diff options
| author | mia <mia@mia.jetzt> | 2024-06-08 22:56:05 -0700 |
|---|---|---|
| committer | mia <mia@mia.jetzt> | 2024-06-08 22:56:05 -0700 |
| commit | 8cf813ff033bbc98a7dd40db6ac11e2e35c7e997 (patch) | |
| tree | a451059194cbd4ba90993ebdaced4749448ec4df /nginx | |
| download | asylum-8cf813ff033bbc98a7dd40db6ac11e2e35c7e997.tar.gz asylum-8cf813ff033bbc98a7dd40db6ac11e2e35c7e997.zip | |
initial commit
Diffstat (limited to 'nginx')
| -rw-r--r-- | nginx/fastcgi.conf | 24 | ||||
| -rw-r--r-- | nginx/handoff.html | 26 | ||||
| -rw-r--r-- | nginx/mime.types | 1080 | ||||
| -rw-r--r-- | nginx/nginx.conf | 115 | ||||
| -rw-r--r-- | nginx/nginx.js | 49 | ||||
| -rw-r--r-- | nginx/sync.py | 59 | ||||
| -rwxr-xr-x | nginx/types.sh | 32 |
7 files changed, 1385 insertions, 0 deletions
diff --git a/nginx/fastcgi.conf b/nginx/fastcgi.conf new file mode 100644 index 0000000..92ed248 --- /dev/null +++ b/nginx/fastcgi.conf @@ -0,0 +1,24 @@ +fastcgi_param QUERY_STRING $query_string; +fastcgi_param REQUEST_METHOD $request_method; +fastcgi_param CONTENT_TYPE $content_type; +fastcgi_param CONTENT_LENGTH $content_length; + +fastcgi_param SCRIPT_NAME $fastcgi_script_name; +fastcgi_param REQUEST_URI $request_uri; +fastcgi_param DOCUMENT_URI $document_uri; +fastcgi_param DOCUMENT_ROOT $document_root; +fastcgi_param SERVER_PROTOCOL $server_protocol; +fastcgi_param REQUEST_SCHEME $scheme; +fastcgi_param HTTPS $https if_not_empty; + +fastcgi_param GATEWAY_INTERFACE CGI/1.1; +fastcgi_param SERVER_SOFTWARE nginx/$nginx_version; + +fastcgi_param REMOTE_ADDR $remote_addr; +fastcgi_param REMOTE_PORT $remote_port; +fastcgi_param SERVER_ADDR $server_addr; +fastcgi_param SERVER_PORT $server_port; +fastcgi_param SERVER_NAME $server_name; + +fastcgi_param PATH_INFO $uri; +fastcgi_param HTTP_HOST $server_name; diff --git a/nginx/handoff.html b/nginx/handoff.html new file mode 100644 index 0000000..c160580 --- /dev/null +++ b/nginx/handoff.html @@ -0,0 +1,26 @@ +<!DOCTYPE html> +<html style="align-items: center; background-color: darkcyan; display: flex; height: 100%"> + <head> + <title>Handoff</title> + <script> + (async () => { + const response = await fetch("https://dissociate.mia.jetzt/handoff", { credentials: "include" }); + if (response.status == 200) { + const data = await response.json(); + if (data.expiresIn < 300) { + console.log("token expiring soon, reauthenticating"); + location = "https://dissociate.mia.jetzt/logout"; + } + await fetch(`/.nginx/cookie?token=${data.token}&max_age=${data.expiresIn - 60}`); + location = "/"; + } else { + console.log("not authenticated, redirecting"); + location = "https://dissociate.mia.jetzt/login"; + } + })() + </script> + </head> + <body style="background-color: whitesmoke; color: black; filter: drop-shadow(0.5em 0.7em); margin: auto; padding: 1em"> + <p style="font-family: serif; font-size: large; margin: 0">Performing authenticated handoff</p> + </body> +</html> diff --git a/nginx/mime.types b/nginx/mime.types new file mode 100644 index 0000000..1e07600 --- /dev/null +++ b/nginx/mime.types @@ -0,0 +1,1080 @@ +types { + application/A2L a2l; + application/AML aml; + application/andrew-inset ez; + application/ATF atf; + application/ATFX atfx; + application/ATXML atxml; + application/atom+xml atom; + application/atomcat+xml atomcat; + application/atomdeleted+xml atomdeleted; + application/atomsvc+xml atomsvc; + application/atsc-dwd+xml dwd; + application/atsc-held+xml held; + application/atsc-rsat+xml rsat; + application/auth-policy+xml apxml; + application/automationml-amlx+zip amlx; + application/bacnet-xdd+zip xdd; + application/calendar+xml xcs; + application/cbor cbor; + application/cccex c3ex; + application/ccmp+xml ccmp; + application/ccxml+xml ccxml; + application/CDFX+XML cdfx; + application/cdmi-capability cdmia; + application/cdmi-container cdmic; + application/cdmi-domain cdmid; + application/cdmi-object cdmio; + application/cdmi-queue cdmiq; + application/CEA cea; + application/cellml+xml cellml cml; + application/clr 1clr; + application/clue_info+xml clue; + application/cms cmsc; + application/cpl+xml cpl; + application/csrattrs csrattrs; + application/cwl cwl; + application/cwl+json cwl.json; + application/dash+xml mpd; + application/dashdelta mpdd; + application/davmount+xml davmount; + application/DCD dcd; + application/dicom dcm; + application/DII dii; + application/DIT dit; + application/dskpp+xml xmls; + application/dssc+der dssc; + application/dssc+xml xdssc; + application/dvcs dvc; + application/ecmascript es; + application/efi efi; + application/emma+xml emma; + application/emotionml+xml emotionml; + application/epub+zip epub; + application/exi exi; + application/express exp; + application/fastinfoset finf; + application/fdt+xml fdt; + application/font-tdpfr pfr; + application/geo+json geojson; + application/geopackage+sqlite3 gpkg; + application/gltf-buffer glbin glbuf; + application/gml+xml gml; + application/gzip gz tgz; + application/hyperstudio stk; + application/inkml+xml ink inkml; + application/ipfix ipfix; + application/its+xml its; + application/java-archive jar; + application/jrd+json jrd; + application/json json; + application/json-patch+json json-patch; + application/ld+json jsonld; + application/lgr+xml lgr; + application/link-format wlnk; + application/lost+xml lostxml; + application/lostsync+xml lostsyncxml; + application/lpf+zip lpf; + application/LXF lxf; + application/mac-binhex40 hqx; + application/mads+xml mads; + application/manifest+json webmanifest; + application/marc mrc; + application/marcxml+xml mrcx; + application/mathematica nb ma mb; + application/mathml+xml mml; + application/mbox mbox; + application/metalink4+xml meta4; + application/mets+xml mets; + application/MF4 mf4; + application/mipc h5; + application/mmt-aei+xml maei; + application/mmt-usd+xml musd; + application/mods+xml mods; + application/mp21 m21 mp21; + application/msword doc; + application/mxf mxf; + application/n-quads nq; + application/n-triples nt; + application/ocsp-request orq; + application/ocsp-response ors; + application/octet-stream bin lha lzh exe class so dll img iso; + application/ODA oda; + application/ODX odx; + application/oebps-package+xml opf; + application/ogg ogx; + application/opc-nodeset+xml ; + application/oxps oxps; + application/p21 p21 stp step stpnc 210 ifc; + application/p21+zip stpz; + application/p2p-overlay+xml relo; + application/pdf pdf; + application/PDX pdx; + application/pem-certificate-chain pem; + application/pgp-encrypted pgp; + application/pgp-signature sig; + application/pkcs10 p10; + application/pkcs12 p12 pfx; + application/pkcs7-mime p7m p7c; + application/pkcs7-signature p7s; + application/pkcs8 p8; + application/pkcs8-encrypted p8e; + application/pkix-cert cer; + application/pkix-crl crl; + application/pkix-pkipath pkipath; + application/pkixcmp pki; + application/pls+xml pls; + application/postscript ps eps ai; + application/provenance+xml provx; + application/prs.cww cw cww; + application/prs.hpub+zip hpub; + application/prs.nprend rnd rct; + application/prs.rdf-xml-crypt rdf-crypt; + application/prs.xsf+xml xsf; + application/pskc+xml pskcxml; + application/rdf+xml rdf; + application/route-apd+xml rapd; + application/route-s-tsid+xml sls; + application/route-usd+xml rusd; + application/reginfo+xml rif; + application/relax-ng-compact-syntax rnc; + application/resource-lists-diff+xml rld; + application/resource-lists+xml rl; + application/rfc+xml rfcxml; + application/rls-services+xml rs; + application/rpki-ghostbusters gbr; + application/rpki-manifest mft; + application/rpki-roa roa; + application/rtf rtf; + application/sarif-external-properties+json sarif-external-properties sarif-external-properties.json; + application/sarif+json sarif sarif.json; + application/scim+json scim; + application/scvp-cv-request scq; + application/scvp-cv-response scs; + application/scvp-vp-request spq; + application/scvp-vp-response spp; + application/sdp sdp; + application/senml-etch+cbor senml-etchc; + application/senml-etch+json senml-etchj; + application/senml+cbor senmlc; + application/senml+json senml; + application/senml+xml senmlx; + application/senml-exi senmle; + application/sensml+cbor sensmlc; + application/sensml+json sensml; + application/sensml+xml sensmlx; + application/sensml-exi sensmle; + application/sgml-open-catalog soc; + application/shf+xml shf; + application/sieve siv sieve; + application/simple-filter+xml cl; + application/smil+xml smil smi sml; + application/sparql-query rq; + application/spdx+json spdx.json; + application/sparql-results+xml srx; + application/sql sql; + application/srgs gram; + application/srgs+xml grxml; + application/sru+xml sru; + application/ssml+xml ssml; + application/stix+json stix; + application/swid+cbor coswid; + application/swid+xml swidtag; + application/tamp-apex-update tau; + application/tamp-apex-update-confirm auc; + application/tamp-community-update tcu; + application/tamp-community-update-confirm cuc; + application/td+json jsontd; + application/tamp-error ter; + application/tamp-sequence-adjust tsa; + application/tamp-sequence-adjust-confirm sac; + application/tamp-update tur; + application/tamp-update-confirm tuc; + application/tei+xml tei teiCorpus odd; + application/thraud+xml tfi; + application/timestamp-query tsq; + application/timestamp-reply tsr; + application/timestamped-data tsd; + application/tm+json jsontm tm.json tm.jsonld; + application/trig trig; + application/ttml+xml ttml; + application/urc-grpsheet+xml gsheet; + application/urc-ressheet+xml rsheet; + application/urc-targetdesc+xml td; + application/urc-uisocketdesc+xml uis; + application/vnd.1000minds.decision-model+xml 1km; + application/vnd.1ob ob; + application/vnd.3gpp.5gnas ; + application/vnd.3gpp.pic-bw-large plb; + application/vnd.3gpp.pic-bw-small psb; + application/vnd.3gpp.pic-bw-var pvb; + application/vnd.3gpp2.sms sms; + application/vnd.3gpp2.tcap tcap; + application/vnd.3lightssoftware.imagescal imgcal; + application/vnd.3M.Post-it-Notes pwn; + application/vnd.accpac.simply.aso aso; + application/vnd.accpac.simply.imp imp; + application/vnd.acucobol acu; + application/vnd.acucorp atc acutc; + application/vnd.adobe.flash.movie swf; + application/vnd.adobe.formscentral.fcdt fcdt; + application/vnd.adobe.fxp fxp fxpl; + application/vnd.adobe.xdp+xml xdp; + application/vnd.afpc.modca list3820 listafp afp pseg3820; + application/vnd.afpc.modca-overlay ovl; + application/vnd.afpc.modca-pagesegment psg; + application/vnd.age age; + application/vnd.ahead.space ahead; + application/vnd.airzip.filesecure.azf azf; + application/vnd.airzip.filesecure.azs azs; + application/vnd.amazon.mobi8-ebook azw3; + application/vnd.americandynamics.acc acc; + application/vnd.amiga.ami ami; + application/vnd.android.ota ota; + application/vnd.anki apkg; + application/vnd.anser-web-certificate-issue-initiation cii; + application/vnd.anser-web-funds-transfer-initiation fti; + application/vnd.apache.arrow.file arrow; + application/vnd.apache.arrow.stream arrows; + application/vnd.apexlang apexland apex axdl; + application/vnd.apple.installer+xml dist distz pkg mpkg; + application/vnd.apple.keynote keynote; + application/vnd.apple.mpegurl m3u8; + application/vnd.apple.numbers numbers; + application/vnd.apple.pages pages; + application/vnd.aristanetworks.swi swi; + application/vnd.artisan+json artisan; + application/vnd.astraea-software.iota iota; + application/vnd.audiograph aep; + application/vnd.autopackage package; + application/vnd.balsamiq.bmml+xml bmml; + application/vnd.banana-accounting ac2; + application/vnd.balsamiq.bmpr bmpr; + application/vnd.belightsoft.lhzd+zip lhzd; + application/vnd.belightsoft.lhzl+zip lhzl; + application/vnd.blueice.multipass mpm; + application/vnd.bluetooth.ep.oob ep; + application/vnd.bluetooth.le.oob le; + application/vnd.bmi bmi; + application/vnd.businessobjects rep; + application/vnd.cendio.thinlinc.clientconf tlclient; + application/vnd.chemdraw+xml cdxml; + application/vnd.chess-pgn pgn; + application/vnd.chipnuts.karaoke-mmd mmd; + application/vnd.cinderella cdy; + application/vnd.citationstyles.style+xml csl; + application/vnd.claymore cla; + application/vnd.cloanto.rp9 rp9; + application/vnd.clonk.c4group c4g c4d c4f c4p c4u; + application/vnd.cluetrust.cartomobile-config c11amc; + application/vnd.cluetrust.cartomobile-config-pkg c11amz; + application/vnd.coffeescript coffee; + application/vnd.collabio.xodocuments.document xodt; + application/vnd.collabio.xodocuments.document-template xott; + application/vnd.collabio.xodocuments.presentation xodp; + application/vnd.collabio.xodocuments.presentation-template xotp; + application/vnd.collabio.xodocuments.spreadsheet xods; + application/vnd.collabio.xodocuments.spreadsheet-template xots; + application/vnd.comicbook-rar cbr; + application/vnd.comicbook+zip cbz; + application/vnd.commerce-battelle ica icf icd ic0 ic1 ic2 ic3 ic4 ic5 ic6 ic7 ic8; + application/vnd.commonspace csp cst; + application/vnd.contact.cmsg cdbcmsg; + application/vnd.coreos.ignition+json ign ignition; + application/vnd.cosmocaller cmc; + application/vnd.crick.clicker clkx; + application/vnd.crick.clicker.keyboard clkk; + application/vnd.crick.clicker.palette clkp; + application/vnd.crick.clicker.template clkt; + application/vnd.crick.clicker.wordbank clkw; + application/vnd.criticaltools.wbs+xml wbs; + application/vnd.crypto-shade-file ssvc; + application/vnd.cryptomator.encrypted c9r c9s; + application/vnd.cryptomator.vault cryptomator; + application/vnd.ctc-posml pml; + application/vnd.cups-ppd ppd; + application/vnd.curl curl; + application/vnd.dart dart; + application/vnd.data-vision.rdz rdz; + application/vnd.datalog dl; + application/vnd.dbf dbf; + application/vnd.debian.binary-package deb udeb; + application/vnd.dece.data uvf uvvf uvd uvvd; + application/vnd.dece.ttml+xml uvt uvvt; + application/vnd.dece.unspecified uvx uvvx; + application/vnd.dece.zip uvz uvvz; + application/vnd.denovo.fcselayout-link fe_launch; + application/vnd.desmume.movie dsm; + application/vnd.dna dna; + application/vnd.document+json docjson; + application/vnd.doremir.scorecloud-binary-document scld; + application/vnd.dpgraph dpg mwc dpgraph; + application/vnd.dreamfactory dfac; + application/vnd.dtg.local.flash fla; + application/vnd.dvb.ait ait; + application/vnd.dvb.service svc; + application/vnd.dynageo geo; + application/vnd.dzr dzr; + application/vnd.ecowin.chart mag; + application/vnd.eln+zip eln; + application/vnd.enliven nml; + application/vnd.epson.esf esf; + application/vnd.epson.msf msf; + application/vnd.epson.quickanime qam; + application/vnd.epson.salt slt; + application/vnd.epson.ssf ssf; + application/vnd.ericsson.quickcall qcall qca; + application/vnd.espass-espass+zip espass; + application/vnd.eszigno3+xml es3 et3; + application/vnd.etsi.asic-e+zip asice sce; + application/vnd.etsi.asic-s+zip asics; + application/vnd.etsi.timestamp-token tst; + application/vnd.eu.kasparian.car+json carjson; + application/vnd.exstream-empower+zip mpw; + application/vnd.exstream-package pub; + application/vnd.evolv.ecig.profile ecigprofile; + application/vnd.evolv.ecig.settings ecig; + application/vnd.evolv.ecig.theme ecigtheme; + application/vnd.ezpix-album ez2; + application/vnd.ezpix-package ez3; + application/vnd.fastcopy-disk-image dim; + application/vnd.familysearch.gedcom+zip gdz; + application/vnd.fdf fdf; + application/vnd.fdsn.mseed msd mseed; + application/vnd.fdsn.seed seed dataless; + application/vnd.ficlab.flb+zip flb; + application/vnd.filmit.zfc zfc; + application/vnd.FloGraphIt gph; + application/vnd.fluxtime.clip ftc; + application/vnd.font-fontforge-sfd sfd; + application/vnd.framemaker fm; + application/vnd.frogans.fnc fnc; + application/vnd.frogans.ltf ltf; + application/vnd.fsc.weblaunch fsc; + application/vnd.fujitsu.oasys oas; + application/vnd.fujitsu.oasys2 oa2; + application/vnd.fujitsu.oasys3 oa3; + application/vnd.fujitsu.oasysgp fg5; + application/vnd.fujitsu.oasysprs bh2; + application/vnd.fujixerox.ddd ddd; + application/vnd.fujixerox.docuworks xdw; + application/vnd.fujixerox.docuworks.binder xbd; + application/vnd.fujixerox.docuworks.container xct; + application/vnd.fuzzysheet fzs; + application/vnd.genomatix.tuxedo txd; + application/vnd.genozip genozip; + application/vnd.gentoo.ebuild ebuild; + application/vnd.gentoo.eclass eclass; + application/vnd.gentoo.gpkg gpkg.tar; + application/vnd.gentoo.xpak tbz2 xpak; + application/vnd.geocube+xml g3 g³; + application/vnd.geogebra.file ggb; + application/vnd.geogebra.slides ggs; + application/vnd.geogebra.tool ggt; + application/vnd.geometry-explorer gex gre; + application/vnd.geonext gxt; + application/vnd.geoplan g2w; + application/vnd.geospace g3w; + application/vnd.gmx gmx; + application/vnd.google-earth.kml+xml kml; + application/vnd.google-earth.kmz kmz; + application/vnd.grafeq gqf gqs; + application/vnd.groove-account gac; + application/vnd.groove-help ghf; + application/vnd.groove-identity-message gim; + application/vnd.groove-injector grv; + application/vnd.groove-tool-message gtm; + application/vnd.groove-tool-template tpl; + application/vnd.groove-vcard vcg; + application/vnd.hal+xml hal; + application/vnd.HandHeld-Entertainment+xml zmm; + application/vnd.hbci hbci hbc kom upa pkd bpd; + application/vnd.hdt hdt; + application/vnd.hhe.lesson-player les; + application/vnd.hp-HPGL hpgl; + application/vnd.hp-hpid hpi hpid; + application/vnd.hp-hps hps; + application/vnd.hp-jlyt jlt; + application/vnd.hp-PCL pcl; + application/vnd.hsl hsl; + application/vnd.hydrostatix.sof-data sfd-hdstx; + application/vnd.hzn-3d-crossword x3d; + application/vnd.ibm.electronic-media emm; + application/vnd.ibm.MiniPay mpy; + application/vnd.ibm.rights-management irm; + application/vnd.ibm.secure-container sc; + application/vnd.iccprofile icc icm; + application/vnd.ieee.1905 1905.1; + application/vnd.igloader igl; + application/vnd.imagemeter.folder+zip imf; + application/vnd.imagemeter.image+zip imi; + application/vnd.immervision-ivp ivp; + application/vnd.immervision-ivu ivu; + application/vnd.ims.imsccv1p1 imscc; + application/vnd.insors.igm igm; + application/vnd.intercon.formnet xpw xpx; + application/vnd.intergeo i2g; + application/vnd.intu.qbo qbo; + application/vnd.intu.qfx qfx; + application/vnd.ipld.car car; + application/vnd.ipunplugged.rcprofile rcprofile; + application/vnd.irepository.package+xml irp; + application/vnd.is-xpr xpr; + application/vnd.isac.fcs fcs; + application/vnd.jam jam; + application/vnd.jcp.javame.midlet-rms rms; + application/vnd.jisp jisp; + application/vnd.joost.joda-archive joda; + application/vnd.kahootz ktz ktr; + application/vnd.kde.karbon karbon; + application/vnd.kde.kchart chrt; + application/vnd.kde.kformula kfo; + application/vnd.kde.kivio flw; + application/vnd.kde.kontour kon; + application/vnd.kde.kpresenter kpr kpt; + application/vnd.kde.kspread ksp; + application/vnd.kde.kword kwd kwt; + application/vnd.kenameaapp htke; + application/vnd.kidspiration kia; + application/vnd.Kinar kne knp sdf; + application/vnd.koan skp skd skm skt; + application/vnd.kodak-descriptor sse; + application/vnd.las las; + application/vnd.las.las+json lasjson; + application/vnd.las.las+xml lasxml; + application/vnd.llamagraphics.life-balance.desktop lbd; + application/vnd.llamagraphics.life-balance.exchange+xml lbe; + application/vnd.logipipe.circuit+zip lcs lca; + application/vnd.loom loom; + application/vnd.lotus-1-2-3 123 wk4 wk3 wk1; + application/vnd.lotus-approach apr vew; + application/vnd.lotus-freelance prz pre; + application/vnd.lotus-notes nsf ntf ndl ns4 ns3 ns2 nsh nsg; + application/vnd.lotus-organizer or3 or2 org; + application/vnd.lotus-screencam scm; + application/vnd.lotus-wordpro lwp sam; + application/vnd.macports.portpkg portpkg; + application/vnd.mapbox-vector-tile mvt; + application/vnd.marlin.drm.mdcf mdc; + application/vnd.maxar.archive.3tz+zip 3tz; + application/vnd.maxmind.maxmind-db mmdb; + application/vnd.mcd mcd; + application/vnd.mdl mdl; + application/vnd.mdl-mbsdf mbsdf; + application/vnd.medcalcdata mc1; + application/vnd.mediastation.cdkey cdkey; + application/vnd.medicalholodeck.recordxr rxr; + application/vnd.MFER mwf; + application/vnd.mfmp mfm; + application/vnd.micrografx.flo flo; + application/vnd.micrografx.igx igx; + application/vnd.mif mif; + application/vnd.Mobius.DAF daf; + application/vnd.Mobius.DIS dis; + application/vnd.Mobius.MBK mbk; + application/vnd.Mobius.MQY mqy; + application/vnd.Mobius.MSL msl; + application/vnd.Mobius.PLC plc; + application/vnd.Mobius.TXF txf; + application/vnd.modl modl; + application/vnd.mophun.application mpn; + application/vnd.mophun.certificate mpc; + application/vnd.mozilla.xul+xml xul; + application/vnd.ms-3mfdocument 3mf; + application/vnd.ms-artgalry cil; + application/vnd.ms-asf asf; + application/vnd.ms-cab-compressed cab; + application/vnd.ms-excel xls xlm xla xlc xlt xlw; + application/vnd.ms-excel.template.macroEnabled.12 xltm; + application/vnd.ms-excel.addin.macroEnabled.12 xlam; + application/vnd.ms-excel.sheet.binary.macroEnabled.12 xlsb; + application/vnd.ms-excel.sheet.macroEnabled.12 xlsm; + application/vnd.ms-fontobject eot; + application/vnd.ms-htmlhelp chm; + application/vnd.ms-ims ims; + application/vnd.ms-lrm lrm; + application/vnd.ms-officetheme thmx; + application/vnd.ms-powerpoint ppt pps pot; + application/vnd.ms-powerpoint.addin.macroEnabled.12 ppam; + application/vnd.ms-powerpoint.presentation.macroEnabled.12 pptm; + application/vnd.ms-powerpoint.slide.macroEnabled.12 sldm; + application/vnd.ms-powerpoint.slideshow.macroEnabled.12 ppsm; + application/vnd.ms-powerpoint.template.macroEnabled.12 potm; + application/vnd.ms-project mpp mpt; + application/vnd.ms-tnef tnef tnf; + application/vnd.ms-word.document.macroEnabled.12 docm; + application/vnd.ms-word.template.macroEnabled.12 dotm; + application/vnd.ms-works wcm wdb wks wps; + application/vnd.ms-wpl wpl; + application/vnd.ms-xpsdocument xps; + application/vnd.msa-disk-image msa; + application/vnd.mseq mseq; + application/vnd.multiad.creator crtr; + application/vnd.multiad.creator.cif cif; + application/vnd.musician mus; + application/vnd.muvee.style msty; + application/vnd.mynfc taglet; + application/vnd.nebumind.line nebul line; + application/vnd.nervana entity request bkm kcm; + application/vnd.nimn nimn; + application/vnd.nitf nitf; + application/vnd.neurolanguage.nlu nlu; + application/vnd.nintendo.nitro.rom nds; + application/vnd.nintendo.snes.rom sfc smc; + application/vnd.noblenet-directory nnd; + application/vnd.noblenet-sealer nns; + application/vnd.noblenet-web nnw; + application/vnd.nokia.n-gage.ac+xml ac; + application/vnd.nokia.n-gage.data ngdat; + application/vnd.nokia.n-gage.symbian.install n-gage; + application/vnd.nokia.radio-preset rpst; + application/vnd.nokia.radio-presets rpss; + application/vnd.novadigm.EDM edm; + application/vnd.novadigm.EDX edx; + application/vnd.novadigm.EXT ext; + application/vnd.oasis.opendocument.base odb; + application/vnd.oasis.opendocument.chart odc; + application/vnd.oasis.opendocument.chart-template otc; + application/vnd.oasis.opendocument.formula odf; + application/vnd.oasis.opendocument.graphics odg; + application/vnd.oasis.opendocument.graphics-template otg; + application/vnd.oasis.opendocument.image odi; + application/vnd.oasis.opendocument.image-template oti; + application/vnd.oasis.opendocument.presentation odp; + application/vnd.oasis.opendocument.presentation-template otp; + application/vnd.oasis.opendocument.spreadsheet ods; + application/vnd.oasis.opendocument.spreadsheet-template ots; + application/vnd.oasis.opendocument.text odt; + application/vnd.oasis.opendocument.text-master odm; + application/vnd.oasis.opendocument.text-master-template otm; + application/vnd.oasis.opendocument.text-template ott; + application/vnd.oasis.opendocument.text-web oth; + application/vnd.olpc-sugar xo; + application/vnd.oma.dd2+xml dd2; + application/vnd.onepager tam; + application/vnd.onepagertamp tamp; + application/vnd.onepagertamx tamx; + application/vnd.onepagertat tat; + application/vnd.onepagertatp tatp; + application/vnd.onepagertatx tatx; + application/vnd.openblox.game+xml obgx; + application/vnd.openblox.game-binary obg; + application/vnd.openeye.oeb oeb; + application/vnd.openofficeorg.extension oxt; + application/vnd.openstreetmap.data+xml osm; + application/vnd.openxmlformats-officedocument.presentationml.presentation pptx; + application/vnd.openxmlformats-officedocument.presentationml.slide sldx; + application/vnd.openxmlformats-officedocument.presentationml.slideshow ppsx; + application/vnd.openxmlformats-officedocument.presentationml.template potx; + application/vnd.openxmlformats-officedocument.spreadsheetml.sheet xlsx; + application/vnd.openxmlformats-officedocument.spreadsheetml.template xltx; + application/vnd.openxmlformats-officedocument.wordprocessingml.document docx; + application/vnd.openxmlformats-officedocument.wordprocessingml.template dotx; + application/vnd.osa.netdeploy ndc; + application/vnd.osgeo.mapguide.package mgp; + application/vnd.osgi.dp dp; + application/vnd.osgi.subsystem esa; + application/vnd.oxli.countgraph oxlicg; + application/vnd.palm prc pdb pqa oprc; + application/vnd.panoply plp; + application/vnd.patentdive dive; + application/vnd.pawaafile paw; + application/vnd.pg.format str; + application/vnd.pg.osasli ei6; + application/vnd.piaccess.application-licence pil; + application/vnd.picsel efif; + application/vnd.pmi.widget wg; + application/vnd.pocketlearn plf; + application/vnd.powerbuilder6 pbd; + application/vnd.preminet preminet; + application/vnd.previewsystems.box box vbox; + application/vnd.proteus.magazine mgz; + application/vnd.psfs psfs; + application/vnd.publishare-delta-tree qps; + application/vnd.pvi.ptid1 ptid; + application/vnd.qualcomm.brew-app-res bar; + application/vnd.Quark.QuarkXPress qxd qxt qwd qwt qxl qxb; + application/vnd.quobject-quoxdocument quox quiz; + application/vnd.rainstor.data tree; + application/vnd.rar rar; + application/vnd.realvnc.bed bed; + application/vnd.recordare.musicxml mxl; + application/vnd.resilient.logic rlm reload; + application/vnd.rig.cryptonote cryptonote; + application/vnd.route66.link66+xml link66; + application/vnd.sailingtracker.track st; + application/vnd.sar SAR; + application/vnd.scribus scd sla slaz; + application/vnd.sealed.3df s3df; + application/vnd.sealed.csf scsf; + application/vnd.sealed.doc sdoc sdo s1w; + application/vnd.sealed.eml seml sem; + application/vnd.sealed.mht smht smh; + application/vnd.sealed.ppt sppt s1p; + application/vnd.sealed.tiff stif; + application/vnd.sealed.xls sxls sxl s1e; + application/vnd.sealedmedia.softseal.html stml s1h; + application/vnd.sealedmedia.softseal.pdf spdf spd s1a; + application/vnd.seemail see; + application/vnd.sema sema; + application/vnd.semd semd; + application/vnd.semf semf; + application/vnd.shade-save-file ssv; + application/vnd.shana.informed.formdata ifm; + application/vnd.shana.informed.formtemplate itp; + application/vnd.shana.informed.interchange iif; + application/vnd.shana.informed.package ipk; + application/vnd.shp shp; + application/vnd.shx shx; + application/vnd.sigrok.session sr; + application/vnd.SimTech-MindMapper twd twds; + application/vnd.smaf mmf; + application/vnd.smart.notebook notebook; + application/vnd.smart.teacher teacher; + application/vnd.smintio.portals.archive sipa; + application/vnd.snesdev-page-table ptrom pt; + application/vnd.software602.filler.form+xml fo; + application/vnd.software602.filler.form-xml-zip zfo; + application/vnd.solent.sdkm+xml sdkm sdkd; + application/vnd.spotfire.dxp dxp; + application/vnd.spotfire.sfs sfs; + application/vnd.sqlite3 sqlite sqlite3; + application/vnd.stepmania.package smzip; + application/vnd.stepmania.stepchart sm; + application/vnd.sun.wadl+xml wadl; + application/vnd.sus-calendar sus susp; + application/vnd.sybyl.mol2 ml2 mol2 sy2; + application/vnd.sycle+xml scl; + application/vnd.syft+json syft.json; + application/vnd.syncml+xml xsm; + application/vnd.syncml.dm+wbxml bdm; + application/vnd.syncml.dm+xml xdm; + application/vnd.syncml.dmddf+xml ddf; + application/vnd.tao.intent-module-archive tao; + application/vnd.tcpdump.pcap pcap cap dmp; + application/vnd.theqvd qvd; + application/vnd.think-cell.ppttc+json ppttc; + application/vnd.tml vfr viaframe; + application/vnd.tmobile-livetv tmo; + application/vnd.trid.tpt tpt; + application/vnd.triscape.mxs mxs; + application/vnd.trueapp tra; + application/vnd.ufdl ufdl ufd frm; + application/vnd.uiq.theme utz; + application/vnd.umajin umj; + application/vnd.unity unityweb; + application/vnd.uoml+xml uoml uo; + application/vnd.uri-map urim urimap; + application/vnd.valve.source.material vmt; + application/vnd.vcx vcx; + application/vnd.vd-study mxi study-inter model-inter; + application/vnd.vectorworks vwx; + application/vnd.veritone.aion+json aion vtnstd; + application/vnd.veryant.thin istc isws; + application/vnd.ves.encrypted VES; + application/vnd.vidsoft.vidconference vsc; + application/vnd.visio vsd vst vsw vss; + application/vnd.visionary vis; + application/vnd.vsf vsf; + application/vnd.wap.sic sic; + application/vnd.wap.slc slc; + application/vnd.wap.wbxml wbxml; + application/vnd.wap.wmlc wmlc; + application/vnd.wap.wmlscriptc wmlsc; + application/vnd.wasmflow.wafl wafl; + application/vnd.webturbo wtb; + application/vnd.wfa.p2p p2p; + application/vnd.wfa.wsc wsc; + application/vnd.wmc wmc; + application/vnd.wolfram.mathematica.package m; + application/vnd.wolfram.player nbp; + application/vnd.wordperfect wpd; + application/vnd.wqd wqd; + application/vnd.wt.stf stf; + application/vnd.wv.csp+wbxml wv; + application/vnd.xara xar; + application/vnd.xfdl xfdl xfd; + application/vnd.xmpie.cpkg cpkg; + application/vnd.xmpie.dpkg dpkg; + application/vnd.xmpie.ppkg ppkg; + application/vnd.xmpie.xlim xlim; + application/vnd.yamaha.hv-dic hvd; + application/vnd.yamaha.hv-script hvs; + application/vnd.yamaha.hv-voice hvp; + application/vnd.yamaha.openscoreformat osf; + application/vnd.yamaha.smaf-audio saf; + application/vnd.yamaha.smaf-phrase spf; + application/vnd.yaoweme yme; + application/vnd.yellowriver-custom-menu cmp; + application/vnd.zul zir zirz; + application/vnd.zzazz.deck+xml zaz; + application/voicexml+xml vxml; + application/voucher-cms+json vcj; + application/wasm wasm; + application/watcherinfo+xml wif; + application/widget wgt; + application/wsdl+xml wsdl; + application/wspolicy+xml wspolicy; + application/xcap-att+xml xav; + application/xcap-caps+xml xca; + application/xcap-diff+xml xdf; + application/xcap-el+xml xel; + application/xcap-error+xml xer; + application/xcap-ns+xml xns; + application/xfdf xfdf; + application/xhtml+xml xhtml xhtm xht; + application/xliff+xml xlf; + application/xml-dtd dtd; + application/xop+xml xop; + application/xslt+xml xsl xslt; + application/xv+xml mxml xhvml xvml xvm; + application/yang yang; + application/yin+xml yin; + application/zip zip; + application/zstd zst; + audio/32kadpcm 726; + audio/aac adts aac ass; + audio/ac3 ac3; + audio/AMR amr; + audio/AMR-WB awb; + audio/asc acn; + audio/ATRAC-ADVANCED-LOSSLESS aal; + audio/ATRAC-X atx; + audio/ATRAC3 at3 aa3 omg; + audio/basic au snd; + audio/dls dls; + audio/EVRC evc; + audio/EVRCB evb; + audio/EVRCNW enw; + audio/EVRCWB evw; + audio/iLBC lbc; + audio/L16 l16; + audio/mhas mhas; + audio/mobile-xmf mxmf; + audio/mp4 m4a; + audio/mpeg mp3 mpga mp1 mp2; + audio/ogg oga ogg opus spx; + audio/prs.sid sid psid; + audio/QCELP qcp; + audio/SMV smv; + audio/sofa sofa; + audio/usac loas xhe; + audio/vnd.audiokoz koz; + audio/vnd.dece.audio uva uvva; + audio/vnd.digital-winds eol; + audio/vnd.dolby.mlp mlp; + audio/vnd.dts dts; + audio/vnd.dts.hd dtshd; + audio/vnd.everad.plj plj; + audio/vnd.lucent.voice lvp; + audio/vnd.ms-playready.media.pya pya; + audio/vnd.nortel.vbk vbk; + audio/vnd.nuera.ecelp4800 ecelp4800; + audio/vnd.nuera.ecelp7470 ecelp7470; + audio/vnd.nuera.ecelp9600 ecelp9600; + audio/vnd.presonus.multitrack multitrack; + audio/vnd.rip rip; + audio/vnd.sealedmedia.softseal.mpeg smp3 smp s1m; + font/collection ttc; + font/otf otf; + font/ttf ttf; + font/woff woff; + font/woff2 woff2; + image/aces exr; + image/avci avci; + image/avcs avcs; + image/avif avif hif; + image/bmp bmp dib; + image/cgm cgm; + image/dicom-rle drle; + image/dpx dpx; + image/emf emf; + image/fits fits fit fts; + image/heic heic; + image/heic-sequence heics; + image/heif heif; + image/heif-sequence heifs; + image/hej2k hej2; + image/hsj2 hsj2; + image/gif gif; + image/ief ief; + image/jls jls; + image/jp2 jp2 jpg2; + image/jph jph; + image/jphc jhc; + image/jpeg jpg jpeg jpe jfif; + image/jpm jpm jpgm; + image/jpx jpx jpf; + image/jxl jxl; + image/jxr jxr; + image/jxrA jxra; + image/jxrS jxrs; + image/jxs jxs; + image/jxsc jxsc; + image/jxsi jxsi; + image/jxss jxss; + image/ktx ktx; + image/ktx2 ktx2; + image/png png; + image/prs.btif btif btf; + image/prs.pti pti; + image/svg+xml svg svgz; + image/t38 t38; + image/tiff tiff tif; + image/tiff-fx tfx; + image/vnd.adobe.photoshop psd; + image/vnd.airzip.accelerator.azv azv; + image/vnd.dece.graphic uvi uvvi uvg uvvg; + image/vnd.djvu djvu djv; + image/vnd.dwg dwg; + image/vnd.dxf dxf; + image/vnd.fastbidsheet fbs; + image/vnd.fpx fpx; + image/vnd.fst fst; + image/vnd.fujixerox.edmics-mmr mmr; + image/vnd.fujixerox.edmics-rlc rlc; + image/vnd.globalgraphics.pgb pgb; + image/vnd.microsoft.icon ico; + image/vnd.mozilla.apng apng; + image/vnd.ms-modi mdi; + image/vnd.pco.b16 b16; + image/vnd.radiance hdr rgbe xyze; + image/vnd.sealed.png spng spn s1n; + image/vnd.sealedmedia.softseal.gif sgif sgi s1g; + image/vnd.sealedmedia.softseal.jpg sjpg sjp s1j; + image/vnd.tencent.tap tap; + image/vnd.valve.source.texture vtf; + image/vnd.wap.wbmp wbmp; + image/vnd.xiff xif; + image/vnd.zbrush.pcx pcx; + image/wmf wmf; + message/global u8msg; + message/global-delivery-status u8dsn; + message/global-disposition-notification u8mdn; + message/global-headers u8hdr; + message/rfc822 eml mail art; + model/gltf-binary glb; + model/gltf+json gltf; + model/JT jt; + model/iges igs iges; + model/mesh msh mesh silo; + model/mtl mtl; + model/obj obj; + model/step+xml stpx; + model/step-xml+zip stpxz; + model/stl stl; + model/u3d u3d; + model/vnd.bary bary; + model/vnd.cld cld; + model/vnd.collada+xml dae; + model/vnd.dwf dwf; + model/vnd.gdl gdl gsm win dor lmp rsm msm ism; + model/vnd.gtw gtw; + model/vnd.moml+xml moml; + model/vnd.mts mts; + model/vnd.opengex ogex; + model/vnd.parasolid.transmit.binary x_b xmt_bin; + model/vnd.parasolid.transmit.text x_t xmt_txt; + model/vnd.pytha.pyox pyo pyox; + model/vnd.sap.vds vds; + model/vnd.usda usda; + model/vnd.usdz+zip usdz; + model/vnd.valve.source.compiled-map bsp; + model/vnd.vtu vtu; + model/vrml wrl vrml; + model/x3d+xml x3db; + model/x3d-vrml x3dv x3dvz; + multipart/vnd.bint.med-plus bmed; + multipart/voice-message vpm; + text/cache-manifest appcache manifest; + text/calendar ics ifb; + text/cql CQL; + text/css css; + text/csv csv; + text/csv-schema csvs; + text/dns soa zone; + text/gff3 gff3; + text/html html htm; + text/javascript js mjs; + text/jcr-cnd cnd; + text/markdown markdown md; + text/mizar miz; + text/n3 n3; + text/plain txt asc text pm el c h cc hh cxx hxx f90 conf log; + text/provenance-notation provn; + text/prs.fallenstein.rst rst; + text/prs.lines.tag tag dsc; + text/richtext rtx; + text/SGML sgml sgm; + text/shaclc shaclc shc; + text/shex shex; + text/spdx spdx; + text/tab-separated-values tsv; + text/troff t tr roff; + text/turtle ttl; + text/uri-list uris uri; + text/vcard vcf vcard; + text/vnd.a a; + text/vnd.abc abc; + text/vnd.ascii-art ascii; + text/vnd.debian.copyright copyright; + text/vnd.DMClientScript dms; + text/vnd.dvb.subtitle sub; + text/vnd.esmertec.theme-descriptor jtd; + text/vnd.exchangeable vfk; + text/vnd.familysearch.gedcom ged; + text/vnd.ficlab.flt flt; + text/vnd.fly fly; + text/vnd.fmi.flexstor flx; + text/vnd.graphviz gv dot; + text/vnd.hans hans; + text/vnd.hgl hgl; + text/vnd.in3d.3dml 3dml 3dm; + text/vnd.in3d.spot spot spo; + text/vnd.ms-mediapackage mpf; + text/vnd.net2phone.commcenter.command ccc; + text/vnd.senx.warpscript mc2; + text/vnd.si.uricatalogue uric; + text/vnd.sun.j2me.app-descriptor jad; + text/vnd.sosi sos; + text/vnd.trolltech.linguist ts; + text/vnd.wap.si si; + text/vnd.wap.sl sl; + text/vnd.wap.wml wml; + text/vnd.wap.wmlscript wmls; + text/vtt vtt; + text/wgsl wgsl; + text/xml xml xsd rng; + text/xml-external-parsed-entity ent; + video/3gpp 3gp 3gpp; + video/3gpp2 3g2 3gpp2; + video/iso.segment m4s; + video/mj2 mj2 mjp2; + video/mp4 mp4 mpg4 m4v; + video/mpeg mpeg mpg mpe m1v m2v; + video/ogg ogv; + video/quicktime mov qt; + video/vnd.dece.hd uvh uvvh; + video/vnd.dece.mobile uvm uvvm; + video/vnd.dece.mp4 uvu uvvu; + video/vnd.dece.pd uvp uvvp; + video/vnd.dece.sd uvs uvvs; + video/vnd.dece.video uvv uvvv; + video/vnd.dvb.file dvb; + video/vnd.fvt fvt; + video/vnd.mpegurl mxu m4u; + video/vnd.ms-playready.media.pyv pyv; + video/vnd.nokia.interleaved-multimedia nim; + video/vnd.radgamettools.bink bik bk2; + video/vnd.radgamettools.smacker smk; + video/vnd.sealed.mpeg1 smpg s11; + video/vnd.sealed.mpeg4 s14; + video/vnd.sealed.swf sswf ssw; + video/vnd.sealedmedia.softseal.mov smov smo s1q; + video/vnd.youtube.yt yt; + video/vnd.vivo viv; + application/mac-compactpro cpt; + application/metalink+xml metalink; + application/owl+xml owx; + application/rss+xml rss; + application/vnd.android.package-archive apk; + application/vnd.oma.dd+xml dd; + application/vnd.oma.drm.content dcf; + application/vnd.oma.drm.dcf o4a o4v; + application/vnd.oma.drm.message dm; + application/vnd.oma.drm.rights+wbxml drc; + application/vnd.oma.drm.rights+xml dr; + application/vnd.sun.xml.calc sxc; + application/vnd.sun.xml.calc.template stc; + application/vnd.sun.xml.draw sxd; + application/vnd.sun.xml.draw.template std; + application/vnd.sun.xml.impress sxi; + application/vnd.sun.xml.impress.template sti; + application/vnd.sun.xml.math sxm; + application/vnd.sun.xml.writer sxw; + application/vnd.sun.xml.writer.global sxg; + application/vnd.sun.xml.writer.template stw; + application/vnd.symbian.install sis; + application/vnd.wap.mms-message mms; + application/x-annodex anx; + application/x-bcpio bcpio; + application/x-bittorrent torrent; + application/x-bzip2 bz2; + application/x-cdlink vcd; + application/x-chrome-extension crx; + application/x-cpio cpio; + application/x-csh csh; + application/x-director dcr dir dxr; + application/x-dvi dvi; + application/x-futuresplash spl; + application/x-gtar gtar; + application/x-hdf hdf; + application/x-java-jnlp-file jnlp; + application/x-java-pack200 pack; + application/x-killustrator kil; + application/x-latex latex; + application/x-netcdf nc cdf; + application/x-perl pl; + application/x-rpm rpm; + application/x-sh sh; + application/x-shar shar; + application/x-stuffit sit; + application/x-sv4cpio sv4cpio; + application/x-sv4crc sv4crc; + application/x-tar tar; + application/x-tcl tcl; + application/x-tex tex; + application/x-texinfo texinfo texi; + application/x-troff-man man 1 2 3 4 5 6 7 8; + application/x-troff-me me; + application/x-troff-ms ms; + application/x-ustar ustar; + application/x-wais-source src; + application/x-xpinstall xpi; + application/x-xspf+xml xspf; + application/x-xz xz; + audio/midi mid midi kar; + audio/x-aiff aif aiff aifc; + audio/x-annodex axa; + audio/x-flac flac; + audio/x-matroska mka; + audio/x-mod mod ult uni m15 mtm 669 med; + audio/x-mpegurl m3u; + audio/x-ms-wax wax; + audio/x-ms-wma wma; + audio/x-pn-realaudio ram rm; + audio/x-realaudio ra; + audio/x-s3m s3m; + audio/x-stm stm; + audio/x-wav wav; + chemical/x-xyz xyz; + image/webp webp; + image/x-cmu-raster ras; + image/x-portable-anymap pnm; + image/x-portable-bitmap pbm; + image/x-portable-graymap pgm; + image/x-portable-pixmap ppm; + image/x-rgb rgb; + image/x-targa tga; + image/x-xbitmap xbm; + image/x-xpixmap xpm; + image/x-xwindowdump xwd; + text/html-sandboxed sandboxed; + text/x-pod pod; + text/x-setext etx; + video/webm webm; + video/x-annodex axv; + video/x-flv flv; + video/x-javafx fxm; + video/x-matroska mkv; + video/x-matroska-3d mk3d; + video/x-ms-asf asx; + video/x-ms-wm wm; + video/x-ms-wmv wmv; + video/x-ms-wmx wmx; + video/x-ms-wvx wvx; + video/x-msvideo avi; + video/x-sgi-movie movie; + x-conference/x-cooltalk ice; + x-epoc/x-sisx-app sisx; +} diff --git a/nginx/nginx.conf b/nginx/nginx.conf new file mode 100644 index 0000000..83b440c --- /dev/null +++ b/nginx/nginx.conf @@ -0,0 +1,115 @@ +load_module /usr/lib/nginx/modules/ngx_http_js_module.so; +user http; +worker_processes auto; +error_log /var/log/nginx/error.log error; + +events { + worker_connections 1024; + multi_accept on; +} + +http { + sendfile on; + tcp_nopush on; + tcp_nodelay on; + server_tokens off; + + access_log /var/log/nginx/access.log; + include mime.types; + default_type application/octet-stream; + types_hash_max_size 2048; + types_hash_bucket_size 128; + + gzip on; + gzip_vary on; + gzip_comp_level 6; + gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript; + + map $http_upgrade $connection_upgrade { + default upgrade; + '' close; + } + + geo $dollar { + default "$"; # DIRTY HACKS DONE CHEAP + } + + js_import nginx.js; + js_shared_dict_zone zone=auth_token_cache:32k timeout=5m evict; + + server { + listen 80 default_server; + listen [::]:80 default_server; + + default_type text/plain; + root /srv/html; + index index.html; + } + + # dissociate + server { + listen 80; + listen [::]:80; + server_name dissociate.mia.jetzt; + + location / { + proxy_pass http://localhost:8001; + proxy_http_version 1.1; + } + } + + # git + server { + listen 80; + listen [::]:80; + server_name git.mia.jetzt; + root /usr/share/webapps/cgit; + try_files $uri @cgit; + set $required_scope root; + + location ~ /.+/(info/refs|git-upload-pack) { + include fastcgi.conf; + fastcgi_param SCRIPT_FILENAME /usr/lib/git-core/git-http-backend; + fastcgi_param GIT_PROJECT_ROOT /srv/git; + fastcgi_pass unix:/run/fcgiwrap-git.sock; + } + + location @cgit { + include fastcgi.conf; + fastcgi_param SCRIPT_FILENAME /usr/lib/cgit/cgit.cgi; + fastcgi_param CGIT_CONFIG /etc/cgit/public; + fastcgi_pass unix:/run/fcgiwrap-git.sock; + } + + location /priv/ { + %AUTH_CHECK% + rewrite ^/priv/(.*) /$1 break; + include fastcgi.conf; + fastcgi_param SCRIPT_FILENAME /usr/lib/cgit/cgit.cgi; + fastcgi_param CGIT_CONFIG /etc/cgit/private; + fastcgi_pass unix:/run/fcgiwrap-git.sock; + } + + %AUTH_LOCATIONS% + } + + # search + server { + listen 80; + listen [::]:80; + server_name search.mia.jetzt; + + set $required_scope search; + + location / { + %AUTH_CHECK% + proxy_pass http://unix:/run/searxng.sock; + } + + location /opensearch.xml { + proxy_pass http://unix:/run/searxng.sock; + } + + %AUTH_LOCATIONS% + } +} diff --git a/nginx/nginx.js b/nginx/nginx.js new file mode 100644 index 0000000..03b2dae --- /dev/null +++ b/nginx/nginx.js @@ -0,0 +1,49 @@ +/** @type {import('./nginx.d.ts')} */ + +/** @param {NginxHTTPRequest} request */ +async function validate(request) { + if (request.status !== 0) return; + + const token = request.variables.cookie___proxy_token; + + if (token == undefined) { + // missing token + request.return(401); + return; + } + + const cache = ngx.shared.auth_token_cache; + if (cache === undefined) throw "missing shared js cache"; + + const requiredScope = request.variables.required_scope; + if (requiredScope === undefined) throw "missing required scope variable"; + + let scopes = cache.get(token); + + if (scopes === undefined) { + const subrequest = await request.subrequest(`/.nginx/scopes`, { + args: `token=${token}` + }); + + if (subrequest.status !== 200) { + // invalid token + return request.return(401); + } + + scopes = subrequest.responseText.split("\n"); + + cache.set(token, scopes.join(",")); + } else { + scopes = scopes.split(","); + } + + if (scopes.indexOf(requiredScope) === -1) { + return request.return(403); + } + + return request.return(200); +} + +export default { + validate, +} diff --git a/nginx/sync.py b/nginx/sync.py new file mode 100644 index 0000000..b715d41 --- /dev/null +++ b/nginx/sync.py @@ -0,0 +1,59 @@ +import re + +from commia.prelude import * +from commia.ssh import scp, ssh_args, ssh_prewarm +from commia.util import with_written + +spacing_pattern = re.compile(r"([;,{}])$") + +handoff = Path("nginx/handoff.html").read_text().splitlines() +handoff = map(lambda line: line.lstrip("\t"), handoff) +handoff = map(lambda line: spacing_pattern.sub(r"\1 ", line), handoff) +handoff = "".join(handoff).replace('"', '\\"').replace("$", "${dollar}") + +auth_check = """if ($cookie___proxy_token = "") { + return 303 https://$host/.nginx/handoff.html; + } + auth_request /.nginx/auth;""" + +auth_locations = ( + '''location /.nginx/auth { + internal; + js_content nginx.validate; + } + + location /.nginx/scopes { + internal; + proxy_pass http://[::1]:8001/scopes/$arg_token; + } + + location /.nginx/handoff.html { + return 200 "''' + + handoff + + """"; + } + + location /.nginx/cookie { + add_header Set-Cookie "__proxy_token=${arg_token}; max-age=${arg_max_age}; path=/; samesite=strict; httponly; secure"; + return 200; + }""" +) + +nginx_conf = ( + Path("nginx/nginx.conf") + .read_text() + .replace("%AUTH_CHECK%", auth_check) + .replace("%AUTH_LOCATIONS%", auth_locations) +) + +ssh_prewarm("asylum", "secrets@bearer") +with_written( + nginx_conf, + lambda path: scp(path, "asylum:/etc/nginx/nginx.conf"), +) + +for name in ["nginx.js", "mime.types", "fastcgi.conf"]: + scp(f"nginx/{name}", f"asylum:/etc/nginx/{name}") + +if run(p([*ssh_args(), "nginx", "-t"])).returncode == 0: + run_check(p([*ssh_args(), "systemctl", "restart", "nginx"])) diff --git a/nginx/types.sh b/nginx/types.sh new file mode 100755 index 0000000..b670fdb --- /dev/null +++ b/nginx/types.sh @@ -0,0 +1,32 @@ +#!/bin/bash +set -e + +# generates nginx.d.ts from the latest version of njs-types published on npm + +test -d nginx/types && rm -r nginx/types +mkdir nginx/types +test -f nginx/nginx.d.ts && rm nginx/nginx.d.ts + +doc=$(curl https://registry.npmjs.org/njs-types) +ver=$(echo "$doc" | jq -r '."dist-tags".latest') + +echo "downloading $ver" +url=$(echo "$doc" | jq -r .versions.'"'"$ver"'"'.dist.tarball) +curl "$url" | tar xzC nginx/types --strip-components=1 + +echo concatenating +for file in nginx/types/*.d.ts nginx/types/**/*.d.ts; do + name="${file#nginx/types/}" + [ "$name" = "index.d.ts" ] && continue # index.d.ts is just references. lame! + { + echo -e "// $name\n" + sed 's|^/// <reference .*$||' "$file" # filter out xml references + echo + } >> nginx/nginx.d.ts +done +rm -r nginx/types + +if command -v prettier >/dev/null; then + echo formatting + prettier --write nginx/nginx.d.ts +fi |