use std::fmt::Display; use std::path::Path; #[must_use] pub fn default_server>(challenges_snippet_path: P) -> String { format!( "server {{ listen 80 default_server; listen [::]:80 default_server; include \"{}\"; }}", challenges_snippet_path.as_ref().to_str().unwrap() ) } #[must_use] pub fn server_config, K: AsRef, T: Display, S: AsRef>( domain: D, cert_path: C, key_path: K, content: T, challenges_snippet_path: S, ) -> String { format!( "server {{ listen 443 ssl http2; listen [::]:443 ssl http2; server_name {}; include \"{}\"; ssl_certificate {}; ssl_certificate_key {}; add_header Strict-Transport-Security \"max-age=31536000\"; {} }} # Redirect all HTTP links to the matching HTTPS page server {{ listen 80; listen [::]:80; server_name {0}; include \"{1}\"; location / {{ return 301 https://$host$request_uri; }} }} ", domain, challenges_snippet_path.as_ref().to_str().unwrap(), cert_path.as_ref().to_str().unwrap(), key_path.as_ref().to_str().unwrap(), content ) } #[must_use] pub fn php_snippet, STATIC: AsRef>( index: &'static str, socket_path: SOCKET, static_path: STATIC, ) -> String { format!( "root {}; index {}; location ~ [^/]\\.php(/|$) {{ fastcgi_pass unix:{}; include \"snippets/fastcgi-php.conf\"; }}", static_path.as_ref().to_str().unwrap(), index, socket_path.as_ref().to_str().unwrap() ) } #[must_use] pub fn redir_snippet(target: &str) -> String { format!( "location / {{ return 301 $scheme://{}$request_uri; }}", target ) } pub trait SocketSpec { fn to_nginx(&self) -> String; } impl> SocketSpec for T { #[must_use] fn to_nginx(&self) -> String { format!("unix:{}:", self.as_ref().to_str().unwrap()) } } #[derive(Debug)] pub struct LocalTcpSocket(usize); impl LocalTcpSocket { #[must_use] pub const fn new(x: usize) -> Self { Self(x) } } impl SocketSpec for LocalTcpSocket { #[must_use] fn to_nginx(&self) -> String { format!("localhost:{}", self.0) } } #[must_use] pub fn proxy_snippet>( socket_path: &S, static_path: STATIC, ) -> String { format!( "root {}; location / {{ try_files $uri @proxy; }} location @proxy {{ include fastcgi_params; proxy_pass http://{}; proxy_redirect off; }}", static_path.as_ref().to_str().unwrap(), socket_path.to_nginx() ) } #[must_use] pub fn static_snippet>(static_path: S) -> String { format!( "root {}; try_files $uri $uri/ $uri.html =404; ", static_path.as_ref().to_str().unwrap() ) } #[must_use] pub fn dokuwiki_snippet() -> String { " location ~ /(data/|conf/|bin/|inc/|install.php) { deny all; } location / { try_files $uri $uri/ @dokuwiki; } location @dokuwiki { # rewrites \"doku.php/\" out of the URLs if you set the userewrite setting to .htaccess in dokuwiki config page rewrite ^/_media/(.*) /lib/exe/fetch.php?media=$1 last; rewrite ^/_detail/(.*) /lib/exe/detail.php?media=$1 last; rewrite ^/_export/([^/]+)/(.*) /doku.php?do=export_$1&id=$2 last; rewrite ^/(.*) /doku.php?id=$1&$args last; }".into() } #[must_use] pub fn nextcloud_snippet() -> String { " client_max_body_size 500M; # Disable gzip to avoid the removal of the ETag header gzip off; rewrite ^/caldav(.*)$ /remote.php/caldav$1 redirect; rewrite ^/carddav(.*)$ /remote.php/carddav$1 redirect; rewrite ^/webdav(.*)$ /remote.php/webdav$1 redirect; error_page 403 /core/templates/403.php; error_page 404 /core/templates/404.php; location = /robots.txt { allow all; log_not_found off; access_log off; } location ~ ^/(?:\\.htaccess|data|config|db_structure\\.xml|README) { deny all; } location / { # The following 2 rules are only needed with webfinger rewrite ^/.well-known/host-meta /public.php?service=host-meta last; rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last; rewrite ^/.well-known/carddav /remote.php/carddav/ redirect; rewrite ^/.well-known/caldav /remote.php/caldav/ redirect; rewrite ^(/core/doc/[^\\/]+/)$ $1/index.html; try_files $uri $uri/ /index.php; } # Adding the cache control header for js and css files # Make sure it is BELOW the location ~ \\.php(?:$|/) { block location ~* \\.(?:css|js)$ { add_header Cache-Control \"public, max-age=7200\"; # Optional: Don't log access to assets access_log off; } # Optional: Don't log access to other assets location ~* \\.(?:jpg|jpeg|gif|bmp|ico|png|swf)$ { access_log off; } " .into() }