43 lines
999 B
Plaintext
43 lines
999 B
Plaintext
server {
|
|
server_name $hgsrht;
|
|
include port80.conf;
|
|
}
|
|
|
|
server {
|
|
server_name $hgsrht;
|
|
include port443.conf;
|
|
|
|
ssl_certificate /etc/ssl/uacme/$hgsrht/cert.pem;
|
|
ssl_certificate_key /etc/ssl/uacme/private/$hgsrht/key.pem;
|
|
client_max_body_size 100M;
|
|
|
|
location / {
|
|
proxy_pass http://127.0.0.1:5010;
|
|
include web.conf;
|
|
}
|
|
|
|
location /query {
|
|
proxy_pass http://127.0.0.1:5110;
|
|
include graphql.conf;
|
|
}
|
|
|
|
location /static {
|
|
root /usr/lib/$python/site-packages/hgsrht;
|
|
expires 30d;
|
|
}
|
|
|
|
location = /authorize {
|
|
proxy_pass http://127.0.0.1:5001;
|
|
proxy_pass_request_body off;
|
|
proxy_set_header Content-Length "";
|
|
proxy_set_header X-Original-URI $request_uri;
|
|
}
|
|
|
|
# Let clients reach pull bundles. We don't really need to lock this down even for
|
|
# private repos because the bundles are named after the revision hashes... so someone
|
|
# would need to guess a SHA value to download anything.
|
|
location ~ ^/[~^][a-z0-9_]+/[a-zA-Z0-9_.-]+/\.hg/bundles/.*$ {
|
|
root /var/lib/mercurial;
|
|
}
|
|
}
|