-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathnginx.conf
159 lines (136 loc) · 5.85 KB
/
nginx.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log notice;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
keepalive_timeout 65;
gzip on;
server {
listen 8080;
server_name localhost;
# Unauthenticated index proxy
location / {
proxy_ssl_name $host;
proxy_ssl_server_name on;
proxy_pass https://pypi.org;
}
# Unauthenticated index proxy with relative instead of absolute file links
location /relative/ {
proxy_ssl_name $host;
proxy_ssl_server_name on;
proxy_pass https://pypi.org/;
proxy_set_header Accept-Encoding "";
sub_filter_types *;
sub_filter 'https://files.pythonhosted.org/' '../../../files/';
sub_filter_once off;
}
# Unauthenticated file proxy
location /files/ {
proxy_ssl_name $host;
proxy_ssl_server_name on;
proxy_pass https://files.pythonhosted.org/;
}
# Authenticated index proxy
location /basic-auth/ {
auth_basic "authenticated";
auth_basic_user_file /etc/nginx/htpasswd-heron;
proxy_ssl_name $host;
proxy_ssl_server_name on;
proxy_pass https://pypi.org/;
# We need to disable encoding to perform substitution on responses
proxy_set_header Accept-Encoding "";
# When deployed, we want to substitute the request protocol (i.e. https)
# via `X-Forwarded-Proto` but this is not set during local development
# since there's not a proxy in front of the service.
if ($http_x_forwarded_proto = '') {
set $http_x_forwarded_proto $scheme;
}
sub_filter_types *;
sub_filter 'https://files.pythonhosted.org/' '$http_x_forwarded_proto://$host/basic-auth/files/';
sub_filter_once off;
}
# Authenticated index proxy with relative instead of absolute file links
location /basic-auth/relative/ {
auth_basic "authenticated";
auth_basic_user_file /etc/nginx/htpasswd-heron;
proxy_ssl_name $host;
proxy_ssl_server_name on;
proxy_pass https://pypi.org/;
proxy_set_header Accept-Encoding "";
sub_filter_types *;
sub_filter 'https://files.pythonhosted.org/' '../../../files/';
sub_filter_once off;
}
# Hosted file proxy with authentication
location /basic-auth/files/ {
auth_basic "authenticated";
auth_basic_user_file /etc/nginx/htpasswd-heron;
proxy_ssl_name $host;
proxy_ssl_server_name on;
proxy_pass https://files.pythonhosted.org/;
}
# Authenticated proxy with a different password
location /basic-auth-eagle/ {
auth_basic "authenticated";
auth_basic_user_file /etc/nginx/htpasswd-eagle;
proxy_ssl_name $host;
proxy_ssl_server_name on;
proxy_pass https://pypi.org/;
# We need to disable encoding to perform substitution on responses
proxy_set_header Accept-Encoding "";
# When deployed, we want to substitute the request protocol (i.e. https)
# via `X-Forwarded-Proto` but this is not set during local development
# since there's not a proxy in front of the service.
if ($http_x_forwarded_proto = '') {
set $http_x_forwarded_proto $scheme;
}
sub_filter_types *;
sub_filter 'https://files.pythonhosted.org/' '$http_x_forwarded_proto://$host/basic-auth-eagle/files/';
sub_filter_once off;
}
location /basic-auth-eagle/files/ {
auth_basic "authenticated";
auth_basic_user_file /etc/nginx/htpasswd-eagle;
proxy_ssl_name $host;
proxy_ssl_server_name on;
proxy_pass https://files.pythonhosted.org/;
}
# Same as `basic-auth` but duplicated for parity with `eagle` endpoint
# We retain `/basic-auth` for backwards compatibility.
location /basic-auth-heron/ {
auth_basic "authenticated";
auth_basic_user_file /etc/nginx/htpasswd-heron;
proxy_ssl_name $host;
proxy_ssl_server_name on;
proxy_pass https://pypi.org/;
# We need to disable encoding to perform substitution on responses
proxy_set_header Accept-Encoding "";
# When deployed, we want to substitute the request protocol (i.e. https)
# via `X-Forwarded-Proto` but this is not set during local development
# since there's not a proxy in front of the service.
if ($http_x_forwarded_proto = '') {
set $http_x_forwarded_proto $scheme;
}
sub_filter_types *;
sub_filter 'https://files.pythonhosted.org/' '$http_x_forwarded_proto://$host/basic-auth-heron/files/';
sub_filter_once off;
}
location /basic-auth-heron/files/ {
auth_basic "authenticated";
auth_basic_user_file /etc/nginx/htpasswd-heron;
proxy_ssl_name $host;
proxy_ssl_server_name on;
proxy_pass https://files.pythonhosted.org/;
}
}
}