Pass HTTP requests to wrappers for gdrive_knife.

diff --git a/gdrive_proxy.conf b/gdrive_proxy.conf
new file mode 100644 (file)
index 0000000..07079f9
--- /dev/null
+++ b/gdrive_proxy.conf
@@ -0,0 +1,97 @@
+# Copyright (c) 2023 Jakub Czajka <jakub@ekhem.eu.org>
+# License: GPL-3.0 or later.
+
+server {
+    server_name  drive.${private_domain};
+
+    listen       [::]:443 ssl http2;
+    listen       443 ssl http2;
+
+    ssl_certificate ${private_ssl_cert_dir}/fullchain.pem;
+    ssl_certificate_key ${private_ssl_cert_dir}/privkey.pem;
+
+    ssl_client_certificate ${ca_dir}/ca.pem;
+    ssl_verify_client on;
+
+    client_max_body_size 2G;
+
+    fastcgi_buffers 16 32k;
+    fastcgi_buffer_size 64k;
+    fastcgi_busy_buffers_size 64k;
+
+    root ${prod_dir}/gdrive_proxy;
+
+    location ~ ^/auth(.*) {
+        proxy_pass http://localhost:3030;
+    }
+
+    location = /delete {
+        include fastcgi_params;
+        fastcgi_pass unix:/var/run/fcgiwrap.socket;
+
+        fastcgi_param NAME_ON_DRIVE ${dollar}arg_name;
+        fastcgi_param SCRIPT_FILENAME ${dollar}document_root/delete.sh;
+    }
+
+    location = /download {
+        include fastcgi_params;
+        fastcgi_pass unix:/var/run/fcgiwrap.socket;
+
+        # https://serverfault.com/a/852573
+        fastcgi_buffering off;
+        fastcgi_param NO_BUFFERING "";
+
+        fastcgi_param NAME_ON_DRIVE ${dollar}arg_name;
+        fastcgi_param SCRIPT_FILENAME ${dollar}document_root/download.sh;
+    }
+
+    location ~ ^/([a-zA-Z0-9_\.]+)$ {
+        add_header Content-Disposition "attachment; filename=/tmp/${dollar}1";
+
+        alias /tmp/;
+        try_files ${dollar}1 =404;
+    }
+
+    location = /upload {
+        include fastcgi_params;
+        fastcgi_pass unix:/var/run/fcgiwrap.socket;
+
+        client_body_in_file_only clean;
+        client_body_temp_path /tmp;
+
+        fastcgi_pass_request_body off;
+        fastcgi_pass_request_headers off;
+
+        fastcgi_buffering off;
+        fastcgi_param NO_BUFFERING "";
+
+        fastcgi_param PATH_TO_FILE ${dollar}request_body_file;
+        fastcgi_param SCRIPT_FILENAME ${dollar}document_root/upload.sh;
+    }
+
+    location = / {
+        include fastcgi_params;
+        fastcgi_pass unix:/var/run/fcgiwrap.socket;
+
+        fastcgi_keep_conn on;
+        fastcgi_read_timeout 3s;
+
+        fastcgi_buffering off;
+        fastcgi_param NO_BUFFERING "";
+
+        fastcgi_param SCRIPT_FILENAME ${dollar}document_root/gdrive_proxy.sh;
+    }
+}
+
+server {
+    server_name  drive.${private_domain};
+
+    listen       [::]:80;
+    listen       80;
+
+    if (${dollar}host = drive.${private_domain}) {
+        return 301 https://${dollar}host${dollar}request_uri;
+    }
+
+    return 404;
+}