[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
branch master updated: hydra: bayfront: Configure NGinx for bordeaux.gui
|
From: |
Christopher Baines |
|
Subject: |
branch master updated: hydra: bayfront: Configure NGinx for bordeaux.guix.gnu.org. |
|
Date: |
Wed, 26 May 2021 17:19:39 -0400 |
This is an automated email from the git hooks/post-receive script.
cbaines pushed a commit to branch master
in repository maintenance.
The following commit(s) were added to refs/heads/master by this push:
new 8660411 hydra: bayfront: Configure NGinx for bordeaux.guix.gnu.org.
8660411 is described below
commit 86604117467f4d5f26befe85c06eaaac3b45801b
Author: Christopher Baines <mail@cbaines.net>
AuthorDate: Wed May 26 22:18:01 2021 +0100
hydra: bayfront: Configure NGinx for bordeaux.guix.gnu.org.
* hydra/bayfront.scm (%bordeaux.guix.gnu.org-nginx-servers): New
variable.
(servers)[nginx-service-type]: Add
%bordeaux.guix.gnu.org-nginx-servers to the server blocks list.
---
hydra/bayfront.scm | 81 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 81 insertions(+)
diff --git a/hydra/bayfront.scm b/hydra/bayfront.scm
index 1502af2..00899d0 100644
--- a/hydra/bayfront.scm
+++ b/hydra/bayfront.scm
@@ -528,6 +528,86 @@ proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;"))
(locations common-locations)))))
+(define %bordeaux.guix.gnu.org-nginx-servers
+ (let ((common-locations
+ (list
+ (nginx-location-configuration
+ (uri "= /nix-cache-info")
+ (body '("
+ return 200 'StoreDir: /gnu/store\nWantMassQuery: 0\nPriority: 100\n';
+ add_header Content-Type text/plain;")))
+ (nginx-location-configuration
+ (uri "= /404")
+ (body '("
+return 404 '404';
+add_header Content-Type text/plain;")))
+ (nginx-location-configuration
+ (uri "~ \\.narinfo$")
+ (body '("
+ root /var/lib/nars;
+
+ error_page 404 /404;
+
+ # For HTTP pipelining. This has a dramatic impact on performance.
+ client_body_buffer_size 128k;
+
+ # Narinfos requests are short, serve many of them on a connection.
+ keepalive_requests 20000;
+
+ add_header Content-Type text/plain;
+")))
+ (nginx-location-configuration
+ (uri "/nar/")
+ (body '("
+ root /var/lib/nars;
+
+ error_page 404 /404;
+
+ client_body_buffer_size 256k;
+
+ # Nars are already compressed.
+ gzip off;
+"))))))
+
+ (list
+ (nginx-server-configuration
+ (server-name '("bordeaux.guix.gnu.org"))
+ (listen '("80"))
+ (raw-content
+ '("
+access_log /var/log/nginx/bordeaux.access.log;"))
+ (locations
+ (append
+ common-locations
+ (list
+ (nginx-location-configuration ; For use by Certbot
+ (uri "/.well-known")
+ (body '(("root /var/www;"))))))))
+
+ (nginx-server-configuration
+ (server-name '("bordeaux.guix.gnu.org"))
+ (listen '("443 ssl"))
+ (ssl-certificate
+ "/etc/letsencrypt/live/bayfront.guix.gnu.org/fullchain.pem")
+ (ssl-certificate-key
+ "/etc/letsencrypt/live/bayfront.guix.gnu.org/privkey.pem")
+ (raw-content
+ '("
+# Make sure SSL is disabled.
+ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
+
+# Disable weak cipher suites.
+ssl_ciphers HIGH:!aNULL:!MD5;
+ssl_prefer_server_ciphers on;
+
+# Use our own DH parameters created with:
+# openssl dhparam -out dhparams.pem 2048
+# as suggested at <https://weakdh.org/sysadmin.html>.
+ssl_dhparam /etc/dhparams.pem;
+
+access_log /var/log/nginx/bordeaux.access.log;"))
+ (locations common-locations)))))
+
(define %guix-build-coordinator-configuration
(let* ((data.guix.gnu.org-build-event-destination
#~(string-append
@@ -774,6 +854,7 @@ proxy_set_header X-Forwarded-For
$proxy_add_x_forwarded_for;"))
%guix-hpc.bordeaux.inria.fr-nginx-servers
%logs.guix.gnu.org-nginx-servers
%bayfront.guix.gnu.org-nginx-servers
+ %bordeaux.guix.gnu.org-nginx-servers
%coordinator.bayfront.guix.gnu.org-nginx-servers))))
(service guix-build-coordinator-service-type
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- branch master updated: hydra: bayfront: Configure NGinx for bordeaux.guix.gnu.org.,
Christopher Baines <=