A library for writing host-specific, single-binary configuration management and deployment tools
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

214 lines
5.1 KiB

4 years ago
4 years ago
4 years ago
4 years ago
4 years ago
4 years ago
4 years ago
4 years ago
4 years ago
4 years ago
4 years ago
  1. use std::fmt::Display;
  2. use std::path::Path;
  3. #[must_use]
  4. pub fn default_server<P: AsRef<Path>>(challenges_snippet_path: P) -> String {
  5. format!(
  6. "server {{
  7. listen 80 default_server;
  8. listen [::]:80 default_server;
  9. include \"{}\";
  10. }}",
  11. challenges_snippet_path.as_ref().to_str().unwrap()
  12. )
  13. }
  14. #[must_use]
  15. pub fn server_config<D: Display, C: AsRef<Path>, K: AsRef<Path>, T: Display, S: AsRef<Path>>(
  16. domain: D,
  17. cert_path: C,
  18. key_path: K,
  19. content: T,
  20. challenges_snippet_path: S,
  21. ) -> String {
  22. format!(
  23. "server {{
  24. listen 443 ssl http2;
  25. listen [::]:443 ssl http2;
  26. server_name {};
  27. include \"{}\";
  28. ssl_certificate {};
  29. ssl_certificate_key {};
  30. add_header Strict-Transport-Security \"max-age=31536000\";
  31. {}
  32. }}
  33. # Redirect all HTTP links to the matching HTTPS page
  34. server {{
  35. listen 80;
  36. listen [::]:80;
  37. server_name {0};
  38. include \"{1}\";
  39. location / {{
  40. return 301 https://$host$request_uri;
  41. }}
  42. }}
  43. ",
  44. domain,
  45. challenges_snippet_path.as_ref().to_str().unwrap(),
  46. cert_path.as_ref().to_str().unwrap(),
  47. key_path.as_ref().to_str().unwrap(),
  48. content
  49. )
  50. }
  51. #[must_use]
  52. pub fn php_snippet<SOCKET: AsRef<Path>, STATIC: AsRef<Path>>(
  53. index: &'static str,
  54. socket_path: SOCKET,
  55. static_path: STATIC,
  56. ) -> String {
  57. format!(
  58. "root {};
  59. index {};
  60. location ~ [^/]\\.php(/|$) {{
  61. fastcgi_pass unix:{};
  62. include \"snippets/fastcgi-php.conf\";
  63. }}",
  64. static_path.as_ref().to_str().unwrap(),
  65. index,
  66. socket_path.as_ref().to_str().unwrap()
  67. )
  68. }
  69. #[must_use]
  70. pub fn redir_snippet(target: &str) -> String {
  71. format!(
  72. "location / {{
  73. return 301 $scheme://{}$request_uri;
  74. }}",
  75. target
  76. )
  77. }
  78. pub trait SocketSpec {
  79. fn to_nginx(&self) -> String;
  80. }
  81. impl<T: AsRef<Path>> SocketSpec for T {
  82. #[must_use]
  83. fn to_nginx(&self) -> String {
  84. format!("unix:{}:", self.as_ref().to_str().unwrap())
  85. }
  86. }
  87. #[derive(Debug)]
  88. pub struct LocalTcpSocket(usize);
  89. impl LocalTcpSocket {
  90. #[must_use]
  91. pub const fn new(x: usize) -> Self {
  92. Self(x)
  93. }
  94. }
  95. impl SocketSpec for LocalTcpSocket {
  96. #[must_use]
  97. fn to_nginx(&self) -> String {
  98. format!("localhost:{}", self.0)
  99. }
  100. }
  101. #[must_use]
  102. pub fn proxy_snippet<S: SocketSpec, STATIC: AsRef<Path>>(
  103. socket_path: &S,
  104. static_path: STATIC,
  105. ) -> String {
  106. format!(
  107. "root {};
  108. location / {{
  109. try_files $uri @proxy;
  110. }}
  111. location @proxy {{
  112. include fastcgi_params;
  113. proxy_pass http://{};
  114. proxy_redirect off;
  115. }}",
  116. static_path.as_ref().to_str().unwrap(),
  117. socket_path.to_nginx()
  118. )
  119. }
  120. #[must_use]
  121. pub fn static_snippet<S: AsRef<Path>>(static_path: S) -> String {
  122. format!(
  123. "root {};
  124. try_files $uri $uri/ $uri.html =404;
  125. ",
  126. static_path.as_ref().to_str().unwrap()
  127. )
  128. }
  129. #[must_use]
  130. pub fn dokuwiki_snippet() -> String {
  131. "
  132. location ~ /(data/|conf/|bin/|inc/|install.php) { deny all; }
  133. location / { try_files $uri $uri/ @dokuwiki; }
  134. location @dokuwiki {
  135. # rewrites \"doku.php/\" out of the URLs if you set the userewrite setting to .htaccess in dokuwiki config page
  136. rewrite ^/_media/(.*) /lib/exe/fetch.php?media=$1 last;
  137. rewrite ^/_detail/(.*) /lib/exe/detail.php?media=$1 last;
  138. rewrite ^/_export/([^/]+)/(.*) /doku.php?do=export_$1&id=$2 last;
  139. rewrite ^/(.*) /doku.php?id=$1&$args last;
  140. }".into()
  141. }
  142. #[must_use]
  143. pub fn nextcloud_snippet() -> String {
  144. "
  145. client_max_body_size 500M;
  146. # Disable gzip to avoid the removal of the ETag header
  147. gzip off;
  148. rewrite ^/caldav(.*)$ /remote.php/caldav$1 redirect;
  149. rewrite ^/carddav(.*)$ /remote.php/carddav$1 redirect;
  150. rewrite ^/webdav(.*)$ /remote.php/webdav$1 redirect;
  151. error_page 403 /core/templates/403.php;
  152. error_page 404 /core/templates/404.php;
  153. location = /robots.txt {
  154. allow all;
  155. log_not_found off;
  156. access_log off;
  157. }
  158. location ~ ^/(?:\\.htaccess|data|config|db_structure\\.xml|README) {
  159. deny all;
  160. }
  161. location / {
  162. # The following 2 rules are only needed with webfinger
  163. rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
  164. rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;
  165. rewrite ^/.well-known/carddav /remote.php/carddav/ redirect;
  166. rewrite ^/.well-known/caldav /remote.php/caldav/ redirect;
  167. rewrite ^(/core/doc/[^\\/]+/)$ $1/index.html;
  168. try_files $uri $uri/ /index.php;
  169. }
  170. # Adding the cache control header for js and css files
  171. # Make sure it is BELOW the location ~ \\.php(?:$|/) { block
  172. location ~* \\.(?:css|js)$ {
  173. add_header Cache-Control \"public, max-age=7200\";
  174. # Optional: Don't log access to assets
  175. access_log off;
  176. }
  177. # Optional: Don't log access to other assets
  178. location ~* \\.(?:jpg|jpeg|gif|bmp|ico|png|swf)$ {
  179. access_log off;
  180. }
  181. "
  182. .into()
  183. }