[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
02/02: nginx: bayfront: Add redirects for guix-hpc.bordeaux.inria.fr.
From: |
Ludovic Courtès |
Subject: |
02/02: nginx: bayfront: Add redirects for guix-hpc.bordeaux.inria.fr. |
Date: |
Fri, 12 Jul 2019 05:56:17 -0400 (EDT) |
civodul pushed a commit to branch master
in repository maintenance.
commit 46d0444cc6924f63b895a4de0f44161675cfadc0
Author: Ludovic Courtès <address@hidden>
Date: Fri Jul 12 11:55:22 2019 +0200
nginx: bayfront: Add redirects for guix-hpc.bordeaux.inria.fr.
* hydra/nginx/guix-hpc-inria-locations.conf: New file.
* hydra/nginx/bayfront.conf: Use it in the guix-hpc.bordeaux.inria.fr
locations.
* hydra/bayfront.scm (%nginx-config): Include it.
---
hydra/bayfront.scm | 3 +++
hydra/nginx/bayfront.conf | 25 ++++++++++++++++++++++++-
hydra/nginx/guix-hpc-inria-locations.conf | 17 +++++++++++++++++
3 files changed, 44 insertions(+), 1 deletion(-)
diff --git a/hydra/bayfront.scm b/hydra/bayfront.scm
index 0ac365b..4772c40 100644
--- a/hydra/bayfront.scm
+++ b/hydra/bayfront.scm
@@ -47,6 +47,9 @@
(copy-file #$(local-file
"nginx/guix-hpc-locations.conf")
"guix-hpc-locations.conf")
+ (copy-file #$(local-file
+ "nginx/guix-hpc-inria-locations.conf")
+ "guix-hpc-inria-locations.conf")
(substitute* "bayfront-locations.conf"
(("@WWWROOT@")
#$(local-file "nginx/html" #:recursive? #t)))))))
diff --git a/hydra/nginx/bayfront.conf b/hydra/nginx/bayfront.conf
index c772df6..41f8052 100644
--- a/hydra/nginx/bayfront.conf
+++ b/hydra/nginx/bayfront.conf
@@ -125,7 +125,7 @@ http {
listen 80;
server_name guix-hpc.bordeaux.inria.fr;
access_log /var/log/nginx/guix-hpc.access.log;
- include guix-hpc-locations.conf;
+ include guix-hpc-inria-locations.conf;
}
server {
@@ -189,4 +189,27 @@ http {
access_log /var/log/nginx/guix-hpc.access.log;
include guix-hpc-locations.conf;
}
+
+ server {
+ listen 443 ssl;
+ server_name guix-hpc.bordeaux.inria.fr;
+
+ ssl_certificate
/etc/letsencrypt/live/guix-hpc.bordeaux.inria.fr/fullchain.pem;
+ ssl_certificate_key
/etc/letsencrypt/live/guix-hpc.bordeaux.inria.fr/privkey.pem;
+
+ # Make sure SSL is disabled.
+ ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
+
+ # Disable weak cipher suites.
+ ssl_ciphers HIGH:!aNULL:!MD5;
+ ssl_prefer_server_ciphers on;
+
+ # Use our own DH parameters created with:
+ # openssl dhparam -out dhparams.pem 2048
+ # as suggested at <https://weakdh.org/sysadmin.html>.
+ ssl_dhparam /etc/dhparams.pem;
+
+ access_log /var/log/nginx/guix-hpc.access.log;
+ include guix-hpc-inria-locations.conf;
+ }
}
diff --git a/hydra/nginx/guix-hpc-inria-locations.conf
b/hydra/nginx/guix-hpc-inria-locations.conf
new file mode 100644
index 0000000..dcc1248
--- /dev/null
+++ b/hydra/nginx/guix-hpc-inria-locations.conf
@@ -0,0 +1,17 @@
+# Redirects from guix-hpc.bordeaux.inria.fr.
+
+location ~ ^/nix-cache-info$ {
+ return 301 //guix.bordeaux.inria.fr/nix-cache-info;
+}
+
+location ~ /(.*\.narinfo) {
+ return 301 //guix.bordeaux.inria.fr/nix-cache-info;
+}
+
+location ~ /nar/(.*) {
+ return 301 //guix.bordeaux.inria.fr/nar/$1;
+}
+
+location ~ (.*) {
+ return 301 //hpc.guix.info/$1;
+}