diff options
| author | quentin@aristote.fr <quentin@aristote.fr> | 2026-01-29 22:20:00 +0100 |
|---|---|---|
| committer | quentin@aristote.fr <quentin@aristote.fr> | 2026-01-29 22:20:00 +0100 |
| commit | bb7adf97d52b23de589002397d90277ab1bdd0d7 (patch) | |
| tree | 0e5d4e2b59a580dc59786a85600ba9711696861d | |
| parent | 4d3b399ce8e4d128e495196c1504675806cf934e (diff) | |
webkeydirectory: 444 on wrong urls
| -rw-r--r-- | config/services/web/webkeydirectory/default.nix | 9 | ||||
| -rwxr-xr-x | tests/run-tests.sh | 36 |
2 files changed, 25 insertions, 20 deletions
diff --git a/config/services/web/webkeydirectory/default.nix b/config/services/web/webkeydirectory/default.nix index 1adbdbe..cf96119 100644 --- a/config/services/web/webkeydirectory/default.nix +++ b/config/services/web/webkeydirectory/default.nix @@ -1,7 +1,9 @@ { config, ... }: -let webkeydirectoryPath = "/.well-known/openpgpkey/${config.networking.domain}"; -in { +let + webkeydirectoryPath = "/.well-known/openpgpkey/${config.networking.domain}"; +in +{ services.nginx.virtualHosts.webkeydirectory = { serverName = "openpgpkey.${config.networking.domain}"; locations = { @@ -13,6 +15,9 @@ in { ''; }; "=${webkeydirectoryPath}/policy".alias = builtins.toFile "policy" ""; + "/".extraConfig = '' + return 444; + ''; }; forceSSL = true; enableACME = true; diff --git a/tests/run-tests.sh b/tests/run-tests.sh index 6e161a2..36ce4f7 100755 --- a/tests/run-tests.sh +++ b/tests/run-tests.sh @@ -27,7 +27,6 @@ declare -A PORTS PORTS[quentin]=8080 PORTS[searx]=8081 PORTS[rss]=8083 -PORTS[openpgpkey]=8084 PORTS[git]=8086 for SERVICE in "${!PORTS[@]}" do @@ -54,34 +53,20 @@ echo Done. echo -echo Checking custom RSS bridges : -BRIDGES="$(ls ../config/services/web/rss/*Bridge.php | xargs basename -s Bridge.php)" -for BRIDGE in $BRIDGES -do - echo Checking bridge $BRIDGE ... - RESULT=$(curl "http://$IP:${PORTS[rss]}/?action=display&bridge=$BRIDGE&format=Plaintext" $CURL_FLAGS --output /dev/null --write-out '%{http_code}\n') - if [[ ! "$RESULT" = 200 ]] - then - echo "Connection failed." - fi -done -echo Done. - - -echo echo Checking web keys directory : +URL_PREFIX="http://$IP:8084/.well-known/openpgpkey/aristote.vm" KEYS="$(ls ../config/services/web/webkeydirectory/hu)" for KEY in $KEYS do echo Checking key $KEY ... - RESULT=$(curl "http://$IP:${PORTS[openpgpkey]}/.well-known/openpgpkey/aristote.vm/hu/$KEY" $CURL_FLAGS --output /dev/null --write-out '%{http_code}\n') + RESULT=$(curl "$URL_PREFIX/hu/$KEY" $CURL_FLAGS --output /dev/null --write-out '%{http_code}\n') if [[ ! "$RESULT" = 200 ]] then echo "Connection failed." fi done echo Checking policy file ... -RESULT=$(curl "http://$IP:${PORTS[openpgpkey]}/.well-known/openpgpkey/aristote.vm/policy" $CURL_FLAGS --output /dev/null --write-out '%{http_code}\n') +RESULT=$(curl "$URL_PREFIX/policy" $CURL_FLAGS --output /dev/null --write-out '%{http_code}\n') if [[ ! "$RESULT" = 200 ]] then echo "Connection failed." @@ -106,6 +91,21 @@ echo Done. echo +echo Checking custom RSS bridges : +BRIDGES="$(ls ../config/services/web/rss/*Bridge.php | xargs basename -s Bridge.php)" +for BRIDGE in $BRIDGES +do + echo Checking bridge $BRIDGE ... + RESULT=$(curl "http://$IP:${PORTS[rss]}/?action=display&bridge=$BRIDGE&format=Plaintext" $CURL_FLAGS --output /dev/null --write-out '%{http_code}\n') + if [[ ! "$RESULT" = 200 ]] + then + echo "Connection failed." + fi +done +echo Done. + + +echo echo Checking custom Searx engines : declare -A QUERIES QUERIES[alternativeto]=Searx |