Refactoring: Remove code duplication

ls1intum · Nov 27, 2023 · b491c66 · b491c66
1 parent 51849ab
commit b491c66
Showing 1 changed file with 5 additions and 60 deletions.
diff --git a/roles/proxy/templates/nginx_artemis.conf.j2 b/roles/proxy/templates/nginx_artemis.conf.j2
@@ -28,6 +28,7 @@ server {
     {% endif %}
 }
 
+{% if proxy_redirect_main_url is not none %}
 server {
     listen 443 ssl http2;
     listen [::]:443 ssl http2;
@@ -47,71 +48,16 @@ server {
 #   ssl_early_data on;
     add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
 
-    {% if proxy_redirect_main_url is not none %}
     return 301 https://{{ proxy_redirect_main_url }}$request_uri;
-    {% else %}
-    resolver {{ proxy_resolver }};
-    resolver_timeout 5s;
-    client_max_body_size 10m;
-    client_body_buffer_size 1m;
-
-    location / {
-        proxy_pass {{ proxy_node_protocol }}://artemis;
-        proxy_http_version 1.1;
-        proxy_set_header Upgrade $http_upgrade;
-        proxy_set_header Connection 'upgrade';
-        proxy_set_header Host $host;
-#       proxy_set_header Early-Data $ssl_early_data;
-        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-        proxy_set_header X-Forwarded-Proto $scheme;
-        proxy_cache_bypass $http_upgrade;
-        proxy_send_timeout 900s;
-        proxy_read_timeout 900s;
-        proxy_max_temp_file_size 0;
-        proxy_buffering on;
-        proxy_buffer_size 16k;
-        proxy_buffers 8 16k;
-        proxy_busy_buffers_size 32k;
-        fastcgi_send_timeout 900s;
-        fastcgi_read_timeout 900s;
-        client_max_body_size 128M;
-    }
-
-    {% if proxy_mailto is not none %}
-    location /mailto {
-        default_type text/html;
-        return 200 '<html><head><meta http-equiv="Refresh" content="0; url=mailto:{{ proxy_mailto }}" /></head></html>';
-    }
-    {% endif %}
-
-    location /api/authenticate {
-        proxy_pass http://artemis/api/authenticate;
-		# For a given violation of the rate limit defined in the zone
-		# * the first 2 (delay) requests will be allowed without delay
-		# * the next (burst - delay) request waits until it fits in the rate limit
-		# * the rest will be denied
-		# If an attacker spams this endpoint, only the first three requests will come through.
-		# This only resets if the violation of the rate limit stops.
-        limit_req zone=loginlimit burst=3 delay=2;
-    }
-
-    location /favicon.ico {
-        return 404;
-    }
-
-    error_page 502 /502.html;
-    location /502.html {
-        root /usr/share/nginx/html;
-        internal;
     }
     {% endif %}
-}
 
-{% if proxy_redirect_main_url is not none %}
 server {
-    listen 443 ssl http2;
-    listen [::]:443 ssl http2;
+    {% if proxy_redirect_main_url is not none %}
     server_name {{ proxy_redirect_main_url }};
+    {% else %}
+    server_name _;
+    {% endif %}
     ssl_certificate     {{ proxy_ssl_certificate_path }};
     ssl_certificate_key {{ proxy_ssl_certificate_key_path }};
     ssl_protocols       TLSv1.2 TLSv1.3;
@@ -181,4 +127,3 @@ server {
         internal;
     }
 }
-{% endif %}