resolver 192.168.0.18 192.168.0.13; server { listen [::]:80; listen 80; server_name *.arch-mirror.home.eckner.net; root /srv/http/arch-mirror; autoindex on; # Requests for package db, signature files and files db should redirect upstream without caching location ~ /archlinuxewe/os/([^/]+)/([^/]+\.(db|sig|files))$ { proxy_next_upstream error timeout http_404; proxy_pass http://mirrorsewe/os/$1/$2; } location ~ /releng/os/x86_64/([^/]+\.(db|sig|files))$ { proxy_next_upstream error timeout http_404; proxy_pass http://mirrors32/x86_64/releng/$1; } location ~ ^/([^/]+)/archlinuxewe/([^/]+\.(db|sig|files))$ { proxy_next_upstream error timeout http_404; proxy_pass http://mirrorsewe/os/$1/$2; } location ~ /x86_64/[^/]+\.(db|sig|files)$ { proxy_next_upstream error timeout http_404; proxy_pass http://mirrors$request_uri; } location ~ /(i[46]86|pentium4)/[^/]+/[^/]+\.(db|sig|files)$ { proxy_next_upstream error timeout http_404; proxy_pass http://mirrors32$request_uri; } location ~ /(arm(|v6h|v7h)|aarch64)/[^/]+/[^/]+\.(db|sig|files)$ { proxy_next_upstream error timeout http_404; proxy_pass http://mirrorsarm$request_uri; } } server { listen [::]:80; listen 80; listen [::]:443 ssl ipv6only=on; # managed by Certbot listen 443 ssl; # managed by Certbot ssl_certificate /etc/letsencrypt/live/arch-mirror.home.eckner.net/fullchain.pem; # managed by Certbot ssl_certificate_key /etc/letsencrypt/live/arch-mirror.home.eckner.net/privkey.pem; # managed by Certbot include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot server_name arch-mirror.home.eckner.net; root /srv/http/arch-mirror; autoindex on; # Requests for package db, signature files and files db should redirect upstream without caching location ~ /archlinuxewe/os/([^/]+)/([^/]+\.(db|sig|files))$ { proxy_next_upstream error timeout http_404; proxy_pass http://mirrorsewe/os/$1/$2; } location ~ /releng/os/x86_64/([^/]+\.(db|sig|files))$ { proxy_next_upstream error timeout http_404; proxy_pass http://mirrors32/x86_64/releng/$1; } location ~ ^/([^/]+)/archlinuxewe/([^/]+\.(db|sig|files))$ { proxy_next_upstream error timeout http_404; proxy_pass http://mirrorsewe/os/$1/$2; } location ~ /x86_64/[^/]+\.(db|sig|files)$ { proxy_next_upstream error timeout http_404; proxy_pass http://mirrors$request_uri; } location ~ /(i[46]86|pentium4)/[^/]+/[^/]+\.(db|sig|files)$ { proxy_next_upstream error timeout http_404; proxy_pass http://mirrors32$request_uri; } location ~ /(arm(|v6h|v7h)|aarch64)/[^/]+/[^/]+\.(db|sig|files)$ { proxy_next_upstream error timeout http_404; proxy_pass http://mirrorsarm$request_uri; } # Requests for actual packages should be served directly from cache if available. # If not available, retrieve and save the package from an upstream mirror. location ~ /archlinuxewe/os/([^/]+)/([^/]+\.tar\.(xz|zst))$ { try_files $uri @caches @pkg_mirrorewe; } location ~ ^/([^/]+)/archlinuxewe/([^/]+\.tar\.(xz|zst))$ { try_files /archlinuxewe/os/$1/$2 @caches_reordered @pkg_mirrorewe; } location ~ ^/(releng)/os/([^/]+)/([^/]+\.tar\.(xz|zst))$ { try_files $uri @caches @pkg_mirror32_reordered; } location ~ /x86_64/[^/]+\.tar\.(xz|zst)$ { try_files $uri @caches @pkg_mirror; } location ~ /(i[46]86|pentium4)/[^/]+/[^/]+\.tar\.(xz|zst)$ { try_files $uri @caches @pkg_mirror32; } location ~ /(arm(v[67]h)?|aarch64)/[^/]+/[^/]+\.tar\.(xz|zst)$ { try_files $uri @caches @pkg_mirrorarm; } # Retrieve package from cache of another local mirror location @caches { proxy_store on; proxy_redirect off; proxy_store_access user:rw group:rw all:r; proxy_next_upstream error timeout http_404; proxy_pass http://caches$request_uri; } location @caches_reordered { proxy_store on; proxy_redirect off; proxy_store_access user:rw group:rw all:r; proxy_next_upstream error timeout http_404; proxy_pass http://caches/$2/$1/$3; } # Retrieve package from upstream mirrors and cache for future requests location @pkg_mirror { proxy_store on; proxy_redirect off; proxy_store_access user:rw group:rw all:r; proxy_next_upstream error timeout http_404; proxy_pass http://mirrors$request_uri; } location @pkg_mirror32 { proxy_store on; proxy_redirect off; proxy_store_access user:rw group:rw all:r; proxy_next_upstream error timeout http_404; proxy_pass http://mirrors32$request_uri; } location @pkg_mirror32_reordered { proxy_store on; proxy_redirect off; proxy_store_access user:rw group:rw all:r; proxy_next_upstream error timeout http_404; proxy_pass http://mirrors32/$2/$1/$3; } location @pkg_mirrorarm { proxy_store on; proxy_redirect off; proxy_store_access user:rw group:rw all:r; proxy_next_upstream error timeout http_404; proxy_pass http://mirrorsarm$request_uri; } location @pkg_mirrorewe { proxy_store on; proxy_redirect off; proxy_store_access user:rw group:rw all:r; proxy_next_upstream error timeout http_404; proxy_pass http://mirrorsewe/os/$1/$2; } } # other local mirrors upstream caches { server 0.arch-mirror.eckner.net:80; server 1.arch-mirror.eckner.net:80; server 2.arch-mirror.eckner.net:80; server 3.arch-mirror.eckner.net:80; server 4.arch-mirror.eckner.net:80; server 5.arch-mirror.eckner.net:80; } # Upstream Arch Linux Mirrors # - Configure as many backend mirrors as you want in the blocks below # - Servers are used in a round-robin fashion by nginx # - Add "backup" if you want to only use the mirror upon failure of the other mirrors # - Use separate mirror server blocks to be able to use mirrors that have different paths to the package repos upstream mirrors { server 127.0.0.42:8001; server 127.0.0.42:8002 backup; server 127.0.0.42:8003 backup; server 127.0.0.42:8004 backup; } upstream mirrors32 { server 127.0.0.43:8001; server 127.0.0.43:8002 backup; server 127.0.0.43:8003 backup; } upstream mirrorsarm { server 127.0.0.44:8001; server 127.0.0.44:8002; server 127.0.0.44:8003; server 127.0.0.44:8004; server 127.0.0.44:8005; server 127.0.0.44:8006; server 127.0.0.44:8007; server 127.0.0.44:8008; server 127.0.0.44:8009; server 127.0.0.44:8010; server 127.0.0.44:8011; server 127.0.0.44:8012; server 127.0.0.44:8013; server 127.0.0.44:8014; server 127.0.0.44:8015; server 127.0.0.44:8016; server 127.0.0.44:8017; server 127.0.0.44:8018; server 127.0.0.44:8019; server 127.0.0.44:8020; } upstream mirrorsewe { server 127.0.0.45:8001; } # If you want to use an official mirror from /etc/pacman.d/mirrorlist like # http://mirror.domain.example/path/to/repo/$repo/os/$arch # # the proxy_pass directive should look like this # proxy_pass http://mirror.domain.example/path/to/repo$request_uri; # # Notice that $request_uri replaces the /$repo/os/$arch part of # the mirror address. See more examples below. server { listen 127.0.0.42:8001; location / { proxy_pass https://ftp.gwdg.de/pub/linux/archlinux$request_uri; proxy_intercept_errors on; error_page 302 403 409 =404 /error.html; } location /error.html { root /srv/http; } } server { listen 127.0.0.42:8002; location / { proxy_pass https://mirror.f4st.host/archlinux$request_uri; proxy_intercept_errors on; error_page 302 403 409 =404 /error.html; } location /error.html { root /srv/http; } } server { listen 127.0.0.42:8003; location / { proxy_pass https://ftp.spline.inf.fu-berlin.de/mirrors/archlinux$request_uri; proxy_intercept_errors on; error_page 302 403 409 =404 /error.html; } location /error.html { root /srv/http; } } server { listen 127.0.0.42:8004; location / { proxy_pass https://mirror.pkgbuild.com$request_uri; proxy_intercept_errors on; error_page 302 403 409 =404 /error.html; } location /error.html { root /srv/http; } } server { listen 127.0.0.43:8001; location / { proxy_pass https://mirror.archlinux32.org$request_uri; proxy_intercept_errors on; error_page 302 403 409 =404 /error.html; } location /error.html { root /srv/http; } } server { listen 127.0.0.43:8002; location / { proxy_pass https://mirror.yandex.ru/archlinux32$request_uri; proxy_intercept_errors on; error_page 302 403 409 =404 /error.html; } location /error.html { root /srv/http; } } server { listen 127.0.0.43:8003; location / { proxy_pass https://archlinux32.andreasbaumann.cc$request_uri; proxy_intercept_errors on; error_page 302 403 409 =404 /error.html; } location /error.html { root /srv/http; } } server { listen 127.0.0.44:8001; location / { proxy_pass http://mirror.archlinuxarm.org$request_uri; proxy_intercept_errors on; error_page 302 403 409 =404 /error.html; } location /error.html { root /srv/http; } } server { listen 127.0.0.44:8002; location / { proxy_pass http://au.mirror.archlinuxarm.org$request_uri; proxy_intercept_errors on; error_page 302 403 409 =404 /error.html; } location /error.html { root /srv/http; } } server { listen 127.0.0.44:8003; location / { proxy_pass http://br.mirror.archlinuxarm.org$request_uri; proxy_intercept_errors on; error_page 302 403 409 =404 /error.html; } location /error.html { root /srv/http; } } server { listen 127.0.0.44:8004; location / { proxy_pass http://dk.mirror.archlinuxarm.org$request_uri; proxy_intercept_errors on; error_page 302 403 409 =404 /error.html; } location /error.html { root /srv/http; } } server { listen 127.0.0.44:8005; location / { proxy_pass http://de3.mirror.archlinuxarm.org$request_uri; proxy_intercept_errors on; error_page 302 403 409 =404 /error.html; } location /error.html { root /srv/http; } } server { listen 127.0.0.44:8006; location / { proxy_pass http://de.mirror.archlinuxarm.org$request_uri; proxy_intercept_errors on; error_page 302 403 409 =404 /error.html; } location /error.html { root /srv/http; } } server { listen 127.0.0.44:8007; location / { proxy_pass http://de4.mirror.archlinuxarm.org$request_uri; proxy_intercept_errors on; error_page 302 403 409 =404 /error.html; } location /error.html { root /srv/http; } } server { listen 127.0.0.44:8008; location / { proxy_pass http://eu.mirror.archlinuxarm.org$request_uri; proxy_intercept_errors on; error_page 302 403 409 =404 /error.html; } location /error.html { root /srv/http; } } server { listen 127.0.0.44:8009; location / { proxy_pass http://de5.mirror.archlinuxarm.org$request_uri; proxy_intercept_errors on; error_page 302 403 409 =404 /error.html; } location /error.html { root /srv/http; } } server { listen 127.0.0.44:8010; location / { proxy_pass http://gr.mirror.archlinuxarm.org$request_uri; proxy_intercept_errors on; error_page 302 403 409 =404 /error.html; } location /error.html { root /srv/http; } } server { listen 127.0.0.44:8011; location / { proxy_pass http://sg.mirror.archlinuxarm.org$request_uri; proxy_intercept_errors on; error_page 302 403 409 =404 /error.html; } location /error.html { root /srv/http; } } server { listen 127.0.0.44:8012; location / { proxy_pass http://za.mirror.archlinuxarm.org$request_uri; proxy_intercept_errors on; error_page 302 403 409 =404 /error.html; } location /error.html { root /srv/http; } } server { listen 127.0.0.44:8013; location / { proxy_pass http://tw.mirror.archlinuxarm.org$request_uri; proxy_intercept_errors on; error_page 302 403 409 =404 /error.html; } location /error.html { root /srv/http; } } server { listen 127.0.0.44:8014; location / { proxy_pass http://ca.us.mirror.archlinuxarm.org$request_uri; proxy_intercept_errors on; error_page 302 403 409 =404 /error.html; } location /error.html { root /srv/http; } } server { listen 127.0.0.44:8015; location / { proxy_pass http://fl.us.mirror.archlinuxarm.org$request_uri; proxy_intercept_errors on; error_page 302 403 409 =404 /error.html; } location /error.html { root /srv/http; } } server { listen 127.0.0.44:8016; location / { proxy_pass http://il.us.mirror.archlinuxarm.org$request_uri; proxy_intercept_errors on; error_page 302 403 409 =404 /error.html; } location /error.html { root /srv/http; } } server { listen 127.0.0.44:8017; location / { proxy_pass http://nj.us.mirror.archlinuxarm.org$request_uri; proxy_intercept_errors on; error_page 302 403 409 =404 /error.html; } location /error.html { root /srv/http; } } server { listen 127.0.0.45:8001; location / { proxy_pass https://arch.eckner.net$request_uri; proxy_intercept_errors on; error_page 302 403 409 =404 /error.html; } location /error.html { root /srv/http; } }