mirror of
https://github.com/yu-i-i/overleaf-cep.git
synced 2026-05-23 17:19:37 +02:00
6c6e8d9a97
* [monorepo] switch all output file reads to clsi-nginx * [clsi-lb] allow gallery download requests * [terraform] clsi: use nginx.conf from clsi service * [clsi] fix flakey tests * [clsi] replace alias with rewrite and root in nginx config * [k8s] clsi-lb: expose download port on internal service * [web] add explicit endpoint for downloading all output files Serve the output.zip endpoint from clsi. * [clsi] fix regex for latexqc submission ids Previously, we only handled template submission ids. GitOrigin-RevId: 6c3b21b01ec41ae767530b14aac31fbe3d640dd5
60 lines
1.9 KiB
Plaintext
60 lines
1.9 KiB
Plaintext
# keep in sync with services/clsi/nginx.conf
|
|
# Changes to the above:
|
|
# - added Security-Headers
|
|
# - remove CORS rules, Server-CE/Server-Pro runs behind a single origin
|
|
# - change /output path to /var/lib/overleaf/data/output
|
|
# - remove tiny.pdf endpoints
|
|
|
|
server {
|
|
add_header 'X-Served-By' 'clsi-nginx' always;
|
|
|
|
# Security-Headers
|
|
add_header 'X-Content-Type-Options' 'nosniff' always;
|
|
add_header 'X-Download-Options' 'noopen' always;
|
|
add_header 'X-Frame-Options' 'SAMEORIGIN' always;
|
|
add_header 'X-XSS-Protection' '1; mode=block' always;
|
|
|
|
listen 8080;
|
|
server_name clsi-nginx;
|
|
server_tokens off;
|
|
access_log off;
|
|
# Ignore symlinks possibly created by users
|
|
disable_symlinks on;
|
|
# enable compression for tex auxiliary files, but not for pdf files
|
|
gzip on;
|
|
gzip_types text/plain;
|
|
gzip_proxied any;
|
|
types {
|
|
text/plain log blg aux stdout stderr;
|
|
application/pdf pdf;
|
|
}
|
|
# handle output files for specific users
|
|
location ~ ^/project/([0-9a-f]+)/user/([0-9a-f]+)/build/([0-9a-f-]+)/output/(.+)$ {
|
|
rewrite ^/project/([0-9a-f]+)/user/([0-9a-f]+)/build/([0-9a-f-]+)/output/(.+)$ /$4 break;
|
|
root /var/lib/overleaf/data/output/$1-$2/generated-files/$3/;
|
|
}
|
|
# handle output files for anonymous users
|
|
location ~ ^/project/([0-9a-f]+)/build/([0-9a-f-]+)/output/(.+)$ {
|
|
rewrite ^/project/([0-9a-f]+)/build/([0-9a-f-]+)/output/(.+)$ /$3 break;
|
|
root /var/lib/overleaf/data/output/$1/generated-files/$2/;
|
|
}
|
|
|
|
# PDF range for specific users
|
|
location ~ ^/project/([0-9a-f]+)/user/([0-9a-f]+)/content/([0-9a-f-]+/[0-9a-f]+)$ {
|
|
# Cache for one day
|
|
expires 1d;
|
|
alias /var/lib/overleaf/data/output/$1-$2/content/$3;
|
|
}
|
|
# PDF range for anonymous users
|
|
location ~ ^/project/([0-9a-f]+)/content/([0-9a-f-]+/[0-9a-f]+)$ {
|
|
# Cache for one day
|
|
expires 1d;
|
|
alias /var/lib/overleaf/data/output/$1/content/$2;
|
|
}
|
|
|
|
# Do not look up any non matching files in the default root.
|
|
location / {
|
|
return 404;
|
|
}
|
|
}
|