2018-12-28 22:49:19 +01:00
|
|
|
|
;; Nginx configuration for ci.guix.info
|
|
|
|
|
|
2019-12-23 22:38:02 +01:00
|
|
|
|
(use-modules (gnu services web)
|
|
|
|
|
(gnu services version-control))
|
2018-12-29 11:13:22 +01:00
|
|
|
|
|
2018-12-28 22:49:19 +01:00
|
|
|
|
|
|
|
|
|
|
|
|
|
|
(define* (le host #:optional privkey)
|
|
|
|
|
(string-append "/etc/letsencrypt/live/"
|
|
|
|
|
host "/"
|
|
|
|
|
(if privkey "privkey" "fullchain")
|
2018-12-29 11:11:33 +01:00
|
|
|
|
".pem"))
|
2018-12-28 22:49:19 +01:00
|
|
|
|
|
2019-07-05 10:52:45 +02:00
|
|
|
|
(define (redirect old new)
|
|
|
|
|
(nginx-location-configuration
|
|
|
|
|
(uri old)
|
|
|
|
|
(body (list (string-append "return 301 " new ";\n")))))
|
|
|
|
|
|
2019-06-03 21:25:07 +02:00
|
|
|
|
(define (publish-locations url)
|
|
|
|
|
"Return the nginx location blocks for 'guix publish' running on URL."
|
2019-06-03 17:11:43 +02:00
|
|
|
|
(list (nginx-location-configuration
|
|
|
|
|
(uri "/nix-cache-info")
|
|
|
|
|
(body
|
|
|
|
|
(list
|
|
|
|
|
(string-append
|
2019-06-03 21:25:07 +02:00
|
|
|
|
"proxy_pass " url "/nix-cache-info;")
|
2019-06-03 17:11:43 +02:00
|
|
|
|
;; Cache this file since that's always the first thing we ask
|
|
|
|
|
;; for.
|
|
|
|
|
"proxy_cache static;"
|
|
|
|
|
"proxy_cache_valid 200 100d;" ; cache hits for a looong time.
|
|
|
|
|
"proxy_cache_valid any 5m;" ; cache misses/others for 5 min.
|
|
|
|
|
"proxy_ignore_client_abort on;"
|
|
|
|
|
|
|
|
|
|
;; We need to hide and ignore the Set-Cookie header to enable
|
|
|
|
|
;; caching.
|
|
|
|
|
"proxy_hide_header Set-Cookie;"
|
|
|
|
|
"proxy_ignore_headers Set-Cookie;")))
|
|
|
|
|
|
|
|
|
|
(nginx-location-configuration
|
|
|
|
|
(uri "/nar/")
|
|
|
|
|
(body
|
|
|
|
|
(list
|
2019-06-03 21:25:07 +02:00
|
|
|
|
(string-append "proxy_pass " url ";")
|
2019-06-03 17:11:43 +02:00
|
|
|
|
"client_body_buffer_size 256k;"
|
|
|
|
|
|
|
|
|
|
;; Be more tolerant of delays when fetching a nar.
|
|
|
|
|
"proxy_read_timeout 60s;"
|
|
|
|
|
"proxy_send_timeout 60s;"
|
|
|
|
|
|
|
|
|
|
;; Enable caching for nar files, to avoid reconstructing and
|
|
|
|
|
;; recompressing archives.
|
|
|
|
|
"proxy_cache nar;"
|
|
|
|
|
"proxy_cache_valid 200 30d;" ; cache hits for 1 month
|
|
|
|
|
"proxy_cache_valid 504 3m;" ; timeout, when hydra.gnu.org is overloaded
|
|
|
|
|
"proxy_cache_valid any 1h;" ; cache misses/others for 1h.
|
|
|
|
|
|
|
|
|
|
"proxy_ignore_client_abort on;"
|
|
|
|
|
|
|
|
|
|
;; Nars are already compressed.
|
|
|
|
|
"gzip off;"
|
|
|
|
|
|
|
|
|
|
;; We need to hide and ignore the Set-Cookie header to enable
|
|
|
|
|
;; caching.
|
|
|
|
|
"proxy_hide_header Set-Cookie;"
|
|
|
|
|
"proxy_ignore_headers Set-Cookie;"
|
|
|
|
|
|
|
|
|
|
;; Provide a 'content-length' header so that 'guix
|
|
|
|
|
;; substitute-binary' knows upfront how much it is downloading.
|
|
|
|
|
;; "add_header Content-Length $body_bytes_sent;"
|
|
|
|
|
)))
|
|
|
|
|
|
|
|
|
|
(nginx-location-configuration
|
|
|
|
|
(uri "~ \\.narinfo$")
|
|
|
|
|
(body
|
|
|
|
|
(list
|
|
|
|
|
;; Since 'guix publish' has its own caching, and since it relies
|
|
|
|
|
;; on the atime of cached narinfos to determine whether a
|
|
|
|
|
;; narinfo can be removed from the cache, don't do any caching
|
|
|
|
|
;; here.
|
2019-06-03 21:25:07 +02:00
|
|
|
|
(string-append "proxy_pass " url ";")
|
2019-06-03 17:11:43 +02:00
|
|
|
|
|
|
|
|
|
;; For HTTP pipelining. This has a dramatic impact on
|
|
|
|
|
;; performance.
|
|
|
|
|
"client_body_buffer_size 128k;"
|
|
|
|
|
|
|
|
|
|
;; Narinfos requests are short, serve many of them on a
|
|
|
|
|
;; connection.
|
|
|
|
|
"keepalive_requests 600;"
|
|
|
|
|
|
|
|
|
|
;; Do not tolerate slowness of hydra.gnu.org when fetching
|
|
|
|
|
;; narinfos: better return 504 quickly than wait forever.
|
|
|
|
|
"proxy_connect_timeout 2s;"
|
|
|
|
|
"proxy_read_timeout 2s;"
|
|
|
|
|
"proxy_send_timeout 2s;"
|
|
|
|
|
|
|
|
|
|
;; 'guix publish --ttl' produces a 'Cache-Control' header for
|
|
|
|
|
;; use by 'guix substitute'. Let it through rather than use
|
|
|
|
|
;; nginx's "expire" directive since the expiration time defined
|
|
|
|
|
;; by 'guix publish' is the right one.
|
|
|
|
|
"proxy_pass_header Cache-Control;"
|
|
|
|
|
|
|
|
|
|
"proxy_ignore_client_abort on;"
|
|
|
|
|
|
|
|
|
|
;; We need to hide and ignore the Set-Cookie header to enable
|
|
|
|
|
;; caching.
|
|
|
|
|
"proxy_hide_header Set-Cookie;"
|
|
|
|
|
"proxy_ignore_headers Set-Cookie;")))
|
|
|
|
|
|
|
|
|
|
(nginx-location-configuration
|
|
|
|
|
(uri "/log/")
|
|
|
|
|
(body
|
|
|
|
|
(list
|
2019-06-03 21:25:07 +02:00
|
|
|
|
(string-append "proxy_pass " url ";")
|
2019-06-03 17:11:43 +02:00
|
|
|
|
|
|
|
|
|
;; Enable caching for build logs.
|
|
|
|
|
"proxy_cache logs;"
|
|
|
|
|
"proxy_cache_valid 200 60d;" ; cache hits.
|
|
|
|
|
"proxy_cache_valid 504 3m;" ; timeout, when hydra.gnu.org is overloaded
|
|
|
|
|
"proxy_cache_valid any 1h;" ; cache misses/others.
|
|
|
|
|
|
|
|
|
|
"proxy_ignore_client_abort on;"
|
|
|
|
|
|
|
|
|
|
;; We need to hide and ignore the Set-Cookie header to enable
|
|
|
|
|
;; caching.
|
|
|
|
|
"proxy_hide_header Set-Cookie;"
|
|
|
|
|
"proxy_ignore_headers Set-Cookie;")))
|
|
|
|
|
|
|
|
|
|
;; Content-addressed files served by 'guix publish'.
|
|
|
|
|
(nginx-location-configuration
|
|
|
|
|
(uri "/file/")
|
|
|
|
|
(body
|
|
|
|
|
(list
|
2019-06-03 21:25:07 +02:00
|
|
|
|
(string-append "proxy_pass " url ";")
|
2019-06-03 17:11:43 +02:00
|
|
|
|
|
|
|
|
|
"proxy_cache cas;"
|
|
|
|
|
"proxy_cache_valid 200 200d;" ; cache hits
|
|
|
|
|
"proxy_cache_valid any 5m;" ; cache misses/others
|
|
|
|
|
|
|
|
|
|
"proxy_ignore_client_abort on;")))))
|
|
|
|
|
|
2018-12-28 22:49:19 +01:00
|
|
|
|
(define %tls-settings
|
|
|
|
|
(list
|
|
|
|
|
;; Make sure SSL is disabled.
|
|
|
|
|
"ssl_protocols TLSv1 TLSv1.1 TLSv1.2;"
|
|
|
|
|
;; Disable weak cipher suites.
|
|
|
|
|
"ssl_ciphers HIGH:!aNULL:!MD5;"
|
|
|
|
|
"ssl_prefer_server_ciphers on;"
|
|
|
|
|
|
|
|
|
|
;; Use our own DH parameters created with:
|
|
|
|
|
;; openssl dhparam -out dhparams.pem 2048
|
|
|
|
|
;; as suggested at <https://weakdh.org/sysadmin.html>.
|
|
|
|
|
"ssl_dhparam /etc/dhparams.pem;"))
|
|
|
|
|
|
2019-06-03 21:25:07 +02:00
|
|
|
|
(define (berlin-locations publish-url)
|
|
|
|
|
"Return nginx location blocks with 'guix publish' reachable at
|
|
|
|
|
PUBLISH-URL."
|
|
|
|
|
(append (publish-locations publish-url)
|
2019-06-03 17:11:43 +02:00
|
|
|
|
(list
|
|
|
|
|
;; Cuirass.
|
|
|
|
|
(nginx-location-configuration
|
|
|
|
|
(uri "/")
|
|
|
|
|
(body (list "proxy_pass http://localhost:8081;")))
|
2019-10-30 13:11:28 +01:00
|
|
|
|
(nginx-location-configuration
|
|
|
|
|
(uri "~ ^/admin")
|
|
|
|
|
(body
|
|
|
|
|
(list "if ($ssl_client_verify != SUCCESS) { return 403; } proxy_pass http://localhost:8081;")))
|
2019-06-03 17:11:43 +02:00
|
|
|
|
|
|
|
|
|
(nginx-location-configuration
|
|
|
|
|
(uri "/static")
|
|
|
|
|
(body
|
|
|
|
|
(list
|
|
|
|
|
"proxy_pass http://localhost:8081;"
|
|
|
|
|
;; Let browsers cache this for a while.
|
|
|
|
|
"expires 10d;"
|
|
|
|
|
;; Cache quite aggressively.
|
|
|
|
|
"proxy_cache static;"
|
|
|
|
|
"proxy_cache_valid 200 5d;"
|
|
|
|
|
"proxy_cache_valid any 10m;"
|
|
|
|
|
"proxy_ignore_client_abort on;")))
|
|
|
|
|
|
2020-01-02 18:11:45 +01:00
|
|
|
|
(nginx-location-configuration ;certbot
|
|
|
|
|
(uri "/.well-known")
|
|
|
|
|
(body (list "root /var/www;")))
|
|
|
|
|
|
2019-06-03 17:11:43 +02:00
|
|
|
|
(nginx-location-configuration
|
|
|
|
|
(uri "/berlin.guixsd.org-export.pub")
|
|
|
|
|
(body
|
2019-10-21 14:57:01 +02:00
|
|
|
|
(list "root /var/www/guix;"))))))
|
2019-07-16 09:55:57 +02:00
|
|
|
|
|
|
|
|
|
(define guix.gnu.org-locations
|
|
|
|
|
(list
|
2019-08-08 17:37:08 +02:00
|
|
|
|
;; Short URL for the installation script
|
|
|
|
|
(redirect "/install.sh" "https://git.savannah.gnu.org/cgit/guix.git/plain/etc/guix-install.sh")
|
2019-07-16 09:55:57 +02:00
|
|
|
|
;; What follows is a list of redirects for URLs that used to be
|
|
|
|
|
;; available at gnu.org/s/guix--e.g.,
|
|
|
|
|
;; <http://gnu.org/s/guix/news/porting-guix-and-guixsd.html>.
|
2019-07-17 23:54:42 +02:00
|
|
|
|
(redirect "/news/feed.xml" "/feeds/blog.atom")
|
2019-07-16 10:05:17 +02:00
|
|
|
|
(redirect "/news/porting-guix-and-guixsd.html" "/blog/2015/porting-guix-and-guixsd")
|
|
|
|
|
(redirect "/news/gnu-guix-welcomes-three-students-for-gsoc.html" "/blog/2015/gnu-guix-welcomes-three-students-for-gsoc")
|
|
|
|
|
(redirect "/news/gnu-guix-recruits-for-gsoc.html" "/blog/2015/gnu-guix-recruits-for-gsoc")
|
|
|
|
|
(redirect "/news/one-week-to-fosdem.html" "/blog/2014/one-week-to-fosdem")
|
|
|
|
|
(redirect "/news/gnu-dmd-02-released.html" "/blog/2014/gnu-dmd-02-released")
|
|
|
|
|
(redirect "/news/emacs-as-a-general-purpose-package-manager.html" "/blog/2014/emacs-as-a-general-purpose-package-manager")
|
|
|
|
|
(redirect "/news/join-gnu-guix-for-gsoc-2017.html" "/blog/2017/join-gnu-guix-for-gsoc-2017")
|
|
|
|
|
(redirect "/news/gnu-guix-05-released.html" "/blog/2013/gnu-guix-05-released")
|
|
|
|
|
(redirect "/news/guix-at-the-2014-gnu-hackers-meeting.html" "/blog/2014/guix-at-the-2014-gnu-hackers-meeting")
|
|
|
|
|
(redirect "/news/state-of-aarch64-on-guix.html" "/blog/2017/state-of-aarch64-on-guix")
|
|
|
|
|
(redirect "/news/coming-events.html" "/blog/2017/coming-events")
|
|
|
|
|
(redirect "/news/gnu-dmd-01-released.html" "/blog/2013/gnu-dmd-01-released")
|
|
|
|
|
(redirect "/news/announcing-guix-hpc.html" "/blog/2017/announcing-guix-hpc")
|
|
|
|
|
(redirect "/news/gnu-guix-looks-for-gsoc-students.html" "/blog/2014/gnu-guix-looks-for-gsoc-students")
|
|
|
|
|
(redirect "/news/guix-at-the-european-lisp-symposium.html" "/blog/2013/guix-at-the-european-lisp-symposium")
|
|
|
|
|
(redirect "/news/gnu-guix-08-released.html" "/blog/2014/gnu-guix-08-released")
|
|
|
|
|
(redirect "/news/gnu-guix-090-released.html" "/blog/2015/gnu-guix-090-released")
|
|
|
|
|
(redirect "/news/index.html" "/blog/")
|
|
|
|
|
(redirect "/news/gnu-guix-welcomes-four-students-for-gsoc.html" "/blog/2016/gnu-guix-welcomes-four-students-for-gsoc")
|
|
|
|
|
(redirect "/news/gnu-guix-081-released.html" "/blog/2015/gnu-guix-081-released")
|
|
|
|
|
(redirect "/news/timely-delivery-of-security-updates.html" "/blog/2016/timely-delivery-of-security-updates")
|
|
|
|
|
(redirect "/news/guix-at-openbio-codefest-2014.html" "/blog/2014/guix-at-openbio-codefest-2014")
|
|
|
|
|
(redirect "/news/gnu-guix-talk-in-boston-ma-usa-on-january-20th.html" "/blog/2016/gnu-guix-talk-in-boston-ma-usa-on-january-20th")
|
|
|
|
|
(redirect "/news/gnu-guix-at-fosdem.html" "/blog/2015/gnu-guix-at-fosdem")
|
|
|
|
|
(redirect "/news/gnu-guix-082-released.html" "/blog/2015/gnu-guix-082-released")
|
|
|
|
|
(redirect "/news/chris-webber-talks-about-guix-in-chicago-september-30th.html" "/blog/2015/chris-webber-talks-about-guix-in-chicago-september-30th")
|
|
|
|
|
(redirect "/news/back-from-the-gnu-hackers-meeting.html" "/blog/2013/back-from-the-gnu-hackers-meeting")
|
|
|
|
|
(redirect "/news/reproducible-build-summit-2nd-edition.html" "/blog/2016/reproducible-build-summit-2nd-edition")
|
|
|
|
|
(redirect "/news/gnu-guix-talk-in-rennes-france-november-9th.html" "/blog/2015/gnu-guix-talk-in-rennes-france-november-9th")
|
|
|
|
|
(redirect "/news/gnu-guix-01-released.html" "/blog/2013/gnu-guix-01-released")
|
|
|
|
|
(redirect "/news/guix-tox-talk-at-pyconfr-october-17th.html" "/blog/2015/guix-tox-talk-at-pyconfr-october-17th")
|
|
|
|
|
(redirect "/news/gnu-guix-and-guixsd-0.13.0-released.html" "/blog/2017/gnu-guix-and-guixsd-0.13.0-released")
|
|
|
|
|
(redirect "/news/guix-gets-cross-compilation-support.html" "/blog/2013/guix-gets-cross-compilation-support")
|
|
|
|
|
(redirect "/news/gnu-guix-06-released.html" "/blog/2014/gnu-guix-06-released")
|
|
|
|
|
(redirect "/news/meet-guix-at-fosdem.html" "/blog/2016/meet-guix-at-fosdem")
|
|
|
|
|
(redirect "/news/reproducible-and-user-controlled-software-environments-in-hpc-with-guix.html" "/blog/2015/reproducible-and-user-controlled-software-environments-in-hpc-with-guix")
|
|
|
|
|
(redirect "/news/container-provisioning-with-guix.html" "/blog/2015/container-provisioning-with-guix")
|
|
|
|
|
(redirect "/news/guixsd-system-tests.html" "/blog/2016/guixsd-system-tests")
|
|
|
|
|
(redirect "/news/gnu-guix--guixsd-0100-released.html" "/blog/2016/gnu-guix--guixsd-0100-released")
|
|
|
|
|
(redirect "/news/gnu-guix-and-guixsd-0110-released.html" "/blog/2016/gnu-guix-and-guixsd-0110-released")
|
|
|
|
|
(redirect "/news/boot-to-guile.html" "/blog/2013/boot-to-guile")
|
|
|
|
|
(redirect "/news/gnu-guix-talk-at-opentechsummit-berlin-may-14th.html" "/blog/2015/gnu-guix-talk-at-opentechsummit-berlin-may-14th")
|
|
|
|
|
(redirect "/news/running-system-services-in-containers.html" "/blog/2017/running-system-services-in-containers")
|
|
|
|
|
(redirect "/news/growing-our-build-farm.html" "/blog/2016/growing-our-build-farm")
|
|
|
|
|
(redirect "/news/distro-of-the-linux-based-gnu-system-ported-to-mips.html" "/blog/2013/distro-of-the-linux-based-gnu-system-ported-to-mips")
|
|
|
|
|
(redirect "/news/guix-at-libreplanet-2016.html" "/blog/2016/guix-at-libreplanet-2016")
|
|
|
|
|
(redirect "/news/guix--gsoc.html" "/blog/2013/guix--gsoc")
|
|
|
|
|
(redirect "/news/service-composition-in-guixsd.html" "/blog/2015/service-composition-in-guixsd")
|
|
|
|
|
(redirect "/news/creating-bundles-with-guix-pack.html" "/blog/2017/creating-bundles-with-guix-pack")
|
|
|
|
|
(redirect "/news/back-from-the-european-lisp-symposium.html" "/blog/2013/back-from-the-european-lisp-symposium")
|
|
|
|
|
(redirect "/news/gnu-guix-04-released-happy-birthday-gnu.html" "/blog/2013/gnu-guix-04-released-happy-birthday-gnu")
|
|
|
|
|
(redirect "/news/reproducible-builds-a-status-update.html" "/blog/2017/reproducible-builds-a-status-update")
|
|
|
|
|
(redirect "/news/gnu-guix-083-released.html" "/blog/2015/gnu-guix-083-released")
|
|
|
|
|
(redirect "/news/join-gnu-guix-for-gsoc.html" "/blog/2016/join-gnu-guix-for-gsoc")
|
|
|
|
|
(redirect "/news/gnu-guix-and-guixsd-0120-released.html" "/blog/2016/gnu-guix-and-guixsd-0120-released")
|
|
|
|
|
(redirect "/news/meet-guix-at-fosdem-2017.html" "/blog/2017/meet-guix-at-fosdem-2017")
|
|
|
|
|
(redirect "/news/join-guix-for-an-on-line-hackathon-on-sep-28-29.html" "/blog/2013/join-guix-for-an-on-line-hackathon-on-sep-28-29")
|
|
|
|
|
(redirect "/news/gnome-in-guixsd.html" "/blog/2016/gnome-in-guixsd")
|
|
|
|
|
(redirect "/news/introducing-guix-a-package-manager-and-distro-for-gnu.html" "/blog/2012/introducing-guix-a-package-manager-and-distro-for-gnu")
|
|
|
|
|
(redirect "/news/gnu-guix-03-released.html" "/blog/2013/gnu-guix-03-released")
|
|
|
|
|
(redirect "/news/gnu-guix-07-released.html" "/blog/2014/gnu-guix-07-released")
|
|
|
|
|
(redirect "/news/gsoc-update.html" "/blog/2015/gsoc-update")
|
|
|
|
|
(redirect "/news/gnu-guix-02-released.html" "/blog/2013/gnu-guix-02-released")
|
|
|
|
|
(redirect "/news/guix-starts-fundraising-campaign-with-support-from-the-fsf.html" "/blog/2015/guix-starts-fundraising-campaign-with-support-from-the-fsf")
|
|
|
|
|
(redirect "/news/gnu-guix-ported-to-arm-and-other-niceties-of-the-new-year.html" "/blog/2015/gnu-guix-ported-to-arm-and-other-niceties-of-the-new-year")
|
|
|
|
|
(redirect "/news/reproducible-builds-a-means-to-an-end.html" "/blog/2015/reproducible-builds-a-means-to-an-end")
|
|
|
|
|
(redirect "/manual/html_node/Substitutes.html" "../en/html_node/Substitutes.html")
|
|
|
|
|
(redirect "/manual/html_node/GNU-Free-Documentation-License.html" "../en/html_node/GNU-Free-Documentation-License.html")
|
|
|
|
|
(redirect "/manual/html_node/The-Store-Monad.html" "../en/html_node/The-Store-Monad.html")
|
|
|
|
|
(redirect "/manual/html_node/Running-Guix-Before-It-Is-Installed.html" "../en/html_node/Running-Guix-Before-It-Is-Installed.html")
|
|
|
|
|
(redirect "/manual/html_node/rngd_002dservice.html" "../en/html_node/rngd_002dservice.html")
|
|
|
|
|
(redirect "/manual/html_node/Data-Types-and-Pattern-Matching.html" "../en/html_node/Data-Types-and-Pattern-Matching.html")
|
|
|
|
|
(redirect "/manual/html_node/Version-Numbers.html" "../en/html_node/Version-Numbers.html")
|
|
|
|
|
(redirect "/manual/html_node/The-Perfect-Setup.html" "../en/html_node/The-Perfect-Setup.html")
|
|
|
|
|
(redirect "/manual/html_node/G_002dExpressions.html" "../en/html_node/G_002dExpressions.html")
|
|
|
|
|
(redirect "/manual/html_node/Programming-Paradigm.html" "../en/html_node/Programming-Paradigm.html")
|
|
|
|
|
(redirect "/manual/html_node/Installing-GuixSD-in-a-VM.html" "../en/html_node/Installing-GuixSD-in-a-VM.html")
|
|
|
|
|
(redirect "/manual/html_node/syslog_002dconfiguration_002dtype.html" "../en/html_node/syslog_002dconfiguration_002dtype.html")
|
|
|
|
|
(redirect "/manual/html_node/Running-the-Test-Suite.html" "../en/html_node/Running-the-Test-Suite.html")
|
|
|
|
|
(redirect "/manual/html_node/Coding-Style.html" "../en/html_node/Coding-Style.html")
|
|
|
|
|
(redirect "/manual/html_node/Version-Control-Services.html" "../en/html_node/Version-Control-Services.html")
|
|
|
|
|
(redirect "/manual/html_node/client_002dsubstitute_002durls.html" "../en/html_node/client_002dsubstitute_002durls.html")
|
|
|
|
|
(redirect "/manual/html_node/Database-Services.html" "../en/html_node/Database-Services.html")
|
|
|
|
|
(redirect "/manual/html_node/Invoking-guix-download.html" "../en/html_node/Invoking-guix-download.html")
|
|
|
|
|
(redirect "/manual/html_node/Documentation.html" "../en/html_node/Documentation.html")
|
|
|
|
|
(redirect "/manual/html_node/Package-Naming.html" "../en/html_node/Package-Naming.html")
|
|
|
|
|
(redirect "/manual/html_node/Invoking-guix-hash.html" "../en/html_node/Invoking-guix-hash.html")
|
|
|
|
|
(redirect "/manual/html_node/Audio-Services.html" "../en/html_node/Audio-Services.html")
|
|
|
|
|
(redirect "/manual/html_node/Mapped-Devices.html" "../en/html_node/Mapped-Devices.html")
|
|
|
|
|
(redirect "/manual/html_node/operating_002dsystem-Reference.html" "../en/html_node/operating_002dsystem-Reference.html")
|
|
|
|
|
(redirect "/manual/html_node/Security-Updates.html" "../en/html_node/Security-Updates.html")
|
|
|
|
|
(redirect "/manual/html_node/Java-Packages.html" "../en/html_node/Java-Packages.html")
|
|
|
|
|
(redirect "/manual/html_node/user_002daccount_002dpassword.html" "../en/html_node/user_002daccount_002dpassword.html")
|
|
|
|
|
(redirect "/manual/html_node/System-Installation.html" "../en/html_node/System-Installation.html")
|
|
|
|
|
(redirect "/manual/html_node/Installation.html" "../en/html_node/Installation.html")
|
|
|
|
|
(redirect "/manual/html_node/Modules.html" "../en/html_node/Modules.html")
|
|
|
|
|
(redirect "/manual/html_node/File-Systems.html" "../en/html_node/File-Systems.html")
|
|
|
|
|
(redirect "/manual/html_node/Invoking-guix-gc.html" "../en/html_node/Invoking-guix-gc.html")
|
|
|
|
|
(redirect "/manual/html_node/package_002dpropagated_002dinputs.html" "../en/html_node/package_002dpropagated_002dinputs.html")
|
|
|
|
|
(redirect "/manual/html_node/Invoking-guix-lint.html" "../en/html_node/Invoking-guix-lint.html")
|
|
|
|
|
(redirect "/manual/html_node/Invoking-guix-pull.html" "../en/html_node/Invoking-guix-pull.html")
|
|
|
|
|
(redirect "/manual/html_node/Invoking-guix_002ddaemon.html" "../en/html_node/Invoking-guix_002ddaemon.html")
|
|
|
|
|
(redirect "/manual/html_node/Locales.html" "../en/html_node/Locales.html")
|
|
|
|
|
(redirect "/manual/html_node/Using-the-Configuration-System.html" "../en/html_node/Using-the-Configuration-System.html")
|
|
|
|
|
(redirect "/manual/html_node/X_002e509-Certificates.html" "../en/html_node/X_002e509-Certificates.html")
|
|
|
|
|
(redirect "/manual/html_node/guix_002dconfiguration_002dtype.html" "../en/html_node/guix_002dconfiguration_002dtype.html")
|
|
|
|
|
(redirect "/manual/html_node/USB-Stick-and-DVD-Installation.html" "../en/html_node/USB-Stick-and-DVD-Installation.html")
|
|
|
|
|
(redirect "/manual/html_node/Software-Freedom.html" "../en/html_node/Software-Freedom.html")
|
|
|
|
|
(redirect "/manual/html_node/Building-the-Installation-Image.html" "../en/html_node/Building-the-Installation-Image.html")
|
|
|
|
|
(redirect "/manual/html_node/Running-GuixSD-in-a-VM.html" "../en/html_node/Running-GuixSD-in-a-VM.html")
|
|
|
|
|
(redirect "/manual/html_node/Debugging-Build-Failures.html" "../en/html_node/Debugging-Build-Failures.html")
|
|
|
|
|
(redirect "/manual/html_node/daemon_002dsubstitute_002durls.html" "../en/html_node/daemon_002dsubstitute_002durls.html")
|
|
|
|
|
(redirect "/manual/html_node/Virtualization-Services.html" "../en/html_node/Virtualization-Services.html")
|
|
|
|
|
(redirect "/manual/html_node/Fonts.html" "../en/html_node/Fonts.html")
|
|
|
|
|
(redirect "/manual/html_node/Monitoring-Services.html" "../en/html_node/Monitoring-Services.html")
|
|
|
|
|
(redirect "/manual/html_node/Binary-Installation.html" "../en/html_node/Binary-Installation.html")
|
|
|
|
|
(redirect "/manual/html_node/Messaging-Services.html" "../en/html_node/Messaging-Services.html")
|
|
|
|
|
(redirect "/manual/html_node/X-Window.html" "../en/html_node/X-Window.html")
|
|
|
|
|
(redirect "/manual/html_node/Service-Types-and-Services.html" "../en/html_node/Service-Types-and-Services.html")
|
|
|
|
|
(redirect "/manual/html_node/Introduction.html" "../en/html_node/Introduction.html")
|
|
|
|
|
(redirect "/manual/html_node/Hardware-Considerations.html" "../en/html_node/Hardware-Considerations.html")
|
|
|
|
|
(redirect "/manual/html_node/System-Configuration.html" "../en/html_node/System-Configuration.html")
|
|
|
|
|
(redirect "/manual/html_node/VPN-Services.html" "../en/html_node/VPN-Services.html")
|
|
|
|
|
(redirect "/manual/html_node/Invoking-guix-system.html" "../en/html_node/Invoking-guix-system.html")
|
|
|
|
|
(redirect "/manual/html_node/index.html" "../en/html_node/index.html")
|
|
|
|
|
(redirect "/manual/html_node/package-Reference.html" "../en/html_node/package-Reference.html")
|
|
|
|
|
(redirect "/manual/html_node/Sending-a-Patch-Series.html" "../en/html_node/Sending-a-Patch-Series.html")
|
|
|
|
|
(redirect "/manual/html_node/package_002dcmd_002dpropagated_002dinputs.html" "../en/html_node/package_002dcmd_002dpropagated_002dinputs.html")
|
|
|
|
|
(redirect "/manual/html_node/Invoking-guix-refresh.html" "../en/html_node/Invoking-guix-refresh.html")
|
|
|
|
|
(redirect "/manual/html_node/GNU-Distribution.html" "../en/html_node/GNU-Distribution.html")
|
|
|
|
|
(redirect "/manual/html_node/Name-Service-Switch.html" "../en/html_node/Name-Service-Switch.html")
|
|
|
|
|
(redirect "/manual/html_node/The-Store.html" "../en/html_node/The-Store.html")
|
|
|
|
|
(redirect "/manual/html_node/Common-Build-Options.html" "../en/html_node/Common-Build-Options.html")
|
|
|
|
|
(redirect "/manual/html_node/Invoking-guix-import.html" "../en/html_node/Invoking-guix-import.html")
|
|
|
|
|
(redirect "/manual/html_node/Invoking-guix-edit.html" "../en/html_node/Invoking-guix-edit.html")
|
|
|
|
|
(redirect "/manual/html_node/Network-File-System.html" "../en/html_node/Network-File-System.html")
|
|
|
|
|
(redirect "/manual/html_node/Miscellaneous-Services.html" "../en/html_node/Miscellaneous-Services.html")
|
|
|
|
|
(redirect "/manual/html_node/Daemon-Offload-Setup.html" "../en/html_node/Daemon-Offload-Setup.html")
|
|
|
|
|
(redirect "/manual/html_node/Features.html" "../en/html_node/Features.html")
|
|
|
|
|
(redirect "/manual/html_node/guix_002dpublish_002dservice_002dtype.html" "../en/html_node/guix_002dpublish_002dservice_002dtype.html")
|
|
|
|
|
(redirect "/manual/html_node/Invoking-guix-pack.html" "../en/html_node/Invoking-guix-pack.html")
|
|
|
|
|
(redirect "/manual/html_node/Contributing.html" "../en/html_node/Contributing.html")
|
|
|
|
|
(redirect "/manual/html_node/fallback_002doption.html" "../en/html_node/fallback_002doption.html")
|
|
|
|
|
(redirect "/manual/html_node/Power-management-Services.html" "../en/html_node/Power-management-Services.html")
|
|
|
|
|
(redirect "/manual/html_node/build_002dcheck.html" "../en/html_node/build_002dcheck.html")
|
|
|
|
|
(redirect "/manual/html_node/Invoking-guix-package.html" "../en/html_node/Invoking-guix-package.html")
|
|
|
|
|
(redirect "/manual/html_node/Mail-Services.html" "../en/html_node/Mail-Services.html")
|
|
|
|
|
(redirect "/manual/html_node/Concept-Index.html" "../en/html_node/Concept-Index.html")
|
|
|
|
|
(redirect "/manual/html_node/Build-Environment-Setup.html" "../en/html_node/Build-Environment-Setup.html")
|
|
|
|
|
(redirect "/manual/html_node/Printing-Services.html" "../en/html_node/Printing-Services.html")
|
|
|
|
|
(redirect "/manual/html_node/Invoking-guix-build.html" "../en/html_node/Invoking-guix-build.html")
|
|
|
|
|
(redirect "/manual/html_node/Programming-Interface.html" "../en/html_node/Programming-Interface.html")
|
|
|
|
|
(redirect "/manual/html_node/profile_002dmanifest.html" "../en/html_node/profile_002dmanifest.html")
|
|
|
|
|
(redirect "/manual/html_node/Packaging-Guidelines.html" "../en/html_node/Packaging-Guidelines.html")
|
|
|
|
|
(redirect "/manual/html_node/Kerberos-Services.html" "../en/html_node/Kerberos-Services.html")
|
|
|
|
|
(redirect "/manual/html_node/Invoking-guix-graph.html" "../en/html_node/Invoking-guix-graph.html")
|
|
|
|
|
(redirect "/manual/html_node/Invoking-guix-container.html" "../en/html_node/Invoking-guix-container.html")
|
|
|
|
|
(redirect "/manual/html_node/Derivations.html" "../en/html_node/Derivations.html")
|
|
|
|
|
(redirect "/manual/html_node/Programming-Index.html" "../en/html_node/Programming-Index.html")
|
|
|
|
|
(redirect "/manual/html_node/Setting-Up-the-Daemon.html" "../en/html_node/Setting-Up-the-Daemon.html")
|
|
|
|
|
(redirect "/manual/html_node/Continuous-Integration.html" "../en/html_node/Continuous-Integration.html")
|
|
|
|
|
(redirect "/manual/html_node/User-Accounts.html" "../en/html_node/User-Accounts.html")
|
|
|
|
|
(redirect "/manual/html_node/guix-system-vm.html" "../en/html_node/guix-system-vm.html")
|
|
|
|
|
(redirect "/manual/html_node/Invoking-guix-weather.html" "../en/html_node/Invoking-guix-weather.html")
|
|
|
|
|
(redirect "/manual/html_node/USB-Stick-Installation.html" "../en/html_node/USB-Stick-Installation.html")
|
|
|
|
|
(redirect "/manual/html_node/Telephony-Services.html" "../en/html_node/Telephony-Services.html")
|
|
|
|
|
(redirect "/manual/html_node/Additional-Build-Options.html" "../en/html_node/Additional-Build-Options.html")
|
|
|
|
|
(redirect "/manual/html_node/Requirements.html" "../en/html_node/Requirements.html")
|
|
|
|
|
(redirect "/manual/html_node/Acknowledgments.html" "../en/html_node/Acknowledgments.html")
|
|
|
|
|
(redirect "/manual/html_node/Formatting-Code.html" "../en/html_node/Formatting-Code.html")
|
|
|
|
|
(redirect "/manual/html_node/Certificate-Services.html" "../en/html_node/Certificate-Services.html")
|
|
|
|
|
(redirect "/manual/html_node/Invoking-guix-copy.html" "../en/html_node/Invoking-guix-copy.html")
|
|
|
|
|
(redirect "/manual/html_node/Package-Modules.html" "../en/html_node/Package-Modules.html")
|
|
|
|
|
(redirect "/manual/html_node/Proxy-Settings.html" "../en/html_node/Proxy-Settings.html")
|
|
|
|
|
(redirect "/manual/html_node/locales_002dand_002dlocpath.html" "../en/html_node/locales_002dand_002dlocpath.html")
|
|
|
|
|
(redirect "/manual/html_node/Substitute-Server-Authorization.html" "../en/html_node/Substitute-Server-Authorization.html")
|
|
|
|
|
(redirect "/manual/html_node/Setuid-Programs.html" "../en/html_node/Setuid-Programs.html")
|
|
|
|
|
(redirect "/manual/html_node/Bootstrapping.html" "../en/html_node/Bootstrapping.html")
|
|
|
|
|
(redirect "/manual/html_node/Defining-Services.html" "../en/html_node/Defining-Services.html")
|
|
|
|
|
(redirect "/manual/html_node/pam_002dlimits_002dservice.html" "../en/html_node/pam_002dlimits_002dservice.html")
|
|
|
|
|
(redirect "/manual/html_node/Desktop-Services.html" "../en/html_node/Desktop-Services.html")
|
|
|
|
|
(redirect "/manual/html_node/Utilities.html" "../en/html_node/Utilities.html")
|
|
|
|
|
(redirect "/manual/html_node/Services.html" "../en/html_node/Services.html")
|
|
|
|
|
(redirect "/manual/html_node/Limitations.html" "../en/html_node/Limitations.html")
|
|
|
|
|
(redirect "/manual/html_node/Invoking-guix-size.html" "../en/html_node/Invoking-guix-size.html")
|
|
|
|
|
(redirect "/manual/html_node/Shepherd-Services.html" "../en/html_node/Shepherd-Services.html")
|
|
|
|
|
(redirect "/manual/html_node/system_002dshepherd_002dgraph.html" "../en/html_node/system_002dshepherd_002dgraph.html")
|
|
|
|
|
(redirect "/manual/html_node/Invoking-guix-environment.html" "../en/html_node/Invoking-guix-environment.html")
|
|
|
|
|
(redirect "/manual/html_node/Invoking-guix-publish.html" "../en/html_node/Invoking-guix-publish.html")
|
|
|
|
|
(redirect "/manual/html_node/Log-Rotation.html" "../en/html_node/Log-Rotation.html")
|
|
|
|
|
(redirect "/manual/html_node/Building-from-Git.html" "../en/html_node/Building-from-Git.html")
|
|
|
|
|
(redirect "/manual/html_node/Defining-Packages.html" "../en/html_node/Defining-Packages.html")
|
|
|
|
|
(redirect "/manual/html_node/DNS-Services.html" "../en/html_node/DNS-Services.html")
|
|
|
|
|
(redirect "/manual/html_node/Bootloader-Configuration.html" "../en/html_node/Bootloader-Configuration.html")
|
|
|
|
|
(redirect "/manual/html_node/Invoking-guix-challenge.html" "../en/html_node/Invoking-guix-challenge.html")
|
|
|
|
|
(redirect "/manual/html_node/nginx_002dlocation_002dconfiguration-body.html" "../en/html_node/nginx_002dlocation_002dconfiguration-body.html")
|
|
|
|
|
(redirect "/manual/html_node/Proceeding-with-the-Installation.html" "../en/html_node/Proceeding-with-the-Installation.html")
|
|
|
|
|
(redirect "/manual/html_node/Initial-RAM-Disk.html" "../en/html_node/Initial-RAM-Disk.html")
|
|
|
|
|
(redirect "/manual/html_node/syslog_002dservice.html" "../en/html_node/syslog_002dservice.html")
|
|
|
|
|
(redirect "/manual/html_node/Preparing-for-Installation.html" "../en/html_node/Preparing-for-Installation.html")
|
|
|
|
|
(redirect "/manual/html_node/Application-Setup.html" "../en/html_node/Application-Setup.html")
|
|
|
|
|
(redirect "/manual/html_node/Service-Composition.html" "../en/html_node/Service-Composition.html")
|
|
|
|
|
(redirect "/manual/html_node/Packages-with-Multiple-Outputs.html" "../en/html_node/Packages-with-Multiple-Outputs.html")
|
|
|
|
|
(redirect "/manual/html_node/Submitting-Patches.html" "../en/html_node/Submitting-Patches.html")
|
|
|
|
|
(redirect "/manual/html_node/Substitution-Failure.html" "../en/html_node/Substitution-Failure.html")
|
|
|
|
|
(redirect "/manual/html_node/Porting.html" "../en/html_node/Porting.html")
|
|
|
|
|
(redirect "/manual/html_node/Web-Services.html" "../en/html_node/Web-Services.html")
|
|
|
|
|
(redirect "/manual/html_node/Build-Systems.html" "../en/html_node/Build-Systems.html")
|
|
|
|
|
(redirect "/manual/html_node/Python-Modules.html" "../en/html_node/Python-Modules.html")
|
|
|
|
|
(redirect "/manual/html_node/On-Trusting-Binaries.html" "../en/html_node/On-Trusting-Binaries.html")
|
|
|
|
|
(redirect "/manual/html_node/Synopses-and-Descriptions.html" "../en/html_node/Synopses-and-Descriptions.html")
|
|
|
|
|
(redirect "/manual/html_node/Invoking-guix-archive.html" "../en/html_node/Invoking-guix-archive.html")
|
|
|
|
|
(redirect "/manual/html_node/Package-Transformation-Options.html" "../en/html_node/Package-Transformation-Options.html")
|
|
|
|
|
(redirect "/manual/html_node/Perl-Modules.html" "../en/html_node/Perl-Modules.html")
|
|
|
|
|
(redirect "/manual/html_node/Base-Services.html" "../en/html_node/Base-Services.html")
|
|
|
|
|
(redirect "/manual/html_node/origin-Reference.html" "../en/html_node/origin-Reference.html")
|
|
|
|
|
(redirect "/manual/html_node/Substitute-Authentication.html" "../en/html_node/Substitute-Authentication.html")
|
|
|
|
|
(redirect "/manual/html_node/Service-Reference.html" "../en/html_node/Service-Reference.html")
|
|
|
|
|
(redirect "/manual/html_node/system_002dextension_002dgraph.html" "../en/html_node/system_002dextension_002dgraph.html")
|
|
|
|
|
(redirect "/manual/html_node/Installing-Debugging-Files.html" "../en/html_node/Installing-Debugging-Files.html")
|
|
|
|
|
(redirect "/manual/html_node/Official-Substitute-Server.html" "../en/html_node/Official-Substitute-Server.html")
|
|
|
|
|
(redirect "/manual/html_node/Scheduled-Job-Execution.html" "../en/html_node/Scheduled-Job-Execution.html")
|
|
|
|
|
(redirect "/manual/html_node/Package-Management.html" "../en/html_node/Package-Management.html")
|
|
|
|
|
(redirect "/manual/html_node/Networking-Services.html" "../en/html_node/Networking-Services.html")
|
2019-07-17 22:37:01 +02:00
|
|
|
|
(redirect "/manual/html_node" "en/html_node")
|
2019-07-16 10:05:17 +02:00
|
|
|
|
(redirect "/manual/guix.html" "en/guix.html")
|
|
|
|
|
(redirect "/manual/en/html_node/Installing-GuixSD-in-a-VM.html" "Installing-Guix-in-a-VM.html")
|
|
|
|
|
(redirect "/manual/en/html_node/Running-GuixSD-in-a-VM.html"
|
2019-07-16 09:55:57 +02:00
|
|
|
|
"Running-Guix-in-a-VM.html")
|
|
|
|
|
|
2019-07-17 22:23:14 +02:00
|
|
|
|
(nginx-location-configuration
|
|
|
|
|
(uri "/manual/devel")
|
|
|
|
|
(body (list "alias /srv/guix-manual-devel;")))
|
2019-07-16 09:55:57 +02:00
|
|
|
|
(nginx-location-configuration
|
|
|
|
|
(uri "/manual")
|
|
|
|
|
(body (list "alias /srv/guix-manual;")))
|
2019-10-21 23:31:30 +02:00
|
|
|
|
(nginx-location-configuration
|
|
|
|
|
(uri "/cookbook")
|
|
|
|
|
(body (list "alias /srv/guix-cookbook;")))
|
2019-07-18 00:35:12 +02:00
|
|
|
|
|
|
|
|
|
;; We want a regexp to match *.pdf at the top level, but we also want
|
|
|
|
|
;; /manual/*.pdf to go to a difference place; the latter needs to take
|
|
|
|
|
;; precedence over the former, hence these location blocks.
|
|
|
|
|
(nginx-location-configuration
|
|
|
|
|
(uri "~ /manual/devel/(.*\\.pdf)$")
|
|
|
|
|
(body (list "alias /srv/guix-manual-devel/$1;")))
|
2019-07-16 09:55:57 +02:00
|
|
|
|
(nginx-location-configuration
|
2019-07-18 00:35:12 +02:00
|
|
|
|
(uri "~ /manual/(.*\\.pdf)$")
|
|
|
|
|
(body (list "alias /srv/guix-manual/$1;")))
|
2019-10-21 23:31:30 +02:00
|
|
|
|
(nginx-location-configuration
|
|
|
|
|
(uri "~ /cookbook/(.*\\.pdf)$")
|
|
|
|
|
(body (list "alias /srv/guix-cookbook/$1;")))
|
2019-07-18 00:35:12 +02:00
|
|
|
|
(nginx-location-configuration
|
|
|
|
|
(uri "~ \\.pdf$") ;*.pdf at the top level
|
2019-07-16 09:55:57 +02:00
|
|
|
|
(body (list "root /srv/guix-pdfs;")))
|
2019-07-18 00:35:12 +02:00
|
|
|
|
|
2019-10-21 14:57:01 +02:00
|
|
|
|
;; Testing the i18n'd web site.
|
|
|
|
|
(nginx-location-configuration
|
|
|
|
|
(uri "/.i18n")
|
|
|
|
|
(body (list "alias /srv/guix.gnu.org-i18n;")))
|
|
|
|
|
|
2019-12-23 22:38:02 +01:00
|
|
|
|
(git-http-nginx-location-configuration
|
|
|
|
|
(git-http-configuration))
|
|
|
|
|
|
2019-10-21 14:57:01 +02:00
|
|
|
|
;; For Hurd bootstrap binaries.
|
|
|
|
|
(nginx-location-configuration
|
|
|
|
|
(uri "/guix")
|
|
|
|
|
(body (list "root /var/www;")))
|
|
|
|
|
|
2019-07-16 09:55:57 +02:00
|
|
|
|
(nginx-location-configuration ;certbot
|
|
|
|
|
(uri "/.well-known")
|
|
|
|
|
(body (list "root /var/www;")))))
|
2018-12-28 22:49:19 +01:00
|
|
|
|
|
2019-07-17 22:30:32 +02:00
|
|
|
|
(define guix.info-locations
|
|
|
|
|
(list (nginx-location-configuration ;certbot
|
|
|
|
|
(uri "~ ^/\\.well-known")
|
|
|
|
|
(body (list "root /var/www;")))
|
|
|
|
|
(nginx-location-configuration
|
|
|
|
|
(uri "~ /(.*)")
|
|
|
|
|
(body (list "return 301 $scheme://guix.gnu.org/$1;")))))
|
|
|
|
|
|
2019-06-03 21:25:07 +02:00
|
|
|
|
(define %publish-url "http://localhost:3000")
|
|
|
|
|
|
2018-12-28 22:49:19 +01:00
|
|
|
|
(define %berlin-servers
|
|
|
|
|
(list
|
|
|
|
|
;; Plain HTTP
|
|
|
|
|
(nginx-server-configuration
|
|
|
|
|
(listen '("80"))
|
|
|
|
|
(server-name '("berlin.guixsd.org"
|
2019-05-01 17:53:15 +02:00
|
|
|
|
"ci.guix.info"
|
|
|
|
|
"ci.guix.gnu.org"))
|
2019-06-03 21:25:07 +02:00
|
|
|
|
(locations (berlin-locations %publish-url))
|
2018-12-28 22:49:19 +01:00
|
|
|
|
(raw-content
|
|
|
|
|
(list
|
|
|
|
|
"access_log /var/log/nginx/http.access.log;"
|
|
|
|
|
"proxy_set_header X-Forwarded-Host $host;"
|
|
|
|
|
"proxy_set_header X-Forwarded-Port $server_port;"
|
|
|
|
|
"proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;")))
|
|
|
|
|
|
|
|
|
|
(nginx-server-configuration
|
|
|
|
|
(listen '("80"))
|
|
|
|
|
(server-name '("bootstrappable.org"
|
|
|
|
|
"www.bootstrappable.org"))
|
|
|
|
|
(root "/home/rekado/bootstrappable.org")
|
|
|
|
|
(raw-content
|
|
|
|
|
(list
|
|
|
|
|
"access_log /var/log/nginx/bootstrappable.access.log;")))
|
|
|
|
|
|
|
|
|
|
(nginx-server-configuration
|
|
|
|
|
(listen '("80"))
|
2019-07-17 22:30:32 +02:00
|
|
|
|
(server-name '("guix.gnu.org"))
|
2019-07-11 22:45:18 +02:00
|
|
|
|
(root "/srv/guix.gnu.org")
|
2019-07-16 09:55:57 +02:00
|
|
|
|
(locations guix.gnu.org-locations)
|
2018-12-28 22:49:19 +01:00
|
|
|
|
(raw-content
|
|
|
|
|
(list
|
|
|
|
|
"access_log /var/log/nginx/guix-info.access.log;")))
|
|
|
|
|
|
2019-07-17 22:30:32 +02:00
|
|
|
|
(nginx-server-configuration
|
|
|
|
|
(listen '("80"))
|
|
|
|
|
(server-name '("guix.info"
|
|
|
|
|
"www.guix.info"))
|
|
|
|
|
(locations guix.info-locations)
|
|
|
|
|
(raw-content
|
|
|
|
|
(append
|
|
|
|
|
%tls-settings
|
|
|
|
|
(list
|
|
|
|
|
"access_log /var/log/nginx/guix-info.https.access.log;"))))
|
|
|
|
|
|
2018-12-28 22:49:19 +01:00
|
|
|
|
(nginx-server-configuration
|
|
|
|
|
(listen '("80"))
|
2019-05-01 17:53:15 +02:00
|
|
|
|
(server-name '("issues.guix.info"
|
|
|
|
|
"issues.guix.gnu.org"))
|
2018-12-28 22:49:19 +01:00
|
|
|
|
(root "/home/rekado/mumi/")
|
|
|
|
|
(locations
|
2019-07-25 11:59:12 +02:00
|
|
|
|
(list (nginx-location-configuration ;certbot
|
|
|
|
|
(uri "/.well-known")
|
|
|
|
|
(body (list "root /var/www;")))
|
|
|
|
|
(nginx-location-configuration
|
2018-12-28 22:49:19 +01:00
|
|
|
|
(uri "/")
|
|
|
|
|
(body '("proxy_pass http://localhost:1234;")))))
|
|
|
|
|
(raw-content
|
|
|
|
|
(list
|
|
|
|
|
"access_log /var/log/nginx/issues-guix-info.access.log;")))
|
2019-05-14 20:18:46 +02:00
|
|
|
|
|
|
|
|
|
(nginx-server-configuration
|
|
|
|
|
(listen '("80"))
|
|
|
|
|
(server-name '("workflows.guix.info"
|
2019-05-15 09:17:20 +02:00
|
|
|
|
"workflow.guix.info"
|
2019-05-14 20:18:46 +02:00
|
|
|
|
"guixwl.org"
|
|
|
|
|
"www.guixwl.org"))
|
|
|
|
|
(root "/home/rekado/gwl/")
|
|
|
|
|
(locations
|
2019-07-25 11:59:12 +02:00
|
|
|
|
(list (nginx-location-configuration ;certbot
|
|
|
|
|
(uri "/.well-known")
|
|
|
|
|
(body (list "root /var/www;")))
|
2019-09-02 15:10:26 +02:00
|
|
|
|
|
|
|
|
|
;; Pass requests to 'guix workflow --web-interface'.
|
2019-07-25 11:59:12 +02:00
|
|
|
|
(nginx-location-configuration
|
2019-05-14 20:18:46 +02:00
|
|
|
|
(uri "/")
|
|
|
|
|
(body '("proxy_pass http://localhost:5000;")))))
|
|
|
|
|
(raw-content
|
|
|
|
|
(list
|
|
|
|
|
"access_log /var/log/nginx/workflows-guix-info.access.log;")))
|
2018-12-28 22:49:19 +01:00
|
|
|
|
|
|
|
|
|
;; HTTPS servers
|
|
|
|
|
(nginx-server-configuration
|
|
|
|
|
(listen '("443 ssl"))
|
|
|
|
|
(server-name '("berlin.guixsd.org"
|
2019-05-01 17:53:15 +02:00
|
|
|
|
"ci.guix.info"
|
|
|
|
|
"ci.guix.gnu.org"))
|
2018-12-28 22:49:19 +01:00
|
|
|
|
(ssl-certificate (le "berlin.guixsd.org"))
|
|
|
|
|
(ssl-certificate-key (le "berlin.guixsd.org" 'key))
|
2019-06-03 21:25:07 +02:00
|
|
|
|
(locations (berlin-locations %publish-url))
|
2018-12-28 22:49:19 +01:00
|
|
|
|
(raw-content
|
|
|
|
|
(append
|
|
|
|
|
%tls-settings
|
|
|
|
|
(list
|
|
|
|
|
"access_log /var/log/nginx/https.access.log;"
|
|
|
|
|
"proxy_set_header X-Forwarded-Host $host;"
|
|
|
|
|
"proxy_set_header X-Forwarded-Port $server_port;"
|
2019-10-30 13:11:28 +01:00
|
|
|
|
"proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;"
|
|
|
|
|
;; For Cuirass admin interface authentication
|
|
|
|
|
"ssl_client_certificate /etc/ssl-ca/certs/ca.crt;"
|
|
|
|
|
"ssl_crl /etc/ssl-ca/private/ca.crl;"
|
|
|
|
|
"ssl_verify_client optional;"))))
|
2018-12-28 22:49:19 +01:00
|
|
|
|
|
2019-06-04 10:05:55 +02:00
|
|
|
|
(nginx-server-configuration
|
|
|
|
|
(listen '("443 ssl"))
|
|
|
|
|
(server-name '("qualif.ci.guix.gnu.org"))
|
|
|
|
|
(locations (berlin-locations "http://localhost:3003"))
|
|
|
|
|
(raw-content
|
|
|
|
|
(append %tls-settings
|
|
|
|
|
'("access_log /var/log/nginx/qualif.access.log;"))))
|
|
|
|
|
|
2018-12-28 22:49:19 +01:00
|
|
|
|
(nginx-server-configuration
|
|
|
|
|
(listen '("443 ssl"))
|
|
|
|
|
(server-name '("bootstrappable.org"
|
|
|
|
|
"www.bootstrappable.org"))
|
|
|
|
|
(ssl-certificate (le "bootstrappable.org"))
|
|
|
|
|
(ssl-certificate-key (le "bootstrappable.org" 'key))
|
|
|
|
|
(root "/home/rekado/bootstrappable.org")
|
|
|
|
|
(raw-content
|
|
|
|
|
(append
|
|
|
|
|
%tls-settings
|
|
|
|
|
(list
|
|
|
|
|
"access_log /var/log/nginx/bootstrappable.https.access.log;"))))
|
|
|
|
|
|
|
|
|
|
(nginx-server-configuration
|
|
|
|
|
(listen '("443 ssl"))
|
|
|
|
|
(server-name '("guix.info"
|
2019-05-15 14:14:35 +02:00
|
|
|
|
"www.guix.info"))
|
2018-12-28 22:49:19 +01:00
|
|
|
|
(ssl-certificate (le "guix.info"))
|
|
|
|
|
(ssl-certificate-key (le "guix.info" 'key))
|
2019-07-17 22:30:32 +02:00
|
|
|
|
(locations guix.info-locations)
|
2018-12-28 22:49:19 +01:00
|
|
|
|
(raw-content
|
|
|
|
|
(append
|
|
|
|
|
%tls-settings
|
|
|
|
|
(list
|
|
|
|
|
"access_log /var/log/nginx/guix-info.https.access.log;"))))
|
|
|
|
|
|
|
|
|
|
(nginx-server-configuration
|
2019-05-15 14:14:35 +02:00
|
|
|
|
(listen '("443 ssl"))
|
|
|
|
|
(server-name '("guix.gnu.org"))
|
|
|
|
|
(ssl-certificate (le "guix.gnu.org"))
|
|
|
|
|
(ssl-certificate-key (le "guix.gnu.org" 'key))
|
2019-07-11 22:45:18 +02:00
|
|
|
|
(root "/srv/guix.gnu.org")
|
2019-07-16 09:55:57 +02:00
|
|
|
|
(locations guix.gnu.org-locations)
|
2019-05-15 14:14:35 +02:00
|
|
|
|
(raw-content
|
|
|
|
|
(append
|
|
|
|
|
%tls-settings
|
|
|
|
|
(list
|
|
|
|
|
"access_log /var/log/nginx/guix-gnu-org.https.access.log;"))))
|
|
|
|
|
|
|
|
|
|
(nginx-server-configuration
|
2018-12-28 22:49:19 +01:00
|
|
|
|
(listen '("443 ssl"))
|
2019-05-15 14:12:41 +02:00
|
|
|
|
(server-name '("issues.guix.info"))
|
2018-12-28 22:49:19 +01:00
|
|
|
|
(ssl-certificate (le "issues.guix.info"))
|
|
|
|
|
(ssl-certificate-key (le "issues.guix.info" 'key))
|
|
|
|
|
(root "/home/rekado/mumi/")
|
|
|
|
|
(locations
|
|
|
|
|
(list (nginx-location-configuration
|
|
|
|
|
(uri "/")
|
|
|
|
|
(body '("proxy_pass http://localhost:1234;")))))
|
|
|
|
|
(raw-content
|
|
|
|
|
(append
|
|
|
|
|
%tls-settings
|
|
|
|
|
(list
|
|
|
|
|
"proxy_set_header X-Forwarded-Host $host;"
|
|
|
|
|
"proxy_set_header X-Forwarded-Port $server_port;"
|
|
|
|
|
"proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;"
|
|
|
|
|
"proxy_connect_timeout 600;"
|
|
|
|
|
"proxy_send_timeout 600;"
|
|
|
|
|
"proxy_read_timeout 600;"
|
|
|
|
|
"send_timeout 600;"
|
2019-05-14 20:18:46 +02:00
|
|
|
|
"access_log /var/log/nginx/issues-guix-info.https.access.log;"))))
|
|
|
|
|
|
2019-05-15 14:12:41 +02:00
|
|
|
|
(nginx-server-configuration
|
|
|
|
|
(listen '("443 ssl"))
|
|
|
|
|
(server-name '("issues.guix.gnu.org"))
|
|
|
|
|
(ssl-certificate (le "issues.guix.gnu.org"))
|
|
|
|
|
(ssl-certificate-key (le "issues.guix.gnu.org" 'key))
|
|
|
|
|
(root "/home/rekado/mumi/")
|
|
|
|
|
(locations
|
|
|
|
|
(list (nginx-location-configuration
|
|
|
|
|
(uri "/")
|
|
|
|
|
(body '("proxy_pass http://localhost:1234;")))))
|
|
|
|
|
(raw-content
|
|
|
|
|
(append
|
|
|
|
|
%tls-settings
|
|
|
|
|
(list
|
|
|
|
|
"proxy_set_header X-Forwarded-Host $host;"
|
|
|
|
|
"proxy_set_header X-Forwarded-Port $server_port;"
|
|
|
|
|
"proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;"
|
|
|
|
|
"proxy_connect_timeout 600;"
|
|
|
|
|
"proxy_send_timeout 600;"
|
|
|
|
|
"proxy_read_timeout 600;"
|
|
|
|
|
"send_timeout 600;"
|
|
|
|
|
"access_log /var/log/nginx/issues-guix-gnu-org.https.access.log;"))))
|
|
|
|
|
|
2019-05-14 20:18:46 +02:00
|
|
|
|
(nginx-server-configuration
|
|
|
|
|
(listen '("443 ssl"))
|
|
|
|
|
(server-name '("workflows.guix.info"
|
2019-05-15 09:17:20 +02:00
|
|
|
|
"workflow.guix.info"
|
2019-05-14 20:18:46 +02:00
|
|
|
|
"guixwl.org"
|
|
|
|
|
"www.guixwl.org"))
|
2019-07-25 13:30:15 +02:00
|
|
|
|
(ssl-certificate (le "www.guixwl.org"))
|
|
|
|
|
(ssl-certificate-key (le "www.guixwl.org" 'key))
|
2019-05-14 20:18:46 +02:00
|
|
|
|
(root "/home/rekado/gwl/")
|
|
|
|
|
(locations
|
|
|
|
|
(list (nginx-location-configuration
|
|
|
|
|
(uri "/")
|
|
|
|
|
(body '("proxy_pass http://localhost:5000;")))))
|
|
|
|
|
(raw-content
|
|
|
|
|
(append
|
|
|
|
|
%tls-settings
|
|
|
|
|
(list
|
|
|
|
|
"proxy_set_header X-Forwarded-Host $host;"
|
|
|
|
|
"proxy_set_header X-Forwarded-Port $server_port;"
|
|
|
|
|
"proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;"
|
|
|
|
|
"proxy_connect_timeout 600;"
|
|
|
|
|
"proxy_send_timeout 600;"
|
|
|
|
|
"proxy_read_timeout 600;"
|
|
|
|
|
"send_timeout 600;"
|
|
|
|
|
"access_log /var/log/nginx/workflows-guix-info.https.access.log;"))))))
|
2018-12-28 22:49:19 +01:00
|
|
|
|
|
|
|
|
|
(define %extra-content
|
|
|
|
|
(list
|
2019-11-27 22:23:28 +01:00
|
|
|
|
;; FIXME: <nginx-configuration> doesn't currently provide a way to pass
|
|
|
|
|
;; top-level directives like those below.
|
|
|
|
|
|
2019-11-27 22:03:59 +01:00
|
|
|
|
;; This is a 72-core machine, but let's not use all of them for nginx.
|
2019-11-27 22:23:28 +01:00
|
|
|
|
;; "worker_processes 16;"
|
2019-11-27 22:03:59 +01:00
|
|
|
|
|
2019-11-27 22:08:49 +01:00
|
|
|
|
;; "pcre_jit on;"
|
2019-11-27 22:03:59 +01:00
|
|
|
|
;; "events { worker_connections 1024; }"
|
|
|
|
|
|
2018-12-28 22:49:19 +01:00
|
|
|
|
"default_type application/octet-stream;"
|
|
|
|
|
"sendfile on;"
|
|
|
|
|
|
|
|
|
|
;; Maximum chunk size to send. Partly this is a workaround for
|
|
|
|
|
;; <http://bugs.gnu.org/19939>, but also the nginx docs mention that
|
|
|
|
|
;; "Without the limit, one fast connection may seize the worker
|
|
|
|
|
;; process entirely."
|
|
|
|
|
;; <http://nginx.org/en/docs/http/ngx_http_core_module#sendfile_max_chunk>
|
|
|
|
|
"sendfile_max_chunk 1m;"
|
|
|
|
|
|
|
|
|
|
"keepalive_timeout 65;"
|
|
|
|
|
|
|
|
|
|
;; Use HTTP 1.1 to talk to the backend so we benefit from keep-alive
|
|
|
|
|
;; connections and chunked transfer encoding. The latter allows us to
|
|
|
|
|
;; make sure we do not cache partial downloads.
|
|
|
|
|
"proxy_http_version 1.1;"
|
|
|
|
|
|
|
|
|
|
;; The 'inactive' parameter for caching is not very useful in our
|
|
|
|
|
;; case: all that matters is that LRU sweeping happens when 'max_size'
|
|
|
|
|
;; is hit.
|
|
|
|
|
|
|
|
|
|
;; cache for nar files
|
|
|
|
|
"proxy_cache_path /var/cache/nginx/nar"
|
|
|
|
|
" levels=2"
|
|
|
|
|
" inactive=8d" ; inactive keys removed after 8d
|
|
|
|
|
" keys_zone=nar:4m" ; nar cache meta data: ~32K keys
|
|
|
|
|
" max_size=10g;" ; total cache data size max
|
|
|
|
|
|
|
|
|
|
;; cache for content-addressed files
|
|
|
|
|
"proxy_cache_path /var/cache/nginx/cas"
|
|
|
|
|
" levels=2"
|
|
|
|
|
" inactive=180d" ; inactive keys removed after 180d
|
|
|
|
|
" keys_zone=cas:8m" ; nar cache meta data: ~64K keys
|
|
|
|
|
" max_size=50g;" ; total cache data size max
|
|
|
|
|
|
|
|
|
|
;; cache for build logs
|
|
|
|
|
"proxy_cache_path /var/cache/nginx/logs"
|
|
|
|
|
" levels=2"
|
|
|
|
|
" inactive=60d" ; inactive keys removed after 60d
|
|
|
|
|
" keys_zone=logs:8m" ; narinfo meta data: ~64K keys
|
|
|
|
|
" max_size=4g;" ; total cache data size max
|
|
|
|
|
|
|
|
|
|
;; cache for static data
|
|
|
|
|
"proxy_cache_path /var/cache/nginx/static"
|
|
|
|
|
" levels=1"
|
|
|
|
|
" inactive=10d" ; inactive keys removed after 10d
|
|
|
|
|
" keys_zone=static:1m" ; nar cache meta data: ~8K keys
|
|
|
|
|
" max_size=200m;" ; total cache data size max
|
|
|
|
|
|
|
|
|
|
;; If Hydra cannot honor these delays, then something is wrong and
|
|
|
|
|
;; we'd better drop the connection and return 504.
|
|
|
|
|
"proxy_connect_timeout 7s;"
|
|
|
|
|
"proxy_read_timeout 10s;"
|
|
|
|
|
"proxy_send_timeout 10s;"
|
|
|
|
|
|
|
|
|
|
;; Cache timeouts for a little while to avoid increasing pressure.
|
|
|
|
|
"proxy_cache_valid 504 30s;"))
|
|
|
|
|
|
2019-11-27 22:23:28 +01:00
|
|
|
|
(define %nginx-configuration/intermediate
|
2018-12-28 22:49:19 +01:00
|
|
|
|
(nginx-configuration
|
|
|
|
|
(server-blocks %berlin-servers)
|
|
|
|
|
(extra-content
|
|
|
|
|
(string-join %extra-content "\n"))))
|
2019-11-27 22:23:28 +01:00
|
|
|
|
|
|
|
|
|
(define %nginx-config-file
|
|
|
|
|
;; XXX: This hack allows us to add a "worker_processes" directive at the
|
|
|
|
|
;; top level.
|
|
|
|
|
(let ((generated ((@@ (gnu services web) default-nginx-config)
|
|
|
|
|
%nginx-configuration/intermediate)))
|
|
|
|
|
(computed-file "nginx.conf"
|
|
|
|
|
(with-imported-modules '((guix build utils))
|
|
|
|
|
#~(begin
|
|
|
|
|
(use-modules (guix build utils))
|
|
|
|
|
|
|
|
|
|
(call-with-output-file #$output
|
|
|
|
|
(lambda (port)
|
|
|
|
|
(display "worker_processes 16;\n"
|
|
|
|
|
port)
|
|
|
|
|
(call-with-input-file #$generated
|
|
|
|
|
(lambda (input)
|
|
|
|
|
(dump-port input port))))))))))
|
|
|
|
|
|
|
|
|
|
(define %nginx-configuration
|
|
|
|
|
(nginx-configuration
|
|
|
|
|
(file %nginx-config-file)))
|