Last active
November 24, 2024 22:13
-
-
Save BrokenR3C0RD/c7e54da32f3d8a627f8b1e2d66684dc5 to your computer and use it in GitHub Desktop.
nginx config for pretty Bluesky/ATProto PDS server handle redirects
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Assumes you have an `upstream bsky-pds` somewhere; you can replace `http://bsky-pds` with the URL to your PDS | |
| # if you'd prefer | |
| server { | |
| listen 443 ssl; | |
| listen 443 quic; | |
| # Replace with your base handle domain(s) | |
| # This will act as a fallback, so if you have anything else hosted on subdomains they won't be affected | |
| server_name *.pds.example.com; | |
| # Remaps 404s in the auth subrequest to 401s that won't cause a 500 error | |
| location @remap_404 { | |
| internal; | |
| return 401; | |
| } | |
| # Used to close the connection when the account doesn't exist. | |
| # Replace the error code here with your preferred response if you want | |
| location @handle_not_found { | |
| internal; | |
| return 444; | |
| } | |
| # Redirect to the account with the handle referred to by this domain | |
| location @handle_found { | |
| internal; | |
| return 302 https://bsky.app/profile/$host; | |
| } | |
| # Check if the handle exists on the server by trying to resolve the DID | |
| location = /check_handle_exists { | |
| internal; | |
| proxy_pass http://bsky-pds/.well-known/atproto-did; | |
| proxy_pass_request_body off; | |
| proxy_intercept_errors on; | |
| proxy_http_version 1.1; | |
| proxy_set_header Host $host; | |
| proxy_set_header X-Forwarded-Host $http_host; | |
| proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
| proxy_set_header X-Forwarded-Proto $scheme; | |
| # This is the magic: if we don't find the DID, return 401 so we can handle it outside of here. | |
| error_page 404 @remap_404; | |
| } | |
| location / { | |
| auth_request /check_handle_exists; | |
| # @handle_not_found will be processed if the handle isn't registered | |
| # @handle_found will be processed if it is | |
| error_page 401 @handle_not_found; | |
| # Only redirect a direct link | |
| # You can change this if you'd like | |
| location = / { | |
| try_files "" @handle_found; | |
| } | |
| # Forward standard atproto-did requests | |
| location = /.well-known/atproto-did { | |
| proxy_pass http://bsky-pds/.well-known/atproto-did; | |
| proxy_http_version 1.1; | |
| proxy_set_header Host $host; | |
| proxy_set_header X-Forwarded-Host $http_host; | |
| proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
| proxy_set_header X-Forwarded-Proto $scheme; | |
| } | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment