|
|
use std::fmt::Display;
use std::path::Path;
#[must_use]
pub fn default_server<P: AsRef<Path>>(challenges_snippet_path: P) -> String {
format!(
"server {{
listen 80 default_server;
listen [::]:80 default_server;
include \"{}\";
}}",
challenges_snippet_path.as_ref().to_str().unwrap()
)
}
#[must_use]
pub fn server_config<D: Display, C: AsRef<Path>, K: AsRef<Path>, T: Display, S: AsRef<Path>>(
domain: D,
cert_path: C,
key_path: K,
content: T,
challenges_snippet_path: S,
) -> String {
format!(
"server {{
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name {};
include \"{}\";
ssl_certificate {};
ssl_certificate_key {};
add_header Strict-Transport-Security \"max-age=31536000\";
{}
}}
# Redirect all HTTP links to the matching HTTPS page
server {{
listen 80;
listen [::]:80;
server_name {0};
include \"{1}\";
location / {{
return 301 https://$host$request_uri;
}}
}}
",
domain,
challenges_snippet_path.as_ref().to_str().unwrap(),
cert_path.as_ref().to_str().unwrap(),
key_path.as_ref().to_str().unwrap(),
content
)
}
#[must_use]
pub fn php_snippet<SOCKET: AsRef<Path>, STATIC: AsRef<Path>>(
index: &'static str,
socket_path: SOCKET,
static_path: STATIC,
) -> String {
format!(
"root {};
index {};
location ~ [^/]\\.php(/|$) {{
fastcgi_pass unix:{};
include \"snippets/fastcgi-php.conf\";
}}",
static_path.as_ref().to_str().unwrap(),
index,
socket_path.as_ref().to_str().unwrap()
)
}
#[must_use]
pub fn redir_snippet(target: &str) -> String {
format!(
"location / {{
return 301 $scheme://{}$request_uri;
}}",
target
)
}
pub trait SocketSpec {
fn to_nginx(&self) -> String;
}
impl<T: AsRef<Path>> SocketSpec for T {
#[must_use]
fn to_nginx(&self) -> String {
format!("unix:{}:", self.as_ref().to_str().unwrap())
}
}
#[derive(Debug)]
pub struct LocalTcpSocket(usize);
impl LocalTcpSocket {
#[must_use]
pub const fn new(x: usize) -> Self {
Self(x)
}
}
impl SocketSpec for LocalTcpSocket {
#[must_use]
fn to_nginx(&self) -> String {
format!("localhost:{}", self.0)
}
}
#[must_use]
pub fn proxy_snippet<S: SocketSpec, STATIC: AsRef<Path>>(
socket_path: &S,
static_path: STATIC,
) -> String {
format!(
"root {};
location / {{
try_files $uri @proxy;
}}
location @proxy {{
include fastcgi_params;
proxy_pass http://{};
proxy_redirect off;
}}",
static_path.as_ref().to_str().unwrap(),
socket_path.to_nginx()
)
}
#[must_use]
pub fn static_snippet<S: AsRef<Path>>(static_path: S) -> String {
format!(
"root {};
try_files $uri $uri/ $uri.html =404;
",
static_path.as_ref().to_str().unwrap()
)
}
#[must_use]
pub fn dokuwiki_snippet() -> String {
"
location ~ /(data/|conf/|bin/|inc/|install.php) { deny all; }
location / { try_files $uri $uri/ @dokuwiki; }
location @dokuwiki {
# rewrites \"doku.php/\" out of the URLs if you set the userewrite setting to .htaccess in dokuwiki config page
rewrite ^/_media/(.*) /lib/exe/fetch.php?media=$1 last;
rewrite ^/_detail/(.*) /lib/exe/detail.php?media=$1 last;
rewrite ^/_export/([^/]+)/(.*) /doku.php?do=export_$1&id=$2 last;
rewrite ^/(.*) /doku.php?id=$1&$args last;
}".into()
}
#[must_use]
pub fn nextcloud_snippet() -> String {
"
client_max_body_size 500M;
# Disable gzip to avoid the removal of the ETag header
gzip off;
rewrite ^/caldav(.*)$ /remote.php/caldav$1 redirect;
rewrite ^/carddav(.*)$ /remote.php/carddav$1 redirect;
rewrite ^/webdav(.*)$ /remote.php/webdav$1 redirect;
error_page 403 /core/templates/403.php;
error_page 404 /core/templates/404.php;
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location ~ ^/(?:\\.htaccess|data|config|db_structure\\.xml|README) {
deny all;
}
location / {
# The following 2 rules are only needed with webfinger
rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;
rewrite ^/.well-known/carddav /remote.php/carddav/ redirect;
rewrite ^/.well-known/caldav /remote.php/caldav/ redirect;
rewrite ^(/core/doc/[^\\/]+/)$ $1/index.html;
try_files $uri $uri/ /index.php;
}
# Adding the cache control header for js and css files
# Make sure it is BELOW the location ~ \\.php(?:$|/) { block
location ~* \\.(?:css|js)$ {
add_header Cache-Control \"public, max-age=7200\";
# Optional: Don't log access to assets
access_log off;
}
# Optional: Don't log access to other assets
location ~* \\.(?:jpg|jpeg|gif|bmp|ico|png|swf)$ {
access_log off;
}
"
.into()
}
|