Browse Source

Change tild.es to nginx redirect instead of proxy

Previously tild.es urls would proxy_pass through to the views inside the
Pyramid app, but this caused strange behavior in some cases. For
example, anything that caused a 404 response would end up in a broken
page that still appeared to be on the tild.es domain, but would be an
HTML-only page coming from the app, since the CSS and JS would not be
available.

This method is still a bit weird in some ways (now you'll end up on a
404 page at https://tildes.net/shortener/... instead), but I think it's
an improvement overall.
merge-requests/72/head
Deimos 5 years ago
parent
commit
9a373f4cbf
  1. 23
      salt/salt/nginx/tildes-shortener.conf.jinja2
  2. 3
      tildes/tildes/routes.py
  3. 9
      tildes/tildes/views/shortener.py

23
salt/salt/nginx/tildes-shortener.conf.jinja2

@ -1,26 +1,27 @@
server { server {
# remove trailing slash from addresses
rewrite ^/(.*)/$ https://$host/$1 permanent;
listen 443 ssl http2; listen 443 ssl http2;
listen [::]:443 ssl http2; listen [::]:443 ssl http2;
server_name tild.es;
keepalive_timeout 5;
add_header Strict-Transport-Security "max-age={{ pillar['hsts_max_age'] }}; includeSubDomains; preload" always; add_header Strict-Transport-Security "max-age={{ pillar['hsts_max_age'] }}; includeSubDomains; preload" always;
# Are these security headers unnecessary when we're just redirecting?
add_header X-Content-Type-Options "nosniff" always; add_header X-Content-Type-Options "nosniff" always;
add_header X-Frame-Options "SAMEORIGIN" always; add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Xss-Protection "1; mode=block" always; add_header X-Xss-Protection "1; mode=block" always;
add_header Referrer-Policy "same-origin" always; add_header Referrer-Policy "same-origin" always;
server_name tild.es;
keepalive_timeout 5;
# Exact location match to redirect the root url to tildes.net
location = / {
return 301 https://tildes.net;
}
# Will match all addresses *except* the root
location / { location / {
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_redirect off;
proxy_pass http://app_server/shortener/;
# Strip any trailing slash while redirecting
rewrite ^/(.*)/?$ https://tildes.net/shortener/$1 permanent;
} }
} }

3
tildes/tildes/routes.py

@ -109,9 +109,6 @@ def includeme(config: Configurator) -> None:
add_intercooler_routes(config) add_intercooler_routes(config)
# Add routes for the link-shortener under the /shortener path # Add routes for the link-shortener under the /shortener path
# The trailing slash is required for the base /shortener/ path because of the way
# nginx's proxy_pass will forward the urls from the shortener
config.add_route("shortener", "/shortener/")
with config.route_prefix_context("/shortener"): with config.route_prefix_context("/shortener"):
config.add_route("shortener_group", "/~{group_path}", factory=group_by_path) config.add_route("shortener_group", "/~{group_path}", factory=group_by_path)
config.add_route("shortener_topic", "/{topic_id36}", factory=topic_by_id36) config.add_route("shortener_topic", "/{topic_id36}", factory=topic_by_id36)

9
tildes/tildes/views/shortener.py

@ -4,19 +4,12 @@
"""Views related to the link shortener.""" """Views related to the link shortener."""
from mypy_extensions import NoReturn from mypy_extensions import NoReturn
from pyramid.httpexceptions import HTTPFound, HTTPMovedPermanently
from pyramid.httpexceptions import HTTPMovedPermanently
from pyramid.request import Request from pyramid.request import Request
from pyramid.security import NO_PERMISSION_REQUIRED from pyramid.security import NO_PERMISSION_REQUIRED
from pyramid.view import view_config from pyramid.view import view_config
@view_config(route_name="shortener", permission=NO_PERMISSION_REQUIRED)
def get_shortener(request: Request) -> NoReturn:
"""Redirect to the site if someone just visits the base shortener domain."""
# pylint: disable=unused-argument
raise HTTPFound(location="https://tildes.net")
@view_config(route_name="shortener_group", permission=NO_PERMISSION_REQUIRED) @view_config(route_name="shortener_group", permission=NO_PERMISSION_REQUIRED)
def get_shortener_group(request: Request) -> NoReturn: def get_shortener_group(request: Request) -> NoReturn:
"""Redirect to the base path of a group.""" """Redirect to the base path of a group."""

Loading…
Cancel
Save