alois/Verso
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
c9727a26e4bb379ca74f61bc85a95819c93f26fe
Verso/services/clsi/nginx.conf
T
Jakob Ackermann 666788be70 [clsi] nginx: use a fixed project id for the content domain access check (#33291) 
GitOrigin-RevId: 7801fa001e42b1b96d851f74efff396bc6471980
2026-05-28 08:08:02 +00:00

108 lines
3.1 KiB
Nginx Configuration File
Raw Blame History

# keep in sync with server-ce/nginx/clsi-nginx.conf
server {
add_header 'X-Served-By' 'clsi-nginx' always;
listen 8080;
server_name clsi-nginx;
server_tokens off;
access_log off;
# Ignore symlinks possibly created by users
disable_symlinks on;
# enable compression for tex auxiliary files, but not for pdf files
gzip on;
gzip_types text/plain;
gzip_proxied any;
types {
text/plain log blg aux stdout stderr;
application/pdf pdf;
}
# user content domain access check
location ~ ^/project/0cba050a0cec68384666fad1/user/([0-9a-f]+)/build/([0-9a-f-]+)/output/output\.pdf$ {
if ($request_method = 'OPTIONS') {
# handle OPTIONS method for CORS requests
add_header 'Allow' 'GET,HEAD';
return 204;
}
alias /var/clsi/tiny.pdf;
}
location ~ ^/project/0cba050a0cec68384666fad1/build/([0-9a-f-]+)/output/output\.pdf$ {
if ($request_method = 'OPTIONS') {
# handle OPTIONS method for CORS requests
add_header 'Allow' 'GET,HEAD';
return 204;
}
alias /var/clsi/tiny.pdf;
}
# handle output files for specific users
location ~ ^/project/([0-9a-f]+)/user/([0-9a-f]+)/build/([0-9a-f-]+)/output/(.+)$ {
if ($request_method = 'OPTIONS') {
# handle OPTIONS method for CORS requests
add_header 'Allow' 'GET,HEAD';
return 204;
}
rewrite ^/project/([0-9a-f]+)/user/([0-9a-f]+)/build/([0-9a-f-]+)/output/(.+)$ /$4 break;
root /output/$1-$2/generated-files/$3/;
}
# handle output files for anonymous users
location ~ ^/project/([0-9a-f]+)/build/([0-9a-f-]+)/output/(.+)$ {
if ($request_method = 'OPTIONS') {
# handle OPTIONS method for CORS requests
add_header 'Allow' 'GET,HEAD';
return 204;
}
rewrite ^/project/([0-9a-f]+)/build/([0-9a-f-]+)/output/(.+)$ /$3 break;
root /output/$1/generated-files/$2/;
}
# handle output files for submissions
location ~ ^/project/([a-zA-Z0-9_-]+)/build/([0-9a-f-]+)/output/(.+)$ {
if ($request_method = 'OPTIONS') {
# handle OPTIONS method for CORS requests
add_header 'Allow' 'GET,HEAD';
return 204;
}
rewrite ^/project/([a-zA-Z0-9_-]+)/build/([0-9a-f-]+)/output/(.+)$ /$3 break;
root /output/$1/generated-files/$2/;
}
# PDF range for specific users
location ~ ^/project/([0-9a-f]+)/user/([0-9a-f]+)/content/([0-9a-f-]+/[0-9a-f]+)$ {
if ($request_method = 'OPTIONS') {
# handle OPTIONS method for CORS requests
add_header 'Allow' 'GET,HEAD';
return 204;
}
# Cache for one day
expires 1d;
alias /output/$1-$2/content/$3;
}
# PDF range for anonymous users
location ~ ^/project/([0-9a-f]+)/content/([0-9a-f-]+/[0-9a-f]+)$ {
if ($request_method = 'OPTIONS') {
# handle OPTIONS method for CORS requests
add_header 'Allow' 'GET,HEAD';
return 204;
}
# Cache for one day
expires 1d;
alias /output/$1/content/$2;
}
# status endpoint for haproxy httpchk option
location /status {
return 200;
}
# load shedding probe
location = /instance-state {
alias /var/clsi/instance-state;
}
# Do not look up any non matching files in the default root.
location / {
return 404;
}
}
Reference in New Issue View Git Blame Copy Permalink