On Mon, Oct 07, 2019 at 10:15:03AM +0200, pelzflorian (Florian Pelz) wrote:
> (Redirects of
> non-html URLs are wrong and nginx does not run with this config,
> perhaps I should use rewrite instead of try_files. I can try later
> today.)
>
I changed the patch and while nginx loads, redirects for files without
html suffix still fail. I will stop and wait for smarter people with
more nginx experience. Attached is the current patch and changes I
make to berlin for testing in a local VM using
GUILE_LOAD_PATH=$(readlink -f ~/git/maintenance/hydra/modules):$GUILE_LOAD_PATH
guix system vm-image --image-size=14G berlin.scm --fallback
Regards,
Florian
>From ef1d268cd75219c18ef098389a8ea5ef460ee542 Mon Sep 17 00:00:00 2001
From: Florian Pelz <pelzflor...@pelzflorian.de>
Date: Tue, 8 Oct 2019 08:30:59 +0200
Subject: [PATCH] berlin: Redirect to localized website depending on
Accept-Language header.
* hydra/nginx/berlin.scm (guix.gnu.org-locations): Redirect html URLs.
(%nginx-configuration): Load required nginx dynamic module.
---
hydra/nginx/berlin.scm | 19 ++++++++++++++++++-
1 file changed, 18 insertions(+), 1 deletion(-)
diff --git a/hydra/nginx/berlin.scm b/hydra/nginx/berlin.scm
index df90873..c716103 100644
--- a/hydra/nginx/berlin.scm
+++ b/hydra/nginx/berlin.scm
@@ -1,6 +1,7 @@
;; Nginx configuration for ci.guix.info
-(use-modules (gnu services web))
+(use-modules (gnu packages web-xyz)
+ (gnu services web))
;; TODO: these settings cannot currently expressed with Guix:
@@ -462,6 +463,16 @@ PUBLISH-URL."
(nginx-location-configuration
(uri "~ \\.pdf$") ;*.pdf at the top level
(body (list "root /srv/guix-pdfs;")))
+ (nginx-location-configuration
+ (uri "~ (.*)/$")
+ (body (list
+ "try_files $1/index.html =404;")))
+ (nginx-location-configuration
+ (uri "~ (.html|.htm)$")
+ (body (list
+ ;; put en first so it is the default:
+ "set_from_accept_language $lang en de;"
+ "try_files /$lang/$uri $uri =404;")))
(nginx-location-configuration ;certbot
(uri "/.well-known")
@@ -758,5 +769,11 @@ PUBLISH-URL."
(define %nginx-configuration
(nginx-configuration
(server-blocks %berlin-servers)
+ (load-modules
+ (list
+ ;; We need this module for redirecting users to the localized
+ ;; website of their choice.
+ (file-append nginx-mod-accept-language "\
+/etc/nginx/modules/ngx_http_accept_language_module.so")))
(extra-content
(string-join %extra-content "\n"))))
--
2.23.0
diff --git a/hydra/berlin.scm b/hydra/berlin.scm
index 172c9cd..d965770 100644
--- a/hydra/berlin.scm
+++ b/hydra/berlin.scm
@@ -90,29 +90,29 @@ Happy hacking!\n"))
;; The root file system resides on just a single
;; disk, no RAID :-/
(file-system
- (device (file-system-label "my-root"))
+ (device "/dev/sda");(file-system-label "my-root"))
(mount-point "/")
(type "ext4"))
- ;; This is a large external storage array
- ;; connected via 2 HBA cards. We only mount it
- ;; through one of the HBA cards. We would need
- ;; to use multipathd otherwise.
- (file-system
- (device (uuid "a6455b66-59d2-40bd-bddb-0c572bb62a2f"))
- (mount-point "/gnu")
- (type "ext4"))
- ;; Bind mount cache to large external storage.
- (file-system
- (device "/gnu/cache")
- (mount-point "/var/cache")
- (flags '(bind-mount))
- (type "none"))
- ;; Access root file system without bind mounts.
- (file-system
- (device "/")
- (mount-point "/mnt/root-fs")
- (flags '(bind-mount))
- (type "none"))
+ ;; ;; This is a large external storage array
+ ;; ;; connected via 2 HBA cards. We only mount it
+ ;; ;; through one of the HBA cards. We would need
+ ;; ;; to use multipathd otherwise.
+ ;; (file-system
+ ;; (device (uuid "a6455b66-59d2-40bd-bddb-0c572bb62a2f"))
+ ;; (mount-point "/gnu")
+ ;; (type "ext4"))
+ ;; ;; Bind mount cache to large external storage.
+ ;; (file-system
+ ;; (device "/gnu/cache")
+ ;; (mount-point "/var/cache")
+ ;; (flags '(bind-mount))
+ ;; (type "none"))
+ ;; ;; Access root file system without bind mounts.
+ ;; (file-system
+ ;; (device "/")
+ ;; (mount-point "/mnt/root-fs")
+ ;; (flags '(bind-mount))
+ ;; (type "none"))
%base-file-systems))
;; Local admin account for MDC maintenance.
@@ -134,129 +134,118 @@ Happy hacking!\n"))
(services (cons*
;; Connection to the DMZ for public access
;; This is a 1G port only
- (static-networking-service "eno1"
- "141.80.181.41"
- #:netmask "255.255.255.0"
- #:gateway "141.80.181.1")
- ;; This is a 10G port.
- (static-networking-service "enp129s0f0"
- "141.80.181.40"
- #:netmask "255.255.255.0")
- ;; Connection to build nodes
- (static-networking-service "eno3"
- "141.80.167.131"
- #:netmask "255.255.255.192")
-
- ;; Allow login over serial console.
- (agetty-service (agetty-configuration
- (tty "ttyS0")
- (baud-rate "115200")))
-
- ;; DNS
- (service knot-service-type
- (knot-configuration
- (zones (list (knot-zone-configuration
- (domain "guix.gnu.org")
- (master '("bayfront-master"))
- (acl '("notify-allow")))))
- (acls (list (knot-acl-configuration
- (id "notify-allow")
- (address (list bayfront-ip4))
- (action '(notify)))))
- (remotes (list (knot-remote-configuration
- (id "bayfront-master")
- (address (list bayfront-ip4)))))))
-
- ;; Monitoring
- (service zabbix-agent-service-type)
- (service zabbix-server-service-type
- (zabbix-server-configuration
- (include-files '("/root/zabbix-pass"))))
- (service zabbix-front-end-service-type
- (zabbix-front-end-configuration
- (nginx (list
- (nginx-server-configuration
- (root #~(string-append
#$zabbix-server:front-end "/share/zabbix/php"))
- (listen '("127.0.0.1:7878"))
- (index '("index.php"))
- (locations
- (let ((php-location (nginx-php-location)))
- (list (nginx-location-configuration
- (inherit php-location)
- (body (append
(nginx-location-configuration-body php-location)
- (list "
-fastcgi_param PHP_VALUE \"post_max_size = 16M
- max_execution_time = 300\";
-"))))))))))
- (db-secret-file "/root/zabbix-front-end-secrets")))
-
- ;; For the Zabbix database. It was created by manually
- ;; following the instructions here:
- ;;
https://www.zabbix.com/documentation/3.0/manual/appendix/install/db_scripts
- (postgresql-service)
+ (service dhcp-client-service-type)
+;;
+;; ;; Allow login over serial console.
+;; (agetty-service (agetty-configuration
+;; (tty "ttyS0")
+;; (baud-rate "115200")))
+;;
+;; ;; DNS
+;; (service knot-service-type
+;; (knot-configuration
+;; (zones (list (knot-zone-configuration
+;; (domain "guix.gnu.org")
+;; (master '("bayfront-master"))
+;; (acl '("notify-allow")))))
+;; (acls (list (knot-acl-configuration
+;; (id "notify-allow")
+;; (address (list bayfront-ip4))
+;; (action '(notify)))))
+;; (remotes (list (knot-remote-configuration
+;; (id "bayfront-master")
+;; (address (list bayfront-ip4)))))))
+;;
+;; ;; Monitoring
+;; (service zabbix-agent-service-type)
+;; (service zabbix-server-service-type
+;; (zabbix-server-configuration
+;; (include-files '("/root/zabbix-pass"))))
+;; (service zabbix-front-end-service-type
+;; (zabbix-front-end-configuration
+;; (nginx (list
+;; (nginx-server-configuration
+;; (root #~(string-append
#$zabbix-server:front-end "/share/zabbix/php"))
+;; (listen '("127.0.0.1:7878"))
+;; (index '("index.php"))
+;; (locations
+;; (let ((php-location (nginx-php-location)))
+;; (list (nginx-location-configuration
+;; (inherit php-location)
+;; (body (append
(nginx-location-configuration-body php-location)
+;; (list "
+;; fastcgi_param PHP_VALUE \"post_max_size = 16M
+;; max_execution_time = 300\";
+;; "))))))))))
+;; (db-secret-file "/root/zabbix-front-end-secrets")))
+;;
+;; ;; For the Zabbix database. It was created by manually
+;; ;; following the instructions here:
+;; ;;
https://www.zabbix.com/documentation/3.0/manual/appendix/install/db_scripts
+;; (postgresql-service)
(service ntp-service-type)
- ;; Make SSH and HTTP/HTTPS available over Tor.
- (tor-hidden-service "http"
- '((22 "127.0.0.1:22")
- (80 "127.0.0.1:80")
- (443 "127.0.0.1:443")))
- (service tor-service-type)
-
+ ;; ;; Make SSH and HTTP/HTTPS available over Tor.
+ ;; (tor-hidden-service "http"
+ ;; '((22 "127.0.0.1:22")
+ ;; (80 "127.0.0.1:80")
+ ;; (443 "127.0.0.1:443")))
+ ;; (service tor-service-type)
+ ;;
(service nginx-service-type %nginx-configuration)
;; Runnning guix.gnu.org.
(service static-web-site-service-type
(static-web-site-configuration
(git-url
-
"https://git.savannah.gnu.org/git/guix/guix-artwork.git";)
+ "git://pelzflorian.de/guix-artwork.git")
(directory "/srv/guix.gnu.org")
(build-file "website/.guix.scm")))
- ;; 'wip-i18n' branch of guix.gnu.org.
- (service static-web-site-service-type
- (static-web-site-configuration
- (git-url
-
"https://git.savannah.gnu.org/git/guix/guix-artwork.git";)
- (git-ref '(branch . "wip-i18n"))
- (directory "/srv/guix.gnu.org-i18n")
- (build-file "website/.guix.scm")
- (cache-directory "guix.gnu.org-i18n") ;avoid collision
- (environment-variables
- '(("GUIX_WEB_SITE_ROOT_PATH" . "/.i18n")))))
-
- ;; Manual for the latest stable release.
- (service static-web-site-service-type
- (static-web-site-configuration
- (git-url "https://git.savannah.gnu.org/git/guix.git";)
- (git-ref '(branch . "version-1.0.1"))
- (directory "/srv/guix-manual")
- (build-file "doc/build.scm")
- (environment-variables
- '(("GUIX_MANUAL_VERSION" . "1.0.1")
- ("GUIX_WEB_SITE_URL" . "/")))))
-
- ;; Manual for 'master'.
- (service static-web-site-service-type
- (static-web-site-configuration
- (git-url "https://git.savannah.gnu.org/git/guix.git";)
- (directory "/srv/guix-manual-devel")
-
- ;; XXX: Use a different cache directory to work around
- ;; the fact that (guix git) would use a same-named
- ;; checkout directory for 'master' and for the branch
- ;; above. Since both mcron jobs run at the same time,
- ;; they would end up using one branch or the other, in
- ;; a non-deterministic way.
- (cache-directory "guix-master-manual")
-
- (build-file "doc/build.scm")
- (environment-variables
- '(("GUIX_WEB_SITE_URL" . "/")))))
-
- ;; GWL web site.
- (service gwl-web-service-type)
+ ;; ;; 'wip-i18n' branch of guix.gnu.org.
+ ;; (service static-web-site-service-type
+ ;; (static-web-site-configuration
+ ;; (git-url
+ ;;
"https://git.savannah.gnu.org/git/guix/guix-artwork.git";)
+ ;; (git-ref '(branch . "wip-i18n"))
+ ;; (directory "/srv/guix.gnu.org-i18n")
+ ;; (build-file "website/.guix.scm")
+ ;; (cache-directory "guix.gnu.org-i18n") ;avoid
collision
+ ;; (environment-variables
+ ;; '(("GUIX_WEB_SITE_ROOT_PATH" . "/.i18n")))))
+ ;;
+ ;; ;; Manual for the latest stable release.
+ ;; (service static-web-site-service-type
+ ;; (static-web-site-configuration
+ ;; (git-url "https://git.savannah.gnu.org/git/guix.git";)
+ ;; (git-ref '(branch . "version-1.0.1"))
+ ;; (directory "/srv/guix-manual")
+ ;; (build-file "doc/build.scm")
+ ;; (environment-variables
+ ;; '(("GUIX_MANUAL_VERSION" . "1.0.1")
+ ;; ("GUIX_WEB_SITE_URL" . "/")))))
+ ;;
+ ;; ;; Manual for 'master'.
+ ;; (service static-web-site-service-type
+ ;; (static-web-site-configuration
+ ;; (git-url "https://git.savannah.gnu.org/git/guix.git";)
+ ;; (directory "/srv/guix-manual-devel")
+ ;;
+ ;; ;; XXX: Use a different cache directory to work
around
+ ;; ;; the fact that (guix git) would use a same-named
+ ;; ;; checkout directory for 'master' and for the branch
+ ;; ;; above. Since both mcron jobs run at the same
time,
+ ;; ;; they would end up using one branch or the other,
in
+ ;; ;; a non-deterministic way.
+ ;; (cache-directory "guix-master-manual")
+ ;;
+ ;; (build-file "doc/build.scm")
+ ;; (environment-variables
+ ;; '(("GUIX_WEB_SITE_URL" . "/")))))
+ ;;
+ ;; ;; GWL web site.
+ ;; (service gwl-web-service-type)
(frontend-services %sysadmins
#:systems '("x86_64-linux" "i686-linux"
diff --git a/hydra/modules/sysadmin/services.scm
b/hydra/modules/sysadmin/services.scm
index 943df8a..a7c63bc 100644
--- a/hydra/modules/sysadmin/services.scm
+++ b/hydra/modules/sysadmin/services.scm
@@ -90,19 +90,19 @@
(define* (guix-daemon-config #:key (max-jobs 5) (cores 4))
(guix-configuration
;; Disable substitutes altogether.
- (use-substitutes? #f)
- (substitute-urls '())
- (authorized-keys '())
-
- ;; We don't want to let builds get stuck for too long, but we still want
- ;; to allow building, say, Guile 2.2 on armhf-linux, which takes < 3h on
- ;; an OverDrive 1000.
- (max-silent-time 3600)
- (timeout (* 6 3600))
-
- (log-compression 'gzip) ;be friendly to 'guix publish' users
-
- (build-accounts (* 2 max-jobs))
+ ;; (use-substitutes? #f)
+ ;; (substitute-urls '())
+ ;; (authorized-keys '())
+ ;;
+ ;; ;; We don't want to let builds get stuck for too long, but we still want
+ ;; ;; to allow building, say, Guile 2.2 on armhf-linux, which takes < 3h on
+ ;; ;; an OverDrive 1000.
+ ;; (max-silent-time 3600)
+ ;; (timeout (* 6 3600))
+ ;;
+ ;; (log-compression 'gzip) ;be friendly to 'guix publish'
users
+ ;;
+ ;; (build-accounts (* 2 max-jobs))
(extra-options (list "--max-jobs" (number->string max-jobs)
"--cores" (number->string cores)
"--cache-failures"
@@ -261,27 +261,27 @@
(mcron-configuration
(jobs (cons %certbot-job %gc-jobs))))
- firewall-service
-
- ;; The Web service.
- (service guix-publish-service-type
- (guix-publish-configuration
- (port 3000)
- (cache "/var/cache/guix/publish")
- (ttl nar-ttl)
- (compression '(("gzip" 9) ("lzip" 9)))
- (workers publish-workers)))
+ ;; firewall-service
+ ;;
+ ;; ;; The Web service.
+ ;; (service guix-publish-service-type
+ ;; (guix-publish-configuration
+ ;; (port 3000)
+ ;; (cache "/var/cache/guix/publish")
+ ;; (ttl nar-ttl)
+ ;; (compression '(("gzip" 9) ("lzip" 9)))
+ ;; (workers publish-workers)))
%nginx-mime-types
%nginx-cache-activation
- (service cuirass-service-type
- (cuirass-configuration
- (interval (* 5 60))
- (ttl (quotient nar-ttl 2))
- (specifications (cuirass-specs systems))))
-
- (service openssh-service-type)
+ ;; (service cuirass-service-type
+ ;; (cuirass-configuration
+ ;; (interval (* 5 60))
+ ;; (ttl (quotient nar-ttl 2))
+ ;; (specifications (cuirass-specs systems))))
+ ;;
+ ;; (service openssh-service-type)
(service sysadmin-service-type sysadmins)
(append (if nginx-config-file
@@ -290,9 +290,9 @@
(file nginx-config-file))))
'())
(modify-services %base-services
- (guix-service-type
- config => (guix-daemon-config #:max-jobs max-jobs
- #:cores cores))
+ ;; (guix-service-type
+ ;; config => (guix-daemon-config #:max-jobs max-jobs
+ ;; #:cores cores))
(login-service-type
config => (login-configuration
(inherit config)
diff --git a/hydra/nginx/berlin.scm b/hydra/nginx/berlin.scm
index c716103..fa2d13b 100644
--- a/hydra/nginx/berlin.scm
+++ b/hydra/nginx/berlin.scm
@@ -491,27 +491,27 @@ PUBLISH-URL."
(define %berlin-servers
(list
;; Plain HTTP
- (nginx-server-configuration
- (listen '("80"))
- (server-name '("berlin.guixsd.org"
- "ci.guix.info"
- "ci.guix.gnu.org"))
- (locations (berlin-locations %publish-url))
- (raw-content
- (list
- "access_log /var/log/nginx/http.access.log;"
- "proxy_set_header X-Forwarded-Host $host;"
- "proxy_set_header X-Forwarded-Port $server_port;"
- "proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;")))
-
- (nginx-server-configuration
- (listen '("80"))
- (server-name '("bootstrappable.org"
- "www.bootstrappable.org"))
- (root "/home/rekado/bootstrappable.org")
- (raw-content
- (list
- "access_log /var/log/nginx/bootstrappable.access.log;")))
+ ;; (nginx-server-configuration
+ ;; (listen '("80"))
+ ;; (server-name '("berlin.guixsd.org"
+ ;; "ci.guix.info"
+ ;; "ci.guix.gnu.org"))
+ ;; (locations (berlin-locations %publish-url))
+ ;; (raw-content
+ ;; (list
+ ;; "access_log /var/log/nginx/http.access.log;"
+ ;; "proxy_set_header X-Forwarded-Host $host;"
+ ;; "proxy_set_header X-Forwarded-Port $server_port;"
+ ;; "proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;")))
+ ;;
+ ;; (nginx-server-configuration
+ ;; (listen '("80"))
+ ;; (server-name '("bootstrappable.org"
+ ;; "www.bootstrappable.org"))
+ ;; (root "/home/rekado/bootstrappable.org")
+ ;; (raw-content
+ ;; (list
+ ;; "access_log /var/log/nginx/bootstrappable.access.log;")))
(nginx-server-configuration
(listen '("80"))
@@ -522,192 +522,194 @@ PUBLISH-URL."
(list
"access_log /var/log/nginx/guix-info.access.log;")))
- (nginx-server-configuration
- (listen '("80"))
- (server-name '("guix.info"
- "www.guix.info"))
- (locations guix.info-locations)
- (raw-content
- (append
- %tls-settings
- (list
- "access_log /var/log/nginx/guix-info.https.access.log;"))))
-
- (nginx-server-configuration
- (listen '("80"))
- (server-name '("issues.guix.info"
- "issues.guix.gnu.org"))
- (root "/home/rekado/mumi/")
- (locations
- (list (nginx-location-configuration ;certbot
- (uri "/.well-known")
- (body (list "root /var/www;")))
- (nginx-location-configuration
- (uri "/")
- (body '("proxy_pass http://localhost:1234;";)))))
- (raw-content
- (list
- "access_log /var/log/nginx/issues-guix-info.access.log;")))
-
- (nginx-server-configuration
- (listen '("80"))
- (server-name '("workflows.guix.info"
- "workflow.guix.info"
- "guixwl.org"
- "www.guixwl.org"))
- (root "/home/rekado/gwl/")
- (locations
- (list (nginx-location-configuration ;certbot
- (uri "/.well-known")
- (body (list "root /var/www;")))
-
- ;; Pass requests to 'guix workflow --web-interface'.
- (nginx-location-configuration
- (uri "/")
- (body '("proxy_pass http://localhost:5000;";)))))
- (raw-content
- (list
- "access_log /var/log/nginx/workflows-guix-info.access.log;")))
-
- ;; HTTPS servers
- (nginx-server-configuration
- (listen '("443 ssl"))
- (server-name '("berlin.guixsd.org"
- "ci.guix.info"
- "ci.guix.gnu.org"))
- (ssl-certificate (le "berlin.guixsd.org"))
- (ssl-certificate-key (le "berlin.guixsd.org" 'key))
- (locations (berlin-locations %publish-url))
- (raw-content
- (append
- %tls-settings
- (list
- "access_log /var/log/nginx/https.access.log;"
- "proxy_set_header X-Forwarded-Host $host;"
- "proxy_set_header X-Forwarded-Port $server_port;"
- "proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;"))))
-
- (nginx-server-configuration
- (listen '("443 ssl"))
- (server-name '("qualif.ci.guix.gnu.org"))
- (locations (berlin-locations "http://localhost:3003";))
- (raw-content
- (append %tls-settings
- '("access_log /var/log/nginx/qualif.access.log;"))))
-
- (nginx-server-configuration
- (listen '("443 ssl"))
- (server-name '("bootstrappable.org"
- "www.bootstrappable.org"))
- (ssl-certificate (le "bootstrappable.org"))
- (ssl-certificate-key (le "bootstrappable.org" 'key))
- (root "/home/rekado/bootstrappable.org")
- (raw-content
- (append
- %tls-settings
- (list
- "access_log /var/log/nginx/bootstrappable.https.access.log;"))))
-
- (nginx-server-configuration
- (listen '("443 ssl"))
- (server-name '("guix.info"
- "www.guix.info"))
- (ssl-certificate (le "guix.info"))
- (ssl-certificate-key (le "guix.info" 'key))
- (locations guix.info-locations)
- (raw-content
- (append
- %tls-settings
- (list
- "access_log /var/log/nginx/guix-info.https.access.log;"))))
-
- (nginx-server-configuration
- (listen '("443 ssl"))
- (server-name '("guix.gnu.org"))
- (ssl-certificate (le "guix.gnu.org"))
- (ssl-certificate-key (le "guix.gnu.org" 'key))
- (root "/srv/guix.gnu.org")
- (locations guix.gnu.org-locations)
- (raw-content
- (append
- %tls-settings
- (list
- "access_log /var/log/nginx/guix-gnu-org.https.access.log;"))))
-
- (nginx-server-configuration
- (listen '("443 ssl"))
- (server-name '("issues.guix.info"))
- (ssl-certificate (le "issues.guix.info"))
- (ssl-certificate-key (le "issues.guix.info" 'key))
- (root "/home/rekado/mumi/")
- (locations
- (list (nginx-location-configuration
- (uri "/")
- (body '("proxy_pass http://localhost:1234;";)))))
- (raw-content
- (append
- %tls-settings
- (list
- "proxy_set_header X-Forwarded-Host $host;"
- "proxy_set_header X-Forwarded-Port $server_port;"
- "proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;"
- "proxy_connect_timeout 600;"
- "proxy_send_timeout 600;"
- "proxy_read_timeout 600;"
- "send_timeout 600;"
- "access_log /var/log/nginx/issues-guix-info.https.access.log;"))))
-
- (nginx-server-configuration
- (listen '("443 ssl"))
- (server-name '("issues.guix.gnu.org"))
- (ssl-certificate (le "issues.guix.gnu.org"))
- (ssl-certificate-key (le "issues.guix.gnu.org" 'key))
- (root "/home/rekado/mumi/")
- (locations
- (list (nginx-location-configuration
- (uri "/")
- (body '("proxy_pass http://localhost:1234;";)))))
- (raw-content
- (append
- %tls-settings
- (list
- "proxy_set_header X-Forwarded-Host $host;"
- "proxy_set_header X-Forwarded-Port $server_port;"
- "proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;"
- "proxy_connect_timeout 600;"
- "proxy_send_timeout 600;"
- "proxy_read_timeout 600;"
- "send_timeout 600;"
- "access_log /var/log/nginx/issues-guix-gnu-org.https.access.log;"))))
-
- (nginx-server-configuration
- (listen '("443 ssl"))
- (server-name '("workflows.guix.info"
- "workflow.guix.info"
- "guixwl.org"
- "www.guixwl.org"))
- (ssl-certificate (le "www.guixwl.org"))
- (ssl-certificate-key (le "www.guixwl.org" 'key))
- (root "/home/rekado/gwl/")
- (locations
- (list (nginx-location-configuration
- (uri "/")
- (body '("proxy_pass http://localhost:5000;";)))))
- (raw-content
- (append
- %tls-settings
- (list
- "proxy_set_header X-Forwarded-Host $host;"
- "proxy_set_header X-Forwarded-Port $server_port;"
- "proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;"
- "proxy_connect_timeout 600;"
- "proxy_send_timeout 600;"
- "proxy_read_timeout 600;"
- "send_timeout 600;"
- "access_log /var/log/nginx/workflows-guix-info.https.access.log;"))))))
+ ;; (nginx-server-configuration
+ ;; (listen '("80"))
+ ;; (server-name '("guix.info"
+ ;; "www.guix.info"))
+ ;; (locations guix.info-locations)
+ ;; (raw-content
+ ;; (append
+ ;; %tls-settings
+ ;; (list
+ ;; "access_log /var/log/nginx/guix-info.https.access.log;"))))
+ ;;
+ ;; (nginx-server-configuration
+ ;; (listen '("80"))
+ ;; (server-name '("issues.guix.info"
+ ;; "issues.guix.gnu.org"))
+ ;; (root "/home/rekado/mumi/")
+ ;; (locations
+ ;; (list (nginx-location-configuration ;certbot
+ ;; (uri "/.well-known")
+ ;; (body (list "root /var/www;")))
+ ;; (nginx-location-configuration
+ ;; (uri "/")
+ ;; (body '("proxy_pass http://localhost:1234;";)))))
+ ;; (raw-content
+ ;; (list
+ ;; "access_log /var/log/nginx/issues-guix-info.access.log;")))
+ ;;
+ ;; (nginx-server-configuration
+ ;; (listen '("80"))
+ ;; (server-name '("workflows.guix.info"
+ ;; "workflow.guix.info"
+ ;; "guixwl.org"
+ ;; "www.guixwl.org"))
+ ;; (root "/home/rekado/gwl/")
+ ;; (locations
+ ;; (list (nginx-location-configuration ;certbot
+ ;; (uri "/.well-known")
+ ;; (body (list "root /var/www;")))
+ ;;
+ ;; ;; Pass requests to 'guix workflow --web-interface'.
+ ;; (nginx-location-configuration
+ ;; (uri "/")
+ ;; (body '("proxy_pass http://localhost:5000;";)))))
+ ;; (raw-content
+ ;; (list
+ ;; "access_log /var/log/nginx/workflows-guix-info.access.log;")))
+ ;;
+ ;; ;; HTTPS servers
+ ;; (nginx-server-configuration
+ ;; (listen '("80"))
+ ;; (server-name '("berlin.guixsd.org"
+ ;; "ci.guix.info"
+ ;; "ci.guix.gnu.org"))
+ ;; ;;(ssl-certificate (le "berlin.guixsd.org"))
+ ;; ;;(ssl-certificate-key (le "berlin.guixsd.org" 'key))
+ ;; (locations (berlin-locations %publish-url))
+ ;; (raw-content
+ ;; (append
+ ;; %tls-settings
+ ;; (list
+ ;; "access_log /var/log/nginx/https.access.log;"
+ ;; "proxy_set_header X-Forwarded-Host $host;"
+ ;; "proxy_set_header X-Forwarded-Port $server_port;"
+ ;; "proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;"))))
+ ;;
+ ;; (nginx-server-configuration
+ ;; (listen '("80"))
+ ;; (server-name '("qualif.ci.guix.gnu.org"))
+ ;; (locations (berlin-locations "http://localhost:3003";))
+ ;; (raw-content
+ ;; (append %tls-settings
+ ;; '("access_log /var/log/nginx/qualif.access.log;"))))
+ ;;
+ ;; (nginx-server-configuration
+ ;; (listen '("80"))
+ ;; (server-name '("bootstrappable.org"
+ ;; "www.bootstrappable.org"))
+ ;; ;;(ssl-certificate (le "bootstrappable.org"))
+ ;; ;;(ssl-certificate-key (le "bootstrappable.org" 'key))
+ ;; (root "/home/rekado/bootstrappable.org")
+ ;; (raw-content
+ ;; (append
+ ;; %tls-settings
+ ;; (list
+ ;; "access_log /var/log/nginx/bootstrappable.https.access.log;"))))
+ ;;
+ ;; (nginx-server-configuration
+ ;; (listen '("80"))
+ ;; (server-name '("guix.info"
+ ;; "www.guix.info"))
+ ;; ;;(ssl-certificate (le "guix.info"))
+ ;; ;;(ssl-certificate-key (le "guix.info" 'key))
+ ;; (locations guix.info-locations)
+ ;; (raw-content
+ ;; (append
+ ;; %tls-settings
+ ;; (list
+ ;; "access_log /var/log/nginx/guix-info.https.access.log;"))))
+
+ ;; (nginx-server-configuration
+ ;; (listen '("80"))
+ ;; (server-name '("guix.gnu.org"))
+ ;; ;;(ssl-certificate (le "guix.gnu.org"))
+ ;; ;;(ssl-certificate-key (le "guix.gnu.org" 'key))
+ ;; (root "/srv/guix.gnu.org")
+ ;; (locations guix.gnu.org-locations)
+ ;; (raw-content
+ ;; (append
+ ;; %tls-settings
+ ;; (list
+ ;; "access_log /var/log/nginx/guix-gnu-org.https.access.log;"))))
+ ;;
+ ;; (nginx-server-configuration
+ ;; (listen '("80"))
+ ;; (server-name '("issues.guix.info"))
+ ;; ;;(ssl-certificate (le "issues.guix.info"))
+ ;; ;;(ssl-certificate-key (le "issues.guix.info" 'key))
+ ;; (root "/home/rekado/mumi/")
+ ;; (locations
+ ;; (list (nginx-location-configuration
+ ;; (uri "/")
+ ;; (body '("proxy_pass http://localhost:1234;";)))))
+ ;; (raw-content
+ ;; (append
+ ;; %tls-settings
+ ;; (list
+ ;; "proxy_set_header X-Forwarded-Host $host;"
+ ;; "proxy_set_header X-Forwarded-Port $server_port;"
+ ;; "proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;"
+ ;; "proxy_connect_timeout 600;"
+ ;; "proxy_send_timeout 600;"
+ ;; "proxy_read_timeout 600;"
+ ;; "send_timeout 600;"
+ ;; "access_log /var/log/nginx/issues-guix-info.https.access.log;"))))
+ ;;
+ ;; (nginx-server-configuration
+ ;; (listen '("80"))
+ ;; (server-name '("issues.guix.gnu.org"))
+ ;; ;;(ssl-certificate (le "issues.guix.gnu.org"))
+ ;; ;;(ssl-certificate-key (le "issues.guix.gnu.org" 'key))
+ ;; (root "/home/rekado/mumi/")
+ ;; (locations
+ ;; (list (nginx-location-configuration
+ ;; (uri "/")
+ ;; (body '("proxy_pass http://localhost:1234;";)))))
+ ;; (raw-content
+ ;; (append
+ ;; %tls-settings
+ ;; (list
+ ;; "proxy_set_header X-Forwarded-Host $host;"
+ ;; "proxy_set_header X-Forwarded-Port $server_port;"
+ ;; "proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;"
+ ;; "proxy_connect_timeout 600;"
+ ;; "proxy_send_timeout 600;"
+ ;; "proxy_read_timeout 600;"
+ ;; "send_timeout 600;"
+ ;; "access_log /var/log/nginx/issues-guix-gnu-org.https.access.log;"))))
+ ;;
+ ;; (nginx-server-configuration
+ ;; (listen '("80"))
+ ;; (server-name '("workflows.guix.info"
+ ;; "workflow.guix.info"
+ ;; "guixwl.org"
+ ;; "www.guixwl.org"))
+ ;; ;;(ssl-certificate (le "www.guixwl.org"))
+ ;; ;;(ssl-certificate-key (le "www.guixwl.org" 'key))
+ ;; (root "/home/rekado/gwl/")
+ ;; (locations
+ ;; (list (nginx-location-configuration
+ ;; (uri "/")
+ ;; (body '("proxy_pass http://localhost:5000;";)))))
+ ;; (raw-content
+ ;; (append
+ ;; %tls-settings
+ ;; (list
+ ;; "proxy_set_header X-Forwarded-Host $host;"
+ ;; "proxy_set_header X-Forwarded-Port $server_port;"
+ ;; "proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;"
+ ;; "proxy_connect_timeout 600;"
+ ;; "proxy_send_timeout 600;"
+ ;; "proxy_read_timeout 600;"
+ ;; "send_timeout 600;"
+ ;; "access_log
/var/log/nginx/workflows-guix-info.https.access.log;"))))))
+ ))
(define %extra-content
(list
+ "server_names_hash_bucket_size 64;" ;hack does not belong here
"default_type application/octet-stream;"
"sendfile on;"
