From d1b8c94b7cb2e598643c742c222ac50d5917b562 Mon Sep 17 00:00:00 2001 From: Gregor Kleen Date: Wed, 6 Dec 2017 15:34:06 +0100 Subject: FTP over WebDAV --- custom/ymir-nginx.nix | 35 +++++++++++++++++++++++++++++++++-- ymir.nix | 16 ++++++++-------- 2 files changed, 41 insertions(+), 10 deletions(-) diff --git a/custom/ymir-nginx.nix b/custom/ymir-nginx.nix index a1de81c3..dcee84fa 100644 --- a/custom/ymir-nginx.nix +++ b/custom/ymir-nginx.nix @@ -175,8 +175,6 @@ in { listen [::]:443 ssl; server_name ~^(.*\.)?bragi\.(yggdrasil\.li|141\.li)$; - include ${acme}; - location / { auth_basic "Reverse proxy to bragi"; auth_basic_user_file /srv/www/bragi/htpasswd; @@ -184,6 +182,39 @@ in { proxy_pass http://bragi.asgard.yggdrasil/; } } + + server { + listen *:80; + listen [::]:80; + server_name ~^ftp\.(yggdrasil\.li|141\.li|praseodym\.org)$; + + include ${acme}; + + location / { + return 301 https://$host$request_uri; + } + } + + server { + listen *:443 ssl; + listen [::]:443 ssl; + + server_name ~^ftp\.(yggdrasil\.li|141\.li|praseodym\.org)$; + + client_body_temp_path /tmp/webdav; + + location / { + root /srv/ftp/$remote_user; + autoindex on; + + auth_basic "FTP over WebDAV"; + auth_basic_user_file /srv/ftp.htpasswd; + + dav_methods PUT DELETE MKCOL COPY MOVE; + create_full_put_path on; + dav_access user:rw group:r all:r; + } + } ''; }; } diff --git a/ymir.nix b/ymir.nix index 3eb10d10..e73ae546 100644 --- a/ymir.nix +++ b/ymir.nix @@ -14,10 +14,10 @@ let }; }; myDomains = [ "dirty-haskell.org" "www.dirty-haskell.org" "lists.dirty-haskell.org" "l.dirty-haskell.org" - "files.141.li" "f.141.li" "ymir.141.li" "141.li" "www.141.li" "lists.141.li" "l.141.li" "bragi.141.li" + "ftp.141.li" "files.141.li" "f.141.li" "ymir.141.li" "141.li" "www.141.li" "lists.141.li" "l.141.li" "bragi.141.li" "ymir.xmpp.li" "xmpp.li" "www.xmpp.li" "lists.xmpp.li" "l.xmpp.li" "muc.xmpp.li" "proxy.xmpp.li" - "files.yggdrasil.li" "f.yggdrasil.li" "ymir.yggdrasil.li" "git.yggdrasil.li" "www.yggdrasil.li" "yggdrasil.li" "lists.yggdrasil.li" "l.yggdrasil.li" "bragi.yggdrasil.li" - "files.praseodym.org" "f.praseodym.org" "ymir.praseodym.org" "praseodym.org" "www.praseodym.org" "lists.praseodym.org" "l.praseodym.org" + "ftp.yggdrasil.li" "files.yggdrasil.li" "f.yggdrasil.li" "ymir.yggdrasil.li" "git.yggdrasil.li" "www.yggdrasil.li" "yggdrasil.li" "lists.yggdrasil.li" "l.yggdrasil.li" "bragi.yggdrasil.li" + "ftp.praseodym.org" "files.praseodym.org" "f.praseodym.org" "ymir.praseodym.org" "praseodym.org" "www.praseodym.org" "lists.praseodym.org" "l.praseodym.org" "git.rheperire.org" "api.rheperire.org" "www.rheperire.org" "rheperire.org" "ymir.kleen.li" "kleen.li" "www.kleen.li" "ymir.nights.email" "nights.email" "www.nights.email" @@ -979,17 +979,17 @@ in rec { services.vsftpd = { enable = true; - # forceLocalLoginsSSL = true; - # forceLocalDataSSL = true; + forceLocalLoginsSSL = true; + forceLocalDataSSL = true; localUsers = true; writeEnable = true; chrootlocalUser = true; - # rsaKeyFile = "/var/lib/acme/yggdrasil.li/key.pem"; - # rsaCertFile = "/var/lib/acme/yggdrasil.li/fullchain.pem"; + rsaKeyFile = "/var/lib/acme/yggdrasil.li/key.pem"; + rsaCertFile = "/var/lib/acme/yggdrasil.li/fullchain.pem"; extraConfig = '' local_umask=022 - log_ftp_protocol=YES + log_ftp_protocol=NO xferlog_enable=YES pam_service_name=vsftpd -- cgit v1.2.3