.wiki hosts many files; full URLs are required!\nyou probably want https://fatcat.wiki/ instead'; - } - - # Let's Encrypt SSL Certs - location /.well-known/acme-challenge/ { - root /var/www/letsencrypt; - autoindex off; - } -} diff --git a/nginx/sandcrawler-db b/nginx/sandcrawler-db deleted file mode 100644 index 67d1a2d..0000000 --- a/nginx/sandcrawler-db +++ /dev/null @@ -1,80 +0,0 @@ - -upstream postgrest { - server localhost:3030; - keepalive 64; -} - -server { - listen 80; - listen [::]:80; - listen 443 ssl http2; - listen [::]:443 ssl http2; - server_name sandcrawler-db.fatcat.wiki db.sandcrawler.org; - - ssl_certificate /etc/letsencrypt/live/sandcrawler-minio.fatcat.wiki/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/sandcrawler-minio.fatcat.wiki/privkey.pem; - - #add_header Content-Security-Policy "default-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'"; - add_header X-Frame-Options "SAMEORIGIN"; # 'always' if nginx > 1.7.5 - add_header X-Content-Type-Options "nosniff"; # 'always' if nginx > 1.7.5 - add_header X-Xss-Protection "1"; - # Enable STS with one year period (breaks http; optional) - #add_header Strict-Transport-Security "max-age=31557600; includeSubDomains"; - - error_log /var/log/nginx/sandcrawler-errors.log; - access_log /dev/null; - - if ($scheme = http) { - return 301 https://$server_name$request_uri; - } - - location / { - - default_type application/json; - - if ($request_method !~ "GET") { - return 403; - break; - } - - proxy_redirect off; - - proxy_http_version 1.1; - proxy_set_header Connection ""; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header Host $http_host; - - proxy_pass http://postgrest/; - } - - # support /endpoint/:id url style for sha1hex lookups - location ~ "^/(file_meta|grobid|fatcat_file)/([a-f0-9]{40})$" { - - if ($request_method !~ "GET") { - return 403; - break; - } - - # assuming an upstream named "postgrest" - # doing this rewrite as part of the proxy_pass line itself didn't seem - # to work, so doing a formal rewrite here - rewrite "/([a-z_]+)/([a-f0-9]{40})" /$1?sha1hex=eq.$2 break; - proxy_pass http://postgrest; - - # make the response singular - #default_type application/vnd.pgrst.object+json; - proxy_set_header Accept "application/vnd.pgrst.object+json"; - - proxy_http_version 1.1; - proxy_set_header Connection ""; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - } - - # Let's Encrypt SSL Certs - location /.well-known/acme-challenge/ { - root /var/www/letsencrypt; - autoindex off; - } -} diff --git a/nginx/sandcrawler-minio b/nginx/sandcrawler-minio deleted file mode 100644 index 2e9bfe3..0000000 --- a/nginx/sandcrawler-minio +++ /dev/null @@ -1,57 +0,0 @@ - -server { - listen 80; - listen [::]:80; - listen 443 ssl http2; - listen [::]:443 ssl http2; - server_name sandcrawler-minio.fatcat.wiki minio.sandcrawler.org; - - ssl_certificate /etc/letsencrypt/live/sandcrawler-minio.fatcat.wiki/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/sandcrawler-minio.fatcat.wiki/privkey.pem; - - #add_header Content-Security-Policy "default-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'"; - add_header X-Frame-Options "SAMEORIGIN"; # 'always' if nginx > 1.7.5 - add_header X-Content-Type-Options "nosniff"; # 'always' if nginx > 1.7.5 - add_header X-Xss-Protection "1"; - # Enable STS with one year period (breaks http; optional) - #add_header Strict-Transport-Security "max-age=31557600; includeSubDomains"; - - error_log /var/log/nginx/sandcrawler-errors.log; - access_log /dev/null; - - if ($scheme = http) { - return 301 https://$server_name$request_uri; - } - - location /minio/ { - - # allows all HTTP verbs - - proxy_pass http://localhost:9000; - proxy_redirect off; - - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header Host $http_host; - } - - location / { - if ($request_method !~ "GET") { - return 403; - break; - } - - proxy_pass http://localhost:9000; - proxy_redirect off; - - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header Host $http_host; - } - - # Let's Encrypt SSL Certs - location /.well-known/acme-challenge/ { - root /var/www/letsencrypt; - autoindex off; - } -} |