improved nginx advanced and snippets config, less duplication for @backend and / (app) locations and added loki

configs/nginx/nginx_advanced.example

@@ -2,6 +2,21 @@ upstream chan {
 	server 127.0.0.1:7000;
 }
 
+server {
+
+	server_name www.xxxxxxxx.loki xxxxxxxx.loki;
+
+	client_max_body_size 0;
+	#address may vary if this address is already used by something other than lokinet
+	listen 172.16.0.1:80;
+
+	include /etc/nginx/snippets/security_headers.conf;
+	include /etc/nginx/snippets/error_pages.conf;
+	include /etc/nginx/snippets/jschan_loki_routes.conf;
+	include /etc/nginx/snippets/jschan_common_routes.conf;
+
+}
+
 server {
 
 	server_name www.xxxxxxxx.onion xxxxxxxx.onion;
@@ -13,7 +28,8 @@ server {
 
 	include /etc/nginx/snippets/security_headers.conf;
 	include /etc/nginx/snippets/error_pages.conf;
-	include /etc/nginx/snippets/jschan_routes_tor.conf;
+	include /etc/nginx/snippets/jschan_tor_routes.conf;
+	include /etc/nginx/snippets/jschan_common_routes.conf;
 
 }
 
@@ -27,7 +43,8 @@ server {
 
 	include /etc/nginx/snippets/security_headers.conf;
 	include /etc/nginx/snippets/error_pages.conf;
-	include /etc/nginx/snippets/jschan_routes.conf;
+	include /etc/nginx/snippets/jschan_common_routes.conf;
+	include /etc/nginx/snippets/jschan_clearnet_routes.conf;
 
 	listen [::]:443 ssl ipv6only=on; # managed by Certbot
 	listen 443 ssl; # managed by Certbot
@@ -52,5 +69,4 @@ server {
 	listen 80;
 	listen [::]:80;
 	return 444; # managed by Certbot
-
 }

configs/nginx/snippets/jschan_clearnet_routes.conf

@@ -0,0 +1,27 @@
+location / {
+	proxy_buffering off;
+	proxy_pass http://chan$request_uri;
+	proxy_http_version 1.1;
+
+	proxy_set_header Host $host;
+	proxy_set_header Upgrade $http_upgrade;
+	proxy_set_header Connection 'upgrade';
+	proxy_cache_bypass $http_upgrade;
+
+	proxy_set_header X-Forwarded-Proto https;
+	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+	proxy_set_header X-Real-IP $remote_addr;
+	proxy_set_header X-Country-Code $geoip_country_code;
+}
+
+location @backend {
+	proxy_buffering off;
+	proxy_pass http://chan$request_uri;
+	proxy_http_version 1.1;
+	proxy_set_header X-Forwarded-Proto https;
+	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+	proxy_set_header X-Real-IP $remote_addr;
+	proxy_set_header X-Country-Code $geoip_country_code;
+	proxy_set_header Connection '';
+	proxy_set_header Host $host;
+}

configs/nginx/snippets/jschan_common_routes.conf

@@ -31,45 +31,17 @@ location = /favicon.ico {
 }
 
 location = / {
-	return 302 http://$host/index.html;
+	return 302 $scheme://$host/index.html;
 }
 
 location /captcha {
 	root /path/to/jschan/static/captcha;
 	if ($cookie_captchaid) {
-		return 302 http://$host/captcha/$cookie_captchaid.jpg;
+		return 302 $scheme://$host/captcha/$cookie_captchaid.jpg;
 	}
 	try_files /$cookie_captchaid.jpg @backend;
 }
 
-location / {
-	proxy_buffering off;
-	proxy_pass http://chan$request_uri;
-	proxy_http_version 1.1;
-
-	proxy_set_header Host $host;
-	proxy_set_header Upgrade $http_upgrade;
-	proxy_set_header Connection 'upgrade';
-	proxy_cache_bypass $http_upgrade;
-
-	proxy_set_header X-Forwarded-Proto http;
-	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-	proxy_set_header X-Real-IP $remote_addr;
-	proxy_set_header X-Country-Code 'TOR';
-}
-
-location @backend {
-	proxy_buffering off;
-	proxy_pass http://chan$request_uri;
-	proxy_http_version 1.1;
-	proxy_set_header X-Forwarded-Proto http;
-	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-	proxy_set_header X-Real-IP $remote_addr;
-	proxy_set_header X-Country-Code 'TOR';
-	proxy_set_header Connection '';
-	proxy_set_header Host $host;
-}
-
 # HTML
 location ~* \.html$ {
 	expires 0;

configs/nginx/snippets/jschan_loki_routes.conf

@@ -0,0 +1,27 @@
+location / {
+	proxy_buffering off;
+	proxy_pass http://chan$request_uri;
+	proxy_http_version 1.1;
+
+	proxy_set_header Host $host;
+	proxy_set_header Upgrade $http_upgrade;
+	proxy_set_header Connection 'upgrade';
+	proxy_cache_bypass $http_upgrade;
+
+	proxy_set_header X-Forwarded-Proto http;
+	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+	proxy_set_header X-Real-IP $remote_addr;
+	proxy_set_header X-Country-Code 'LOKI';
+}
+
+location @backend {
+	proxy_buffering off;
+	proxy_pass http://chan$request_uri;
+	proxy_http_version 1.1;
+	proxy_set_header X-Forwarded-Proto http;
+	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+	proxy_set_header X-Real-IP $remote_addr;
+	proxy_set_header X-Country-Code 'LOKI';
+	proxy_set_header Connection '';
+	proxy_set_header Host $host;
+}

configs/nginx/snippets/jschan_routes.conf

@@ -1,122 +0,0 @@
-if ($request_uri ~ ^/(?!captcha|randombanner|forms|logout|socket\.io)) {
-	rewrite ^([^.\?]*[^/])$ $1/ redirect;
-	rewrite ^(.+)/$ $1/index.html redirect;
-}
-
-location = /robots.txt {
-	access_log off;
-	add_header Content-Type text/plain;
-	return 200 "User-agent: *\nDisallow:\n";
-}
-
-location = /site.webmanifest {
-	access_log off;
-	expires max;
-	root /path/to/jschan/static/file;
-	try_files $uri =404;
-}
-
-location = /browserconfig.xml {
-	access_log off;
-	expires max;
-	root /path/to/jschan/static/file;
-	try_files $uri =404;
-}
-
-location = /favicon.ico {
-	access_log off;
-	expires max;
-	root /path/to/jschan/static/file;
-	try_files $uri =404;
-}
-
-location = / {
-	return 302 https://$host/index.html;
-}
-
-location /captcha {
-	root /path/to/jschan/static/captcha;
-	if ($cookie_captchaid) {
-		return 302 https://$host/captcha/$cookie_captchaid.jpg;
-	}
-	try_files /$cookie_captchaid.jpg @backend;
-}
-
-location / {
-	proxy_buffering off;
-	proxy_pass http://chan$request_uri;
-	proxy_http_version 1.1;
-
-	proxy_set_header Host $host;
-	proxy_set_header Upgrade $http_upgrade;
-	proxy_set_header Connection 'upgrade';
-	proxy_cache_bypass $http_upgrade;
-
-	proxy_set_header X-Forwarded-Proto https;
-	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-	proxy_set_header X-Real-IP $remote_addr;
-	proxy_set_header X-Country-Code $geoip_country_code;
-}
-
-location @backend {
-	proxy_buffering off;
-	proxy_pass http://chan$request_uri;
-	proxy_http_version 1.1;
-	proxy_set_header X-Forwarded-Proto https;
-	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-	proxy_set_header X-Real-IP $remote_addr;
-	proxy_set_header X-Country-Code $geoip_country_code;
-	proxy_set_header Connection '';
-	proxy_set_header Host $host;
-}
-
-# HTML
-location ~* \.html$ {
-	expires 0;
-	default_type text/html; #needed for cache control private in backend
-	root /path/to/jschan/static/html;
-	try_files $uri @backend;
-}
-
-# JSON
-location ~* \.json$ {
-	expires 0;
-	root /path/to/jschan/static/json;
-	try_files $uri @backend;
-	#json doesnt hit backend if it doesnt exist yet.
-}
-
-# CSS
-location ~* \.css$ {
-	access_log off;
-	expires 1w;
-	root /path/to/jschan/static;
-	try_files $uri =404;
-}
-
-# Scripts
-location ~* \.js$ {
-	expires 1w;
-	access_log off;
-	root /path/to/jschan/static;
-	try_files $uri =404;
-}
-
-# Files (image, video, audio, other)
-location ~* \.(png|jpg|jpeg|webmanifest|apng|bmp|webp|pjpeg|jfif|gif|mp4|webm|mov|mkv|svg|flac|mp3|ogg|wav|opus)$ {
-	access_log off;
-	expires max;
-	root /path/to/jschan/static;
-	try_files $uri =404;
-}
-
-# inline in browser so even HTML filetypes can be offered and will present a "save" dialog box
-location ~* \.(txt|bin)$ {
-	access_log off;
-	expires max;
-	add_header Cache-Control "public";
-	add_header X-Content-Type-Options "nosniff" always;
-	add_header Content-Disposition "attachment";
-	root /path/to/jschan/static;
-	try_files $uri =404;
-}

configs/nginx/snippets/jschan_tor_routes.conf

@@ -0,0 +1,27 @@
+location / {
+	proxy_buffering off;
+	proxy_pass http://chan$request_uri;
+	proxy_http_version 1.1;
+
+	proxy_set_header Host $host;
+	proxy_set_header Upgrade $http_upgrade;
+	proxy_set_header Connection 'upgrade';
+	proxy_cache_bypass $http_upgrade;
+
+	proxy_set_header X-Forwarded-Proto http;
+	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+	proxy_set_header X-Real-IP $remote_addr;
+	proxy_set_header X-Country-Code 'TOR';
+}
+
+location @backend {
+	proxy_buffering off;
+	proxy_pass http://chan$request_uri;
+	proxy_http_version 1.1;
+	proxy_set_header X-Forwarded-Proto http;
+	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+	proxy_set_header X-Real-IP $remote_addr;
+	proxy_set_header X-Country-Code 'TOR';
+	proxy_set_header Connection '';
+	proxy_set_header Host $host;
+}