diff options
author | Erich Eckner <git@eckner.net> | 2020-09-24 00:13:17 +0200 |
---|---|---|
committer | Erich Eckner <git@eckner.net> | 2020-09-24 00:13:17 +0200 |
commit | 5713cf126cd3754e89269d8889cec6f842916ef3 (patch) | |
tree | b46d5b89df2caf0e1ad5edb322f4e03641a1c76b /arch-mirror.home.eckner.net.conf | |
parent | 1edbbbbef3eac44d3a5b08a35c003f8e7d1ae292 (diff) | |
download | arch-mirror-5713cf126cd3754e89269d8889cec6f842916ef3.tar.xz |
arch-mirror.home.eckner.net.conf erst mal im git ...
Diffstat (limited to 'arch-mirror.home.eckner.net.conf')
-rw-r--r-- | arch-mirror.home.eckner.net.conf | 184 |
1 files changed, 184 insertions, 0 deletions
diff --git a/arch-mirror.home.eckner.net.conf b/arch-mirror.home.eckner.net.conf new file mode 100644 index 0000000..3c9d627 --- /dev/null +++ b/arch-mirror.home.eckner.net.conf @@ -0,0 +1,184 @@ +resolver 192.168.0.18 192.168.0.13; + +server { + + listen [::]:80; + listen 80; + listen [::]:443 ssl; # managed by Certbot + listen 443 ssl; # managed by Certbot + ssl_certificate /etc/letsencrypt/live/arch-mirror.home.eckner.net/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/arch-mirror.home.eckner.net/privkey.pem; # managed by Certbot + include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot + ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot + + server_name arch-mirror.home.eckner.net; + root /srv/http/arch-mirror; + autoindex on; + + # Requests for package db, signature files and files db should redirect upstream without caching + location ~ /archlinuxewe/os/[^/]+/[^/]+\.(db|sig|files)$ { + proxy_pass http://mirrorsewe$request_uri; + } + location ~ /releng/os/x86_64/([^/]+\.(db|sig|files))$ { + proxy_pass http://mirrors32/x86_64/releng/$1; + } + + location ~ ^/([^/]+)/archlinuxewe/([^/]+\.(db|sig|files))$ { + proxy_pass http://mirrorsewe/archlinuxewe/os/$1/$2; + } + location ~ /x86_64/[^/]+\.(db|sig|files)$ { + proxy_pass http://mirrors$request_uri; + } + location ~ /(i[46]86|pentium4)/[^/]+/[^/]+\.(db|sig|files)$ { + proxy_pass http://mirrors32$request_uri; + } + location ~ /(arm(|v6h|v7h)|aarch64)/[^/]+/[^/]+\.(db|sig|files)$ { + proxy_pass http://mirrorsarm$request_uri; + } + + # Requests for actual packages should be served directly from cache if available. + # If not available, retrieve and save the package from an upstream mirror. + location ~ /archlinuxewe/os/[^/]+/[^/]+\.tar\.(xz|zst)$ { + try_files $uri @pkg_mirrorewe; + } + location ~ ^/([^/]+)/archlinuxewe/([^/]+\.tar\.(xz|zst))$ { + try_files /archlinuxewe/os/$1/$2 @pkg_mirrorewe_reordered; + } + location ~ ^/(releng)/os/([^/]+)/([^/]+\.tar\.(xz|zst))$ { + try_files $uri @pkg_mirror32_reordered; + } + + location ~ /x86_64/[^/]+\.tar\.(xz|zst)$ { + try_files $uri @pkg_mirror; + } + location ~ /(i[46]86|pentium4)/[^/]+/[^/]+\.tar\.(xz|zst)$ { + try_files $uri @pkg_mirror32; + } + location ~ /(arm(v[67]h)?|aarch64)/[^/]+/[^/]+\.tar\.(xz|zst)$ { + try_files $uri @pkg_mirrorarm; + } + + # Retrieve package from upstream mirrors and cache for future requests + location @pkg_mirror { + proxy_store on; + proxy_redirect off; + proxy_store_access user:rw group:rw all:r; + proxy_next_upstream error timeout http_404; + proxy_pass http://mirrors$request_uri; + } + location @pkg_mirror32 { + proxy_store on; + proxy_redirect off; + proxy_store_access user:rw group:rw all:r; + proxy_next_upstream error timeout http_404; + proxy_pass http://mirrors32$request_uri; + } + location @pkg_mirror32_reordered { + proxy_store on; + proxy_redirect off; + proxy_store_access user:rw group:rw all:r; + proxy_next_upstream error timeout http_404; + proxy_pass http://mirrors32/$2/$1/$3; + } + location @pkg_mirrorarm { + proxy_store on; + proxy_redirect off; + proxy_store_access user:rw group:rw all:r; + proxy_next_upstream error timeout http_404; + proxy_pass http://mirrorsarm$request_uri; + } + location @pkg_mirrorewe { + proxy_store on; + proxy_redirect off; + proxy_store_access user:rw group:rw all:r; + proxy_next_upstream error timeout http_404; + proxy_pass http://mirrorsewe$request_uri; + } + location @pkg_mirrorewe_reordered { + proxy_store on; + proxy_redirect off; + proxy_store_access user:rw group:rw all:r; + proxy_next_upstream error timeout http_404; + proxy_pass http://mirrorsewe/archlinuxewe/os/$1/$2; + } + +} + +# Upstream Arch Linux Mirrors +# - Configure as many backend mirrors as you want in the blocks below +# - Servers are used in a round-robin fashion by nginx +# - Add "backup" if you want to only use the mirror upon failure of the other mirrors +# - Use separate mirror server blocks to be able to use mirrors that have different paths to the package repos +upstream mirrors { + server 127.0.0.42:8001; + server 127.0.0.42:8002 backup; + server 127.0.0.42:8003 backup; + server 127.0.0.42:8004 backup; +} +upstream mirrors32 { + server 127.0.0.43:8001; +} +upstream mirrorsarm { + server 127.0.0.44:8001; +} +upstream mirrorsewe { + server 127.0.0.45:8001; +} + +# If you want to use an official mirror from /etc/pacman.d/mirrorlist like +# http://mirror.domain.example/path/to/repo/$repo/os/$arch +# +# the proxy_pass directive should look like this +# proxy_pass http://mirror.domain.example/path/to/repo$request_uri; +# +# Notice that $request_uri replaces the /$repo/os/$arch part of +# the mirror address. See more examples below. + +server { + listen 127.0.0.42:8001; + location / { + proxy_pass https://ftp.gwdg.de/pub/linux/archlinux$request_uri; + } +} + +server { + listen 127.0.0.42:8002; + location / { + proxy_pass https://mirror.f4st.host/archlinux$request_uri; + } +} + +server { + listen 127.0.0.42:8003; + location / { + proxy_pass https://ftp.spline.inf.fu-berlin.de/mirrors/archlinux$request_uri; + } +} + +server { + listen 127.0.0.42:8004; + location / { + proxy_pass https://mirror.pkgbuild.com$request_uri; + } +} + +server { + listen 127.0.0.43:8001; + location / { + proxy_pass https://mirror.archlinux32.org$request_uri; + } +} + +server { + listen 127.0.0.44:8001; + location / { + proxy_pass http://mirror.archlinuxarm.org$request_uri; + } +} + +server { + listen 127.0.0.45:8001; + location / { + proxy_pass https://arch.eckner.net$request_uri; + } +} |