You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
214 lines
5.1 KiB
214 lines
5.1 KiB
use std::fmt::Display;
|
|
use std::path::Path;
|
|
|
|
#[must_use]
|
|
pub fn default_server<P: AsRef<Path>>(challenges_snippet_path: P) -> String {
|
|
format!(
|
|
"server {{
|
|
listen 80 default_server;
|
|
listen [::]:80 default_server;
|
|
include \"{}\";
|
|
}}",
|
|
challenges_snippet_path.as_ref().to_str().unwrap()
|
|
)
|
|
}
|
|
|
|
#[must_use]
|
|
pub fn server_config<D: Display, C: AsRef<Path>, K: AsRef<Path>, T: Display, S: AsRef<Path>>(
|
|
domain: D,
|
|
cert_path: C,
|
|
key_path: K,
|
|
content: T,
|
|
challenges_snippet_path: S,
|
|
) -> String {
|
|
format!(
|
|
"server {{
|
|
listen 443 ssl http2;
|
|
listen [::]:443 ssl http2;
|
|
server_name {};
|
|
include \"{}\";
|
|
|
|
ssl_certificate {};
|
|
ssl_certificate_key {};
|
|
add_header Strict-Transport-Security \"max-age=31536000\";
|
|
|
|
{}
|
|
}}
|
|
|
|
# Redirect all HTTP links to the matching HTTPS page
|
|
server {{
|
|
listen 80;
|
|
listen [::]:80;
|
|
server_name {0};
|
|
include \"{1}\";
|
|
|
|
location / {{
|
|
return 301 https://$host$request_uri;
|
|
}}
|
|
}}
|
|
",
|
|
domain,
|
|
challenges_snippet_path.as_ref().to_str().unwrap(),
|
|
cert_path.as_ref().to_str().unwrap(),
|
|
key_path.as_ref().to_str().unwrap(),
|
|
content
|
|
)
|
|
}
|
|
|
|
#[must_use]
|
|
pub fn php_snippet<SOCKET: AsRef<Path>, STATIC: AsRef<Path>>(
|
|
index: &'static str,
|
|
socket_path: SOCKET,
|
|
static_path: STATIC,
|
|
) -> String {
|
|
format!(
|
|
"root {};
|
|
index {};
|
|
location ~ [^/]\\.php(/|$) {{
|
|
fastcgi_pass unix:{};
|
|
include \"snippets/fastcgi-php.conf\";
|
|
}}",
|
|
static_path.as_ref().to_str().unwrap(),
|
|
index,
|
|
socket_path.as_ref().to_str().unwrap()
|
|
)
|
|
}
|
|
|
|
#[must_use]
|
|
pub fn redir_snippet(target: &str) -> String {
|
|
format!(
|
|
"location / {{
|
|
return 301 $scheme://{}$request_uri;
|
|
}}",
|
|
target
|
|
)
|
|
}
|
|
|
|
pub trait SocketSpec {
|
|
fn to_nginx(&self) -> String;
|
|
}
|
|
|
|
impl<T: AsRef<Path>> SocketSpec for T {
|
|
#[must_use]
|
|
fn to_nginx(&self) -> String {
|
|
format!("unix:{}:", self.as_ref().to_str().unwrap())
|
|
}
|
|
}
|
|
|
|
#[derive(Debug)]
|
|
pub struct LocalTcpSocket(usize);
|
|
|
|
impl LocalTcpSocket {
|
|
#[must_use]
|
|
pub const fn new(x: usize) -> Self {
|
|
Self(x)
|
|
}
|
|
}
|
|
|
|
impl SocketSpec for LocalTcpSocket {
|
|
#[must_use]
|
|
fn to_nginx(&self) -> String {
|
|
format!("localhost:{}", self.0)
|
|
}
|
|
}
|
|
|
|
#[must_use]
|
|
pub fn proxy_snippet<S: SocketSpec, STATIC: AsRef<Path>>(
|
|
socket_path: &S,
|
|
static_path: STATIC,
|
|
) -> String {
|
|
format!(
|
|
"root {};
|
|
location / {{
|
|
try_files $uri @proxy;
|
|
}}
|
|
|
|
location @proxy {{
|
|
include fastcgi_params;
|
|
proxy_pass http://{};
|
|
proxy_redirect off;
|
|
}}",
|
|
static_path.as_ref().to_str().unwrap(),
|
|
socket_path.to_nginx()
|
|
)
|
|
}
|
|
|
|
#[must_use]
|
|
pub fn static_snippet<S: AsRef<Path>>(static_path: S) -> String {
|
|
format!(
|
|
"root {};
|
|
try_files $uri $uri/ $uri.html =404;
|
|
",
|
|
static_path.as_ref().to_str().unwrap()
|
|
)
|
|
}
|
|
|
|
#[must_use]
|
|
pub fn dokuwiki_snippet() -> String {
|
|
"
|
|
location ~ /(data/|conf/|bin/|inc/|install.php) { deny all; }
|
|
|
|
location / { try_files $uri $uri/ @dokuwiki; }
|
|
|
|
location @dokuwiki {
|
|
# rewrites \"doku.php/\" out of the URLs if you set the userewrite setting to .htaccess in dokuwiki config page
|
|
rewrite ^/_media/(.*) /lib/exe/fetch.php?media=$1 last;
|
|
rewrite ^/_detail/(.*) /lib/exe/detail.php?media=$1 last;
|
|
rewrite ^/_export/([^/]+)/(.*) /doku.php?do=export_$1&id=$2 last;
|
|
rewrite ^/(.*) /doku.php?id=$1&$args last;
|
|
}".into()
|
|
}
|
|
|
|
#[must_use]
|
|
pub fn nextcloud_snippet() -> String {
|
|
"
|
|
client_max_body_size 500M;
|
|
|
|
# Disable gzip to avoid the removal of the ETag header
|
|
gzip off;
|
|
|
|
rewrite ^/caldav(.*)$ /remote.php/caldav$1 redirect;
|
|
rewrite ^/carddav(.*)$ /remote.php/carddav$1 redirect;
|
|
rewrite ^/webdav(.*)$ /remote.php/webdav$1 redirect;
|
|
|
|
error_page 403 /core/templates/403.php;
|
|
error_page 404 /core/templates/404.php;
|
|
|
|
location = /robots.txt {
|
|
allow all;
|
|
log_not_found off;
|
|
access_log off;
|
|
}
|
|
|
|
location ~ ^/(?:\\.htaccess|data|config|db_structure\\.xml|README) {
|
|
deny all;
|
|
}
|
|
|
|
location / {
|
|
# The following 2 rules are only needed with webfinger
|
|
rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
|
|
rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;
|
|
|
|
rewrite ^/.well-known/carddav /remote.php/carddav/ redirect;
|
|
rewrite ^/.well-known/caldav /remote.php/caldav/ redirect;
|
|
|
|
rewrite ^(/core/doc/[^\\/]+/)$ $1/index.html;
|
|
|
|
try_files $uri $uri/ /index.php;
|
|
}
|
|
|
|
# Adding the cache control header for js and css files
|
|
# Make sure it is BELOW the location ~ \\.php(?:$|/) { block
|
|
location ~* \\.(?:css|js)$ {
|
|
add_header Cache-Control \"public, max-age=7200\";
|
|
# Optional: Don't log access to assets
|
|
access_log off;
|
|
}
|
|
|
|
# Optional: Don't log access to other assets
|
|
location ~* \\.(?:jpg|jpeg|gif|bmp|ico|png|swf)$ {
|
|
access_log off;
|
|
}
|
|
"
|
|
.into()
|
|
}
|