{% set host = salt['grains.get']('host') %}
{% set ip4_private = salt['grains.get']('ipv4_interfaces:private[0]') %}
include:
- role.common.nginx
nginx:
ng:
server:
config:
http:
client_max_body_size: 8m
gzip_static: 'on'
gzip_min_length: 1000
gzip_proxied:
- expired
- no-cache
- no-store
- private
- auth
gzip_types:
- text/plain
- text/css
- application/xml
- application/x-javascript
worker_processes: 4
servers:
managed:
keyserver.opensuse.org.conf:
config:
- server:
- listen:
- 80
- default_server
- listen:
- {{ ip4_private }}:11371
- default_server
- server_name: keyserver.opensuse.org
- server_name: {{ host }}.opensuse.org
- server_name: '*.sks-keyservers.net'
- server_name: '*.pool.sks-keyservers.net'
- server_name: pgp.mit.edu
- server_name: keys.gnupg.net
- root: /srv/www/htdocs
- rewrite: ^/stats /pks/lookup?op=stats
- rewrite: ^/s/(.*) /pks/lookup?search=$1
- rewrite: ^/search/(.*) /pks/lookup?search=$1
- rewrite: ^/g/(.*) /pks/lookup?op=get&search=$1
- rewrite: ^/get/(.*) /pks/lookup?op=get&search=$1
- rewrite: ^/hashquery /pks/hashquery
- rewrite: ^/hashquery/(.*) /pks/hashquery/$1
- rewrite: ^/d/(.*) /pks/lookup?op=get&options=mr&search=$1
- rewrite: ^/download/(.*) /pks/lookup?op=get&options=mr&search=$1
- expires: 1y
- add_header: Pragma public
- add_header: Cache-Control "public"
- location /check.txt:
- root: /srv/www/htdocs
- access_log: 'off'
- location /:
- root: /srv/www/htdocs
- index:
- index.html
- index.htm
- location /pks:
- proxy_pass: http://127.0.0.1:11371
- proxy_pass_header: Server
- add_header: Via "1.1 {{ host }}.opensuse.org:11371"
- proxy_ignore_client_abort: 'on'
- client_max_body_size: 8m
- error_page: 500 502 503 504 /50x.html
- location = /50x.html:
- root: /srv/www/htdocs
enabled: True