# rawgithack
# Derived from https://github.com/neoascetic/rawgithack/blob/6e95e6c5f398a321b18b2586266a2cce9a3b1f6f/rawgithack.conf

#error_log logs/error.log warn;
limit_req_zone $rawscols_throttle zone=rawscolscgi_throttling:10m rate=10r/s;
limit_req_log_level notice;


map $host $origin {
    ~*^(real\.)?ra\.ws\.co\.ls$ git.sr.ht;
    # ~*^(real\.)?ra\.ws\.co\.ls$ srhtcdn.githack.com;
}

map $http_referer $rawscols_throttle {
    ~*^https?://ra\.ws\.co\.ls "";
    ~*^https?://(?<domain>[^/]+) $domain/$origin$uri;
}

server {
    listen 192.168.1.250:80;
    listen 192.168.1.250:443 ssl;
    server_name ra.ws.co.ls real.ra.ws.co.ls;

    root /var/www/ra.ws.co.ls;
    location = /favicon.ico {
        return 301 /favicon.svg;
    }
    location = /favicon.svg {
       limit_except GET HEAD { deny all; }
       add_header Cache-Control 'max-age=2592000, public, immutable';
       try_files $uri =404;
    }

    # Instead of soft-merging slashes, merge them with a 301
    merge_slashes off;
    rewrite (.*?)//+(.*) $1/$2 permanent;

    location ~ ^/[a-z.-]+$ {
        limit_except GET HEAD { deny all; }
        add_header Cache-Control 'max-age=86400, public';
        default_type "text/plain; charset=utf-8";
        try_files $uri.html $uri =404;
    }

    # location ~* ^/[^/]+/[^/]+/[^/]+/.+?(?:\.(?<extension>[a-zA-Z0-9]+))?$ {
    location ~* ^/~nabijaczleweli/[^/]+/blob/.+?(?:\.(?<extension>[a-zA-Z0-9]+))?$ {
        limit_except GET { deny all; }

        limit_req zone=rawscolscgi_throttling nodelay;
        limit_req_status 429;

        add_header X-Robots-Tag none; # robots, go away!
        add_header Access-Control-Allow-Origin *;

        fastcgi_pass unix:/run/fcgiwrap.socket;
        include /etc/nginx/fastcgi_params;
        fastcgi_param SCRIPT_FILENAME /var/www/ra.ws.co.ls/ra.ws.co.ls.cgi;
    }

    ssl_certificate /etc/letsencrypt/live/ra.ws.co.ls/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/ra.ws.co.ls/privkey.pem; # managed by Certbot
}