arch-mirror.home.eckner.net.conf erst mal im git ...

1 files changed, 184 insertions, 0 deletions

diff --git a/arch-mirror.home.eckner.net.conf b/arch-mirror.home.eckner.net.conf
new file mode 100644
index 0000000..3c9d627
--- /dev/null
+++ b/arch-mirror.home.eckner.net.conf
@@ -0,0 +1,184 @@
+resolver 192.168.0.18 192.168.0.13;
+
+server {
+
+    listen [::]:80;
+    listen 80;
+    listen [::]:443 ssl; # managed by Certbot
+    listen 443 ssl; # managed by Certbot
+    ssl_certificate /etc/letsencrypt/live/arch-mirror.home.eckner.net/fullchain.pem; # managed by Certbot
+    ssl_certificate_key /etc/letsencrypt/live/arch-mirror.home.eckner.net/privkey.pem; # managed by Certbot
+    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
+    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
+
+    server_name arch-mirror.home.eckner.net;
+    root        /srv/http/arch-mirror;
+    autoindex   on;
+
+    # Requests for package db, signature files and files db should redirect upstream without caching
+    location ~ /archlinuxewe/os/[^/]+/[^/]+\.(db|sig|files)$ {
+        proxy_pass http://mirrorsewe$request_uri;
+    }
+    location ~ /releng/os/x86_64/([^/]+\.(db|sig|files))$ {
+        proxy_pass http://mirrors32/x86_64/releng/$1;
+    }
+
+    location ~ ^/([^/]+)/archlinuxewe/([^/]+\.(db|sig|files))$ {
+        proxy_pass http://mirrorsewe/archlinuxewe/os/$1/$2;
+    }
+    location ~ /x86_64/[^/]+\.(db|sig|files)$ {
+        proxy_pass http://mirrors$request_uri;
+    }
+    location ~ /(i[46]86|pentium4)/[^/]+/[^/]+\.(db|sig|files)$ {
+        proxy_pass http://mirrors32$request_uri;
+    }
+    location ~ /(arm(|v6h|v7h)|aarch64)/[^/]+/[^/]+\.(db|sig|files)$ {
+        proxy_pass http://mirrorsarm$request_uri;
+    }
+
+    # Requests for actual packages should be served directly from cache if available.
+    #   If not available, retrieve and save the package from an upstream mirror.
+    location ~ /archlinuxewe/os/[^/]+/[^/]+\.tar\.(xz|zst)$ {
+        try_files $uri @pkg_mirrorewe;
+    }
+    location ~ ^/([^/]+)/archlinuxewe/([^/]+\.tar\.(xz|zst))$ {
+        try_files /archlinuxewe/os/$1/$2 @pkg_mirrorewe_reordered;
+    }
+    location ~ ^/(releng)/os/([^/]+)/([^/]+\.tar\.(xz|zst))$ {
+        try_files $uri @pkg_mirror32_reordered;
+    }
+
+    location ~ /x86_64/[^/]+\.tar\.(xz|zst)$ {
+        try_files $uri @pkg_mirror;
+    }
+    location ~ /(i[46]86|pentium4)/[^/]+/[^/]+\.tar\.(xz|zst)$ {
+        try_files $uri @pkg_mirror32;
+    }
+    location ~ /(arm(v[67]h)?|aarch64)/[^/]+/[^/]+\.tar\.(xz|zst)$ {
+        try_files $uri @pkg_mirrorarm;
+    }
+
+    # Retrieve package from upstream mirrors and cache for future requests
+    location @pkg_mirror {
+        proxy_store    on;
+        proxy_redirect off;
+        proxy_store_access  user:rw group:rw all:r;
+        proxy_next_upstream error timeout http_404;
+        proxy_pass          http://mirrors$request_uri;
+    }
+    location @pkg_mirror32 {
+        proxy_store    on;
+        proxy_redirect off;
+        proxy_store_access  user:rw group:rw all:r;
+        proxy_next_upstream error timeout http_404;
+        proxy_pass          http://mirrors32$request_uri;
+    }
+    location @pkg_mirror32_reordered {
+        proxy_store    on;
+        proxy_redirect off;
+        proxy_store_access  user:rw group:rw all:r;
+        proxy_next_upstream error timeout http_404;
+        proxy_pass          http://mirrors32/$2/$1/$3;
+    }
+    location @pkg_mirrorarm {
+        proxy_store    on;
+        proxy_redirect off;
+        proxy_store_access  user:rw group:rw all:r;
+        proxy_next_upstream error timeout http_404;
+        proxy_pass          http://mirrorsarm$request_uri;
+    }
+    location @pkg_mirrorewe {
+        proxy_store    on;
+        proxy_redirect off;
+        proxy_store_access  user:rw group:rw all:r;
+        proxy_next_upstream error timeout http_404;
+        proxy_pass          http://mirrorsewe$request_uri;
+    }
+    location @pkg_mirrorewe_reordered {
+        proxy_store    on;
+        proxy_redirect off;
+        proxy_store_access  user:rw group:rw all:r;
+        proxy_next_upstream error timeout http_404;
+        proxy_pass          http://mirrorsewe/archlinuxewe/os/$1/$2;
+    }
+
+}
+
+# Upstream Arch Linux Mirrors
+# - Configure as many backend mirrors as you want in the blocks below
+# - Servers are used in a round-robin fashion by nginx
+# - Add "backup" if you want to only use the mirror upon failure of the other mirrors
+# - Use separate mirror server blocks to be able to use mirrors that have different paths to the package repos
+upstream mirrors {
+    server 127.0.0.42:8001;
+    server 127.0.0.42:8002 backup;
+    server 127.0.0.42:8003 backup;
+    server 127.0.0.42:8004 backup;
+}
+upstream mirrors32 {
+    server 127.0.0.43:8001;
+}
+upstream mirrorsarm {
+    server 127.0.0.44:8001;
+}
+upstream mirrorsewe {
+    server 127.0.0.45:8001;
+}
+
+# If you want to use an official mirror from /etc/pacman.d/mirrorlist like
+# http://mirror.domain.example/path/to/repo/$repo/os/$arch
+#
+# the proxy_pass directive should look like this
+# proxy_pass http://mirror.domain.example/path/to/repo$request_uri;
+#
+# Notice that $request_uri replaces the /$repo/os/$arch part of
+# the mirror address. See more examples below.
+
+server {
+    listen      127.0.0.42:8001;
+    location / {
+        proxy_pass       https://ftp.gwdg.de/pub/linux/archlinux$request_uri;
+    }
+}
+
+server {
+    listen      127.0.0.42:8002;
+    location / {
+        proxy_pass       https://mirror.f4st.host/archlinux$request_uri;
+    }
+}
+
+server {
+    listen      127.0.0.42:8003;
+    location / {
+        proxy_pass       https://ftp.spline.inf.fu-berlin.de/mirrors/archlinux$request_uri;
+    }
+}
+
+server {
+    listen      127.0.0.42:8004;
+    location / {
+        proxy_pass       https://mirror.pkgbuild.com$request_uri;
+    }
+}
+
+server {
+    listen      127.0.0.43:8001;
+    location / {
+        proxy_pass       https://mirror.archlinux32.org$request_uri;
+    }
+}
+
+server {
+    listen      127.0.0.44:8001;
+    location / {
+        proxy_pass       http://mirror.archlinuxarm.org$request_uri;
+    }
+}
+
+server {
+    listen      127.0.0.45:8001;
+    location / {
+        proxy_pass       https://arch.eckner.net$request_uri;
+    }
+}