chore: move nginx root directive to server block and replace allow all in location block with expected certbot default type #27 (#73)

jchiarulli · web-flow · commit a7b78f8cf4bc · 2024-11-18T16:05:19.000-05:00
diff --git a/pkg/relays/khatru29/nginx_http.go b/pkg/relays/khatru29/nginx_http.go
@@ -34,9 +34,10 @@ server {
     listen [::]:80;
     server_name %s;
 
+    root %s/%s;
+
     location /%s/ {
-        root %s/%s;
-        allow all;
+        default_type "text/plain";
     }
 
     location / {
@@ -80,11 +81,13 @@ server {
     listen [::]:443 ssl http2;
     server_name %s;
 
+    root %s/%s;
+
     location / {
         return 301 http://%s$request_uri;
     }
 }
-`, domainName, network.AcmeChallengeDirPath, network.WWWDirPath, domainName, domainName, domainName)
+`, domainName, network.WWWDirPath, domainName, network.AcmeChallengeDirPath, domainName, network.WWWDirPath, domainName, domainName)
 
 	files.WriteFile(NginxConfigFilePath, configContent, 0644)
 	files.SetOwnerAndGroup(relays.NginxUser, relays.NginxUser, NginxConfigFilePath)
diff --git a/pkg/relays/khatru29/nginx_https.go b/pkg/relays/khatru29/nginx_https.go
@@ -29,6 +29,12 @@ server {
     listen [::]:443 ssl http2;
     server_name %s;
 
+    root %s/%s;
+
+    location /%s/ {
+        default_type "text/plain";
+    }
+
     location / {
         proxy_pass http://khatru29_websocket;
         proxy_http_version 1.1;
@@ -111,16 +117,13 @@ server {
     listen [::]:80;
     server_name %s;
 
-    location /%s/ {
-        root %s/%s;
-        allow all;
-    }
+    root %s/%s;
 
     location / {
         return 301 https://%s$request_uri;
     }
 }
-`, domainName, network.CertificateDirPath, domainName, network.FullchainFile, network.CertificateDirPath, domainName, network.PrivkeyFile, network.CertificateDirPath, domainName, network.ChainFile, domainName, network.AcmeChallengeDirPath, network.WWWDirPath, domainName, domainName)
+`, domainName, network.WWWDirPath, domainName, network.AcmeChallengeDirPath, network.CertificateDirPath, domainName, network.FullchainFile, network.CertificateDirPath, domainName, network.PrivkeyFile, network.CertificateDirPath, domainName, network.ChainFile, domainName, network.WWWDirPath, domainName, domainName)
 
 	files.WriteFile(NginxConfigFilePath, configContent, 0644)
 	files.SetOwnerAndGroup(relays.NginxUser, relays.NginxUser, NginxConfigFilePath)
diff --git a/pkg/relays/khatru_pyramid/nginx_http.go b/pkg/relays/khatru_pyramid/nginx_http.go
@@ -34,9 +34,10 @@ server {
     listen [::]:80;
     server_name %s;
 
+    root %s/%s;
+
     location /%s/ {
-        root %s/%s;
-        allow all;
+        default_type "text/plain";
     }
 
     location / {
@@ -80,11 +81,13 @@ server {
     listen [::]:443 ssl http2;
     server_name %s;
 
+    root %s/%s;
+
     location / {
         return 301 http://%s$request_uri;
     }
 }
-`, domainName, network.AcmeChallengeDirPath, network.WWWDirPath, domainName, domainName, domainName)
+`, domainName, network.WWWDirPath, domainName, network.AcmeChallengeDirPath, domainName, network.WWWDirPath, domainName, domainName)
 
 	files.WriteFile(NginxConfigFilePath, configContent, 0644)
 	files.SetOwnerAndGroup(relays.NginxUser, relays.NginxUser, NginxConfigFilePath)
diff --git a/pkg/relays/khatru_pyramid/nginx_https.go b/pkg/relays/khatru_pyramid/nginx_https.go
@@ -29,6 +29,12 @@ server {
     listen [::]:443 ssl http2;
     server_name %s;
 
+    root %s/%s;
+
+    location /%s/ {
+        default_type "text/plain";
+    }
+
     location / {
         proxy_pass http://khatru_pyramid_websocket;
         proxy_http_version 1.1;
@@ -111,16 +117,13 @@ server {
     listen [::]:80;
     server_name %s;
 
-    location /%s/ {
-        root %s/%s;
-        allow all;
-    }
+    root %s/%s;
 
     location / {
         return 301 https://%s$request_uri;
     }
 }
-`, domainName, network.CertificateDirPath, domainName, network.FullchainFile, network.CertificateDirPath, domainName, network.PrivkeyFile, network.CertificateDirPath, domainName, network.ChainFile, domainName, network.AcmeChallengeDirPath, network.WWWDirPath, domainName, domainName)
+`, domainName, network.WWWDirPath, domainName, network.AcmeChallengeDirPath, network.CertificateDirPath, domainName, network.FullchainFile, network.CertificateDirPath, domainName, network.PrivkeyFile, network.CertificateDirPath, domainName, network.ChainFile, domainName, network.WWWDirPath, domainName, domainName)
 
 	files.WriteFile(NginxConfigFilePath, configContent, 0644)
 	files.SetOwnerAndGroup(relays.NginxUser, relays.NginxUser, NginxConfigFilePath)
diff --git a/pkg/relays/nostr_rs_relay/nginx_http.go b/pkg/relays/nostr_rs_relay/nginx_http.go
@@ -34,9 +34,10 @@ server {
     listen [::]:80;
     server_name %s;
 
+    root %s/%s;
+
     location /%s/ {
-        root %s/%s;
-        allow all;
+        default_type "text/plain";
     }
 
     location / {
@@ -80,11 +81,13 @@ server {
     listen [::]:443 ssl http2;
     server_name %s;
 
+    root %s/%s;
+
     location / {
         return 301 http://%s$request_uri;
     }
 }
-`, domainName, network.AcmeChallengeDirPath, network.WWWDirPath, domainName, domainName, domainName)
+`, domainName, network.WWWDirPath, domainName, network.AcmeChallengeDirPath, domainName, network.WWWDirPath, domainName, domainName)
 
 	files.WriteFile(NginxConfigFilePath, configContent, 0644)
 	files.SetOwnerAndGroup(relays.NginxUser, relays.NginxUser, NginxConfigFilePath)
diff --git a/pkg/relays/nostr_rs_relay/nginx_https.go b/pkg/relays/nostr_rs_relay/nginx_https.go
@@ -29,6 +29,12 @@ server {
     listen [::]:443 ssl http2;
     server_name %s;
 
+    root %s/%s;
+
+    location /%s/ {
+        default_type "text/plain";
+    }
+
     location / {
         proxy_pass http://nostr_rs_relay_websocket;
         proxy_http_version 1.1;
@@ -111,16 +117,13 @@ server {
     listen [::]:80;
     server_name %s;
 
-    location /%s/ {
-        root %s/%s;
-        allow all;
-    }
+    root %s/%s;
 
     location / {
         return 301 https://%s$request_uri;
     }
 }
-`, domainName, network.CertificateDirPath, domainName, network.FullchainFile, network.CertificateDirPath, domainName, network.PrivkeyFile, network.CertificateDirPath, domainName, network.ChainFile, domainName, network.AcmeChallengeDirPath, network.WWWDirPath, domainName, domainName)
+`, domainName, network.WWWDirPath, domainName, network.AcmeChallengeDirPath, network.CertificateDirPath, domainName, network.FullchainFile, network.CertificateDirPath, domainName, network.PrivkeyFile, network.CertificateDirPath, domainName, network.ChainFile, domainName, network.WWWDirPath, domainName, domainName)
 
 	files.WriteFile(NginxConfigFilePath, configContent, 0644)
 	files.SetOwnerAndGroup(relays.NginxUser, relays.NginxUser, NginxConfigFilePath)
diff --git a/pkg/relays/strfry/nginx_http.go b/pkg/relays/strfry/nginx_http.go
@@ -34,9 +34,10 @@ server {
     listen [::]:80;
     server_name %s;
 
+    root %s/%s;
+
     location /%s/ {
-        root %s/%s;
-        allow all;
+        default_type "text/plain";
     }
 
     location / {
@@ -80,11 +81,13 @@ server {
     listen [::]:443 ssl http2;
     server_name %s;
 
+    root %s/%s;
+
     location / {
         return 301 http://%s$request_uri;
     }
 }
-`, domainName, network.AcmeChallengeDirPath, network.WWWDirPath, domainName, domainName, domainName)
+`, domainName, network.WWWDirPath, domainName, network.AcmeChallengeDirPath, domainName, network.WWWDirPath, domainName, domainName)
 
 	files.WriteFile(NginxConfigFilePath, configContent, 0644)
 	files.SetOwnerAndGroup(relays.NginxUser, relays.NginxUser, NginxConfigFilePath)
diff --git a/pkg/relays/strfry/nginx_https.go b/pkg/relays/strfry/nginx_https.go
@@ -29,6 +29,12 @@ server {
     listen [::]:443 ssl http2;
     server_name %s;
 
+    root %s/%s;
+
+    location /%s/ {
+        default_type "text/plain";
+    }
+
     location / {
         proxy_pass http://strfry_websocket;
         proxy_http_version 1.1;
@@ -111,16 +117,13 @@ server {
     listen [::]:80;
     server_name %s;
 
-    location /%s/ {
-        root %s/%s;
-        allow all;
-    }
+    root %s/%s;
 
     location / {
         return 301 https://%s$request_uri;
     }
 }
-`, domainName, network.CertificateDirPath, domainName, network.FullchainFile, network.CertificateDirPath, domainName, network.PrivkeyFile, network.CertificateDirPath, domainName, network.ChainFile, domainName, network.AcmeChallengeDirPath, network.WWWDirPath, domainName, domainName)
+`, domainName, network.WWWDirPath, domainName, network.AcmeChallengeDirPath, network.CertificateDirPath, domainName, network.FullchainFile, network.CertificateDirPath, domainName, network.PrivkeyFile, network.CertificateDirPath, domainName, network.ChainFile, domainName, network.WWWDirPath, domainName, domainName)
 
 	files.WriteFile(NginxConfigFilePath, configContent, 0644)
 	files.SetOwnerAndGroup(relays.NginxUser, relays.NginxUser, NginxConfigFilePath)
diff --git a/pkg/relays/strfry29/nginx_http.go b/pkg/relays/strfry29/nginx_http.go
@@ -34,9 +34,10 @@ server {
     listen [::]:80;
     server_name %s;
 
+    root %s/%s;
+
     location /%s/ {
-        root %s/%s;
-        allow all;
+        default_type "text/plain";
     }
 
     location / {
@@ -80,11 +81,13 @@ server {
     listen [::]:443 ssl http2;
     server_name %s;
 
+    root %s/%s;
+
     location / {
         return 301 http://%s$request_uri;
     }
 }
-`, domainName, network.AcmeChallengeDirPath, network.WWWDirPath, domainName, domainName, domainName)
+`, domainName, network.WWWDirPath, domainName, network.AcmeChallengeDirPath, domainName, network.WWWDirPath, domainName, domainName)
 
 	files.WriteFile(NginxConfigFilePath, configContent, 0644)
 	files.SetOwnerAndGroup(relays.NginxUser, relays.NginxUser, NginxConfigFilePath)
diff --git a/pkg/relays/strfry29/nginx_https.go b/pkg/relays/strfry29/nginx_https.go
@@ -29,6 +29,12 @@ server {
     listen [::]:443 ssl http2;
     server_name %s;
 
+    root %s/%s;
+
+    location /%s/ {
+        default_type "text/plain";
+    }
+
     location / {
         proxy_pass http://strfry29_websocket;
         proxy_http_version 1.1;
@@ -111,16 +117,13 @@ server {
     listen [::]:80;
     server_name %s;
 
-    location /%s/ {
-        root %s/%s;
-        allow all;
-    }
+    root %s/%s;
 
     location / {
         return 301 https://%s$request_uri;
     }
 }
-`, domainName, network.CertificateDirPath, domainName, network.FullchainFile, network.CertificateDirPath, domainName, network.PrivkeyFile, network.CertificateDirPath, domainName, network.ChainFile, domainName, network.AcmeChallengeDirPath, network.WWWDirPath, domainName, domainName)
+`, domainName, network.WWWDirPath, domainName, network.AcmeChallengeDirPath, network.CertificateDirPath, domainName, network.FullchainFile, network.CertificateDirPath, domainName, network.PrivkeyFile, network.CertificateDirPath, domainName, network.ChainFile, domainName, network.WWWDirPath, domainName, domainName)
 
 	files.WriteFile(NginxConfigFilePath, configContent, 0644)
 	files.SetOwnerAndGroup(relays.NginxUser, relays.NginxUser, NginxConfigFilePath)
diff --git a/pkg/relays/wot_relay/nginx_http.go b/pkg/relays/wot_relay/nginx_http.go
@@ -34,9 +34,10 @@ server {
     listen [::]:80;
     server_name %s;
 
+    root %s/%s;
+
     location /%s/ {
-        root %s/%s;
-        allow all;
+        default_type "text/plain";
     }
 
     location / {
@@ -80,11 +81,13 @@ server {
     listen [::]:443 ssl http2;
     server_name %s;
 
+    root %s/%s;
+
     location / {
         return 301 http://%s$request_uri;
     }
 }
-`, domainName, network.AcmeChallengeDirPath, network.WWWDirPath, domainName, domainName, domainName)
+`, domainName, network.WWWDirPath, domainName, network.AcmeChallengeDirPath, domainName, network.WWWDirPath, domainName, domainName)
 
 	files.WriteFile(NginxConfigFilePath, configContent, 0644)
 	files.SetOwnerAndGroup(relays.NginxUser, relays.NginxUser, NginxConfigFilePath)
diff --git a/pkg/relays/wot_relay/nginx_https.go b/pkg/relays/wot_relay/nginx_https.go
@@ -29,6 +29,12 @@ server {
     listen [::]:443 ssl http2;
     server_name %s;
 
+    root %s/%s;
+
+    location /%s/ {
+        default_type "text/plain";
+    }
+
     location / {
         proxy_pass http://wot_relay_websocket;
         proxy_http_version 1.1;
@@ -111,16 +117,13 @@ server {
     listen [::]:80;
     server_name %s;
 
-    location /%s/ {
-        root %s/%s;
-        allow all;
-    }
+    root %s/%s;
 
     location / {
         return 301 https://%s$request_uri;
     }
 }
-`, domainName, network.CertificateDirPath, domainName, network.FullchainFile, network.CertificateDirPath, domainName, network.PrivkeyFile, network.CertificateDirPath, domainName, network.ChainFile, domainName, network.AcmeChallengeDirPath, network.WWWDirPath, domainName, domainName)
+`, domainName, network.WWWDirPath, domainName, network.AcmeChallengeDirPath, network.CertificateDirPath, domainName, network.FullchainFile, network.CertificateDirPath, domainName, network.PrivkeyFile, network.CertificateDirPath, domainName, network.ChainFile, domainName, network.WWWDirPath, domainName, domainName)
 
 	files.WriteFile(NginxConfigFilePath, configContent, 0644)
 	files.SetOwnerAndGroup(relays.NginxUser, relays.NginxUser, NginxConfigFilePath)
