From 5713cf126cd3754e89269d8889cec6f842916ef3 Mon Sep 17 00:00:00 2001 From: Erich Eckner Date: Thu, 24 Sep 2020 00:13:17 +0200 Subject: arch-mirror.home.eckner.net.conf erst mal im git ... --- arch-mirror.home.eckner.net.conf | 184 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 184 insertions(+) create mode 100644 arch-mirror.home.eckner.net.conf diff --git a/arch-mirror.home.eckner.net.conf b/arch-mirror.home.eckner.net.conf new file mode 100644 index 0000000..3c9d627 --- /dev/null +++ b/arch-mirror.home.eckner.net.conf @@ -0,0 +1,184 @@ +resolver 192.168.0.18 192.168.0.13; + +server { + + listen [::]:80; + listen 80; + listen [::]:443 ssl; # managed by Certbot + listen 443 ssl; # managed by Certbot + ssl_certificate /etc/letsencrypt/live/arch-mirror.home.eckner.net/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/arch-mirror.home.eckner.net/privkey.pem; # managed by Certbot + include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot + ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot + + server_name arch-mirror.home.eckner.net; + root /srv/http/arch-mirror; + autoindex on; + + # Requests for package db, signature files and files db should redirect upstream without caching + location ~ /archlinuxewe/os/[^/]+/[^/]+\.(db|sig|files)$ { + proxy_pass http://mirrorsewe$request_uri; + } + location ~ /releng/os/x86_64/([^/]+\.(db|sig|files))$ { + proxy_pass http://mirrors32/x86_64/releng/$1; + } + + location ~ ^/([^/]+)/archlinuxewe/([^/]+\.(db|sig|files))$ { + proxy_pass http://mirrorsewe/archlinuxewe/os/$1/$2; + } + location ~ /x86_64/[^/]+\.(db|sig|files)$ { + proxy_pass http://mirrors$request_uri; + } + location ~ /(i[46]86|pentium4)/[^/]+/[^/]+\.(db|sig|files)$ { + proxy_pass http://mirrors32$request_uri; + } + location ~ /(arm(|v6h|v7h)|aarch64)/[^/]+/[^/]+\.(db|sig|files)$ { + proxy_pass http://mirrorsarm$request_uri; + } + + # Requests for actual packages should be served directly from cache if available. + # If not available, retrieve and save the package from an upstream mirror. + location ~ /archlinuxewe/os/[^/]+/[^/]+\.tar\.(xz|zst)$ { + try_files $uri @pkg_mirrorewe; + } + location ~ ^/([^/]+)/archlinuxewe/([^/]+\.tar\.(xz|zst))$ { + try_files /archlinuxewe/os/$1/$2 @pkg_mirrorewe_reordered; + } + location ~ ^/(releng)/os/([^/]+)/([^/]+\.tar\.(xz|zst))$ { + try_files $uri @pkg_mirror32_reordered; + } + + location ~ /x86_64/[^/]+\.tar\.(xz|zst)$ { + try_files $uri @pkg_mirror; + } + location ~ /(i[46]86|pentium4)/[^/]+/[^/]+\.tar\.(xz|zst)$ { + try_files $uri @pkg_mirror32; + } + location ~ /(arm(v[67]h)?|aarch64)/[^/]+/[^/]+\.tar\.(xz|zst)$ { + try_files $uri @pkg_mirrorarm; + } + + # Retrieve package from upstream mirrors and cache for future requests + location @pkg_mirror { + proxy_store on; + proxy_redirect off; + proxy_store_access user:rw group:rw all:r; + proxy_next_upstream error timeout http_404; + proxy_pass http://mirrors$request_uri; + } + location @pkg_mirror32 { + proxy_store on; + proxy_redirect off; + proxy_store_access user:rw group:rw all:r; + proxy_next_upstream error timeout http_404; + proxy_pass http://mirrors32$request_uri; + } + location @pkg_mirror32_reordered { + proxy_store on; + proxy_redirect off; + proxy_store_access user:rw group:rw all:r; + proxy_next_upstream error timeout http_404; + proxy_pass http://mirrors32/$2/$1/$3; + } + location @pkg_mirrorarm { + proxy_store on; + proxy_redirect off; + proxy_store_access user:rw group:rw all:r; + proxy_next_upstream error timeout http_404; + proxy_pass http://mirrorsarm$request_uri; + } + location @pkg_mirrorewe { + proxy_store on; + proxy_redirect off; + proxy_store_access user:rw group:rw all:r; + proxy_next_upstream error timeout http_404; + proxy_pass http://mirrorsewe$request_uri; + } + location @pkg_mirrorewe_reordered { + proxy_store on; + proxy_redirect off; + proxy_store_access user:rw group:rw all:r; + proxy_next_upstream error timeout http_404; + proxy_pass http://mirrorsewe/archlinuxewe/os/$1/$2; + } + +} + +# Upstream Arch Linux Mirrors +# - Configure as many backend mirrors as you want in the blocks below +# - Servers are used in a round-robin fashion by nginx +# - Add "backup" if you want to only use the mirror upon failure of the other mirrors +# - Use separate mirror server blocks to be able to use mirrors that have different paths to the package repos +upstream mirrors { + server 127.0.0.42:8001; + server 127.0.0.42:8002 backup; + server 127.0.0.42:8003 backup; + server 127.0.0.42:8004 backup; +} +upstream mirrors32 { + server 127.0.0.43:8001; +} +upstream mirrorsarm { + server 127.0.0.44:8001; +} +upstream mirrorsewe { + server 127.0.0.45:8001; +} + +# If you want to use an official mirror from /etc/pacman.d/mirrorlist like +# http://mirror.domain.example/path/to/repo/$repo/os/$arch +# +# the proxy_pass directive should look like this +# proxy_pass http://mirror.domain.example/path/to/repo$request_uri; +# +# Notice that $request_uri replaces the /$repo/os/$arch part of +# the mirror address. See more examples below. + +server { + listen 127.0.0.42:8001; + location / { + proxy_pass https://ftp.gwdg.de/pub/linux/archlinux$request_uri; + } +} + +server { + listen 127.0.0.42:8002; + location / { + proxy_pass https://mirror.f4st.host/archlinux$request_uri; + } +} + +server { + listen 127.0.0.42:8003; + location / { + proxy_pass https://ftp.spline.inf.fu-berlin.de/mirrors/archlinux$request_uri; + } +} + +server { + listen 127.0.0.42:8004; + location / { + proxy_pass https://mirror.pkgbuild.com$request_uri; + } +} + +server { + listen 127.0.0.43:8001; + location / { + proxy_pass https://mirror.archlinux32.org$request_uri; + } +} + +server { + listen 127.0.0.44:8001; + location / { + proxy_pass http://mirror.archlinuxarm.org$request_uri; + } +} + +server { + listen 127.0.0.45:8001; + location / { + proxy_pass https://arch.eckner.net$request_uri; + } +} -- cgit v1.2.3-54-g00ecf