Commit Graph

73 Commits

Author SHA1 Message Date
Drew DeVault fd450d1e5d robots.txt: add bytespider 2024-03-28 11:34:42 +01:00
Drew DeVault bb1eb0985f sourcehut.conf: update python 2024-03-20 13:11:32 +01:00
Drew DeVault f4d1369b20 robots.txt: disallow barkrowler 2024-03-20 10:16:59 +01:00
Conrad Hoffmann 9bd0f27004 meta.sr.ht: include web.conf in /register
The web.conf include handles X-Real-Ip and X-Forwarded-For, which are
needed on this route for better spam detection.
2024-03-12 13:34:35 +01:00
Ludovic Chabant 47015e997a Add https cloning config to hg.sr.ht
It was mentioned in man.sr.ht, before sr.ht-nginx existed.
2024-01-21 20:33:20 +01:00
Drew DeVault 2ac7ca050c robots.txt: add more LLM scrapers 2023-12-09 22:39:04 +01:00
Simon Ser 553f91a177 pages.sr.ht: turn on HTTP/2
Turn on the PROXY protocol, and advertise HTTP/2 support via ALPN.
2023-10-24 13:54:14 +02:00
Drew DeVault e6d37210a4 sourcehut.conf: block mastodon from all services
When Mastodon posts federate URLs throughout the network, every Mastodon
server it touches will fetch the URL to prepare a preview, consistently
causing a DDoS every time.

This has been a known issue for 6 years and they don't really give a
shit, so they get blocked.

https://github.com/mastodon/mastodon/issues/4486
https://github.com/mastodon/mastodon/issues/23662
2023-10-13 10:20:11 +02:00
Drew DeVault 9af0afe04a *.conf: update CSP 2023-09-14 14:13:53 +02:00
Drew DeVault 782af7be55 Add new marketing bot 2023-09-01 15:20:03 +02:00
Drew DeVault bd0f2946ef robots.txt: exclude GPTBot 2023-08-08 10:49:37 +02:00
Drew DeVault 4c7445f678 robots.txt: add mbox & raw (for lists) 2023-05-11 09:55:43 +02:00
Drew DeVault 91e2a5d0fc sourcehut.conf: bump python version 2023-03-22 10:18:47 +01:00
Simon Ser 266a8d738c meta.sr.ht: passthrough OAuth 2.0 server metadata
port443.conf has an explicit rule for .well-known. Override it
for the OAuth 2.0 server metadata path.
2023-02-20 10:37:33 +01:00
Drew DeVault 195622c35f robots.txt: turnitin changed their UA 2023-02-03 10:16:50 +01:00
Drew DeVault c735f50368 hub.sr.ht: add GQL API 2022-11-02 11:57:04 +01:00
Drew DeVault 62a9753d33 man.sr.ht: correct API port 2022-11-02 11:01:12 +01:00
Drew DeVault c1ca10d3e6 man.sr.ht: add GraphQL routes 2022-11-02 10:32:30 +01:00
Drew DeVault a195e2fc77 robots.txt: add more git.sr.ht routes
Most crawlers end up crawling the entire history of a repository, which
is kind of pointless and expensive.
2022-05-25 16:43:19 +02:00
Drew DeVault 31237ce40d robots.txt: add seekport crawler 2022-04-09 12:12:59 +02:00
Conrad Hoffmann 5300cf2efa Include common headers from separate file
This commit brings back all headers previously defined in port443.conf.
The current setup has been missing them since the `add_header` directive
was added to the individual `location` blocks (for CSP). The nginx
manual states:

> These directives are inherited from the previous configuration level
> if and only if there are no add_header directives defined on the
> current level

http://nginx.org/en/docs/http/ngx_http_headers_module.html#add_header

None of the headers are important enough that they would have to be
added to all possible `location` blocks. Adding them to the root block
for each site will be sufficient.
2022-03-15 12:34:20 +01:00
Drew DeVault 305e2a56cf robots.txt: disallow / for turnitinbot 2022-02-14 15:14:59 +01:00
Drew DeVault 915ba53af3 todo.sr.ht.conf: add unsafe-inline scripts to CSP
Necessary for GraphQL page
2022-02-01 09:35:00 +01:00
Drew DeVault bfcbf15d5f lists.sr.ht: add max_body_size 2021-12-21 23:52:34 +01:00
Noelle Leigh e58e225e51 chat.sr.ht: add location directive for manifest
When visiting chat.sr.ht while signed in, this message is printed to the
browser console (Chrome):

> Refused to load manifest from
> 'https://meta.sr.ht/login?return_to=https://chat.sr.ht/manifest.webmanifest'
> because it violates the following Content Security Policy directive:
> "default-src 'self'". Note that 'manifest-src' was not explicitly set,
> so 'default-src' is used as a fallback.

Adding a separate location for /manifest.webmanifest will allow the
browser to load the manifest without having to include credentials
(which is the case by default).
2021-12-13 12:59:06 +01:00
Drew DeVault e15aaf9763 hub.sr.ht: redirect hub.sr.ht -> sr.ht
Fixes: https://todo.sr.ht/~sircmpwn/hub.sr.ht/78
2021-12-06 09:43:01 +01:00
Drew DeVault 834ed1fb23 chat.sr.ht: update CSP 2021-11-29 14:50:57 +01:00
Drew DeVault 7bb13cb0e6 README.md: fix typo 2021-11-28 11:33:17 +01:00
Drew DeVault 99a7dda1e0 Unblock TTRSS
This doesn't work with nginx for some reason despite being exactly in
accordance with the official docs on conditional statements. Hooray!

This reverts commit 54a9c41f67.
2021-11-25 10:43:28 +01:00
Drew DeVault a7824a82a2 robots.txt: disallow git logs
This is an expensive route due to inefficiencies in pygit2's log
implementation. We might be able to turn this back on in the future.
2021-11-25 10:38:10 +01:00
Drew DeVault 54a9c41f67 git.sr.ht: block TTRSS
They keep requesting data URIs.
2021-11-25 10:32:58 +01:00
Drew DeVault fa6ad0e02e robots.txt: add AmazonBot 2021-11-25 10:22:42 +01:00
Simon Ser a256c80630 chat.sr.ht.conf: add prometheus metrics endpoint 2021-11-18 08:59:49 +01:00
Drew DeVault c0d79e6618 hg.sr.ht.conf: remove unused authorize route 2021-11-16 21:48:25 +01:00
Drew DeVault c06fbfbad1 hg.sr.ht.conf: fix /authorize port 2021-10-27 10:35:26 +02:00
Drew DeVault bbd0d30cd7 robots.txt: disallow new SEO bot 2021-10-27 10:21:59 +02:00
Drew DeVault 529ae6e539 hg.sr.ht.conf: update CSP for GQL sandbox 2021-10-27 10:17:52 +02:00
Simon Ser 1844d6be9c Add config for chat.sr.ht 2021-10-14 10:01:58 +02:00
Drew DeVault 3e6d445c26 paste.sr.ht: add GraphQL configuration 2021-09-22 08:19:48 +02:00
Drew DeVault 5650499a82 hub.sr.ht: add second server_name 2021-09-05 10:57:23 +02:00
Drew DeVault 3ab3fac0b0 meta.sr.ht: re-introduce spam config 2021-09-04 11:05:47 +02:00
Drew DeVault 081fce4019 all: remove variables in server_name
This doesn't actually work, it just pretends to work. Fuck you nginx
2021-08-31 08:25:08 +02:00
Drew DeVault cb3972376c all: add correct CSP headers 2021-08-30 10:53:05 +02:00
Drew DeVault dcfe4221f8 web, graphql: set X-Forwarded-For properly 2021-08-30 10:36:23 +02:00
Drew DeVault f75b6ca38f fuckings to nginx
Every variable is unwrapped at runtime and only accounted for in some
commands, which does not include ssl_certificate. Anyone who complains
about this is made fun of. Assholes.
2021-08-30 10:02:35 +02:00
Drew DeVault 7cd01f56a8 X-Real-IP: minor fixes 2021-08-30 09:38:02 +02:00
Drew DeVault 2cd31be8da all: move domains.conf => sourcehut.conf 2021-08-30 09:29:53 +02:00
Drew DeVault d1599dd5e0 all: refactor common config options into includes 2021-08-30 09:22:32 +02:00
Drew DeVault 30afc8ce5b pages.sr.ht: update configuration 2021-08-05 09:35:51 +02:00
Drew DeVault 7151e98dba all: update python paths 2021-08-05 09:35:39 +02:00