worker_processes ${{NUM_WORKERS}};

error_log ${{NOTICE_LOG}} notice;

daemon ${{DAEMON}};

pcre_jit on;

events {

worker_connections 1024;

http {

more_set_headers 'Server: lapis';

lua_shared_dict pagecache_versions 10m;

proxy_cache_path ../luarocks-pagecache levels=1:2 keys_zone=pagecache:100m max_size=1g inactive=2h use_temp_path=off;

proxy_cache_path ../luarocks-rockcache levels=1:2 keys_zone=rockcache:100m max_size=4g inactive=10d use_temp_path=off;

add_header X-Content-Type-Options nosniff;

add_header X-XSS-Protection "1; mode=block";

add_header X-Frame-Options deny;

log_format combined_forwarded '[$request_time] $remote_addr - $remote_user [$time_local] ' '"$request" $status $body_bytes_sent ' '"$http_referer" "$http_user_agent" cache:$upstream_cache_status';

resolver 8.8.8.8 ipv6=off;

init_by_lua_block {

require "lpeg"

require "socket"

require "ltn12"

require "mime"

require "struct"

require "ext.luarocks.persist"

}

server {

client_max_body_size 15m;

listen 127.0.0.1:${{PORT}};

lua_code_cache ${{CODE_CACHE}};

access_log logs/access.log ${{LOG_FORMAT}};

set_real_ip_from 127.0.0.1;

real_ip_header X-Forwarded-For;

include nginx/http_proxy.conf;

location / {

if ($host = rocks.moonscript.org) {

rewrite ^/(?!api) $scheme://luarocks.org$request_uri permanent;

}

default_type text/html;

set $_url "";

content_by_lua "require('lapis').serve('app')";

}

location /rock-cache/ {

allow 127.0.0.1;

deny all;

proxy_pass http://127.0.0.1:${{PORT}};

proxy_set_header Host luarocks.local;

}

location @proxy_root_for_cache {

proxy_pass http://127.0.0.1:${{PORT}};

set_by_lua $cache_version '

return assert(require("helpers.pagecache").version_for_path(ngx.var.uri))

';

set $cache_key "${{_NAME}}:$request_method:$uri:$cache_version";

proxy_cache pagecache;

proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;

proxy_cache_lock on;

add_header X-Cache-Status $upstream_cache_status;

proxy_cache_valid 200 2h;

proxy_cache_key $cache_key;

add_header X-Cache-Key $cache_key;

proxy_no_cache "${{DISABLE_MANIFEST_CACHE}}";

proxy_cache_bypass "${{DISABLE_MANIFEST_CACHE}}";

proxy_hide_header X-Content-Type-Options;

proxy_hide_header X-XSS-Protection;

proxy_hide_header X-Frame-Options;

proxy_hide_header Set-Cookie;

proxy_ignore_headers Set-Cookie;

proxy_set_header Host luarocks.local;

proxy_set_header X-Original-Host $http_host;

proxy_set_header Cookie "";

proxy_set_header X-Original-Scheme $scheme;

proxy_set_header X-Forwarded-For $remote_addr;

proxy_set_header X-Lapis-Proxy yes;

proxy_http_version 1.1;

gzip on;

gzip_proxied any;

gzip_comp_level 5;

gzip_types text/html application/json text/x-lua;

ssi on;

}

location ~ ^/manifest([-.].+)?$ {

echo_exec @proxy_root_for_cache;

}

location ~ /manifests/(?<username>[^/]*)/(?<filename>[^/]*?\.(?:rock|rockspec))$ {

include nginx/serve_file.conf;

}

location ~ ^/m/(?<manifest_name>[^/]+)/(?<filename>[^/]*?\.(?:rock|rockspec))$ {

include nginx/serve_file.conf;

}

location ~ ^/(?:dev/)?(?<filename>[^/]*?\.(?:rock|rockspec))$ {

include nginx/serve_file.conf;

}

location /static/ {

include mime.types;

access_log off;

gzip on;

gzip_types application/x-javascript text/css image/svg+xml;

alias static/;

}

location /favicon.ico {

include mime.types;

alias static/favicon.ico;

}

location ~ ^/en\b(?<wikipath>.*) {

rewrite_by_lua "

}

location /repositories/ {

rewrite ^/repositories/rocks-scm$ https://luarocks.org//m/root/development-only permanent;

rewrite ^/repositories/rocks-scm(.+)$ https://luarocks.org/dev$1 permanent;

rewrite ^/repositories/rocks$ https://luarocks.org/m/root permanent;

rewrite ^/repositories/rocks(.+)$ https://luarocks.org$1 permanent;

}

location /releases {

rewrite ^/releases(.*$) https://luarocks.github.io/luarocks/releases$1 redirect;

}

location /doc/history.pdf {

rewrite . https://hisham.hm/papers/muhammad_2013_history.pdf redirect;

}

}

server {

server_name luarocks.local;

listen 127.0.0.1:${{PORT}};

lua_code_cache ${{CODE_CACHE}};

access_log off; # outer server will log for us

allow 127.0.0.1;

deny all;

include nginx/http_proxy.conf;

location ~ ^/rock-cache/(?<bucket_key>.*) {

set_by_lua $rock_url '

return assert(require("storage_bucket"):file_url(ngx.var.bucket_key))

';

set $cache_key "${{_NAME}}:$request_method:$bucket_key";

proxy_cache rockcache;

proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;

proxy_cache_lock on;

add_header X-Cache-Status $upstream_cache_status;

proxy_cache_valid 200 10d;

proxy_cache_key $cache_key;

add_header X-Cache-Key $cache_key;

proxy_buffering on;

proxy_buffer_size 128k;

proxy_buffers 4 256k;

proxy_busy_buffers_size 256k;

proxy_http_version 1.1;

proxy_read_timeout 20s;

proxy_send_timeout 20s;

proxy_connect_timeout 10s;

proxy_pass $rock_url;

}

location / {

default_type text/html;

set $_url "";

content_by_lua "require('lapis').serve('app')";

}

}

server {

listen 127.0.0.1:${{PORT}};

server_name ~^www\.(?<domain>.*)$;

location / {

rewrite ^ $scheme://$domain$request_uri permanent;

}

}