schematics/src/templates/nginx/server.rs

use std::fmt::Display;
use std::path::Path;

pub fn default_server<P: AsRef<Path>>(challenges_snippet_path: P) -> String {
  format!(
    "server {{
      listen                  80 default_server;
      listen                  [::]:80 default_server;
      include                 \"{}\";
  }}",
    challenges_snippet_path.as_ref().to_str().unwrap()
  )
}

pub fn server_config<D: Display, C: AsRef<Path>, K: AsRef<Path>, T: Display, S: AsRef<Path>>(
  domain: D,
  cert_path: C,
  key_path: K,
  content: T,
  challenges_snippet_path: S,
) -> String {
  format!(
    "server {{
    listen                  443 ssl http2;
    listen                  [::]:443 ssl http2;
    server_name             {};
    include                 \"{}\";

    ssl_certificate         {};
    ssl_certificate_key     {};
    add_header              Strict-Transport-Security \"max-age=31536000\";

    {}
}}

# Redirect all HTTP links to the matching HTTPS page
server {{
    listen                  80;
    listen                  [::]:80;
    server_name             {0};
    include                 \"{1}\";

    location / {{
      return 301 https://$host$request_uri;
    }}
}}
",
    domain,
    challenges_snippet_path.as_ref().to_str().unwrap(),
    cert_path.as_ref().to_str().unwrap(),
    key_path.as_ref().to_str().unwrap(),
    content
  )
}

pub fn php_snippet<SOCKET: AsRef<Path>, STATIC: AsRef<Path>>(
  index: &'static str,
  socket_path: SOCKET,
  static_path: STATIC,
) -> String {
  format!(
    "root                {};
    index               {};
    location ~ [^/]\\.php(/|$) {{
      fastcgi_pass      unix:{};
      include           \"snippets/fastcgi-php.conf\";
    }}",
    static_path.as_ref().to_str().unwrap(),
    index,
    socket_path.as_ref().to_str().unwrap()
  )
}

pub fn redir_snippet(target: &str) -> String {
  format!(
    "location / {{
      return 301 $scheme://{}$request_uri;
    }}",
    target
  )
}

pub trait SocketSpec {
  fn to_nginx(&self) -> String;
}

impl<T: AsRef<Path>> SocketSpec for T {
  fn to_nginx(&self) -> String {
    format!("unix:{}:", self.as_ref().to_str().unwrap())
  }
}

#[derive(Debug)]
pub struct LocalTcpSocket(usize);

impl LocalTcpSocket {
  pub const fn new(x: usize) -> Self {
    Self(x)
  }
}

impl SocketSpec for LocalTcpSocket {
  fn to_nginx(&self) -> String {
    format!("localhost:{}", self.0)
  }
}

pub fn proxy_snippet<S: SocketSpec, STATIC: AsRef<Path>>(
  socket_path: &S,
  static_path: STATIC,
) -> String {
  format!(
    "root                    {};
    location / {{
      try_files             $uri @proxy;
    }}

    location @proxy {{
      include               fastcgi_params;
      proxy_pass            http://{};
      proxy_redirect        off;
    }}",
    static_path.as_ref().to_str().unwrap(),
    socket_path.to_nginx()
  )
}

pub fn static_snippet<S: AsRef<Path>>(static_path: S) -> String {
  format!(
    "root                    {};
      try_files $uri $uri/ $uri.html =404;
    ",
    static_path.as_ref().to_str().unwrap()
  )
}

pub fn dokuwiki_snippet() -> String {
  "
  location ~ /(data/|conf/|bin/|inc/|install.php) { deny all; }

  location / { try_files $uri $uri/ @dokuwiki; }

  location @dokuwiki {
      # rewrites \"doku.php/\" out of the URLs if you set the userewrite setting to .htaccess in dokuwiki config page
      rewrite ^/_media/(.*) /lib/exe/fetch.php?media=$1 last;
      rewrite ^/_detail/(.*) /lib/exe/detail.php?media=$1 last;
      rewrite ^/_export/([^/]+)/(.*) /doku.php?do=export_$1&id=$2 last;
      rewrite ^/(.*) /doku.php?id=$1&$args last;
  }".into()
}

pub fn nextcloud_snippet() -> String {
  "
  client_max_body_size 500M;

  # Disable gzip to avoid the removal of the ETag header
  gzip off;

  rewrite ^/caldav(.*)$ /remote.php/caldav$1 redirect;
  rewrite ^/carddav(.*)$ /remote.php/carddav$1 redirect;
  rewrite ^/webdav(.*)$ /remote.php/webdav$1 redirect;

  error_page 403 /core/templates/403.php;
  error_page 404 /core/templates/404.php;

  location = /robots.txt {
    allow all;
    log_not_found off;
    access_log off;
  }

  location ~ ^/(?:\\.htaccess|data|config|db_structure\\.xml|README) {
    deny all;
  }

  location / {
    # The following 2 rules are only needed with webfinger
    rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
    rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;

    rewrite ^/.well-known/carddav /remote.php/carddav/ redirect;
    rewrite ^/.well-known/caldav /remote.php/caldav/ redirect;

    rewrite ^(/core/doc/[^\\/]+/)$ $1/index.html;

    try_files $uri $uri/ /index.php;
  }

  # Adding the cache control header for js and css files
  # Make sure it is BELOW the location ~ \\.php(?:$|/) { block
  location ~* \\.(?:css|js)$ {
    add_header Cache-Control \"public, max-age=7200\";
    # Optional: Don't log access to assets
    access_log off;
  }

  # Optional: Don't log access to other assets
  location ~* \\.(?:jpg|jpeg|gif|bmp|ico|png|swf)$ {
    access_log off;
  }
  "
  .into()
}