nginx.conf

worker_processes 2;

events {
    worker_connections  1024;
}

pid /tmp/nginx.pid;

http {
    include       mime.types;
    default_type  application/octet-stream;
    sendfile        on;
    keepalive_timeout  65;
    gzip  on;
    gzip_disable "msie6"; # Disable comnpression on really old Internet Explorer

    gzip_comp_level 6; # Moderate compression level
    gzip_min_length 256; # Don't zip really small files

    gzip_buffers 16 8k;
    gzip_proxied any;
    gzip_types
        text/plain
        text/css
        text/js
        text/xml
        text/javascript
        application/javascript
        application/json
        application/xml
        application/rss+xml
        image/svg+xml;


    # add URLs after the `default` line that are moved and aren't redirecting via Hugo aliases
    map $request_uri $redirect_url {
        default "";

        # individual URL redirects here
        "~^/chainguard/chainguard-enforce/chainctl-docs/how-to-install-chainctl(.+)?$" /chainguard/chainguard-enforce/how-to-install-chainctl$1;
        "~^/chainguard/chainguard-enforce/chainctl-docs(.+)?$" /chainguard/chainctl$1;
        "~^/chainguard/chainguard-enforce/chainguard-enforce-kubernetes/chainguard-enforce-events(.+)?$" /chainguard/administration/cloudevents/events-reference$1;
        "~^/chainguard/chainguard-enforce/chainguard-enforce-events(.+)?$" /chainguard/administration/cloudevents/events-reference$1;
        "~^/open-source/apko/apk-package-manager(.+)?$" /open-source/wolfi/apk-package-manager$1;
        "~^/chainguard/chainctl/chainctl-docs/(index.html|index.xml)?$" /chainguard/chainctl/;
        "~^/chainguard/chainguard-enforce/chainguard-enforce-kubernetes/chainguard-enforce-policy-examples(.+)?$" /open-source/sigstore/policy-controller/policies$1;
        "~^/open-source/melange/getting-started-with-melange(.+)?$" /open-source/build-tools/melange/getting-started-with-melange/;
        "~^/open-source/melange/tutorials/getting-started-with-melange/(.+)?$" /open-source/build-tools/melange/getting-started-with-melange/;
        "~^/chainguard/chainguard-enforce/sboms/sboms-and-attestations/(.+)?$" /open-source/sbom/sboms-and-attestations/;
        "~^/chainguard/chainguard-images/images-compared/(.+)?$" /chainguard/chainguard-images/vuln-comparison/;
        "~^/software-security/secure-software-development/considerations-for-image-updates/(.+)?$" /chainguard/chainguard-images/recommended-practices/considerations-for-image-updates/;
        "~^/chainguard/chainguard-images/considerations-for-image-updates/(.+)?$" /chainguard/chainguard-images/recommended-practices/considerations-for-image-updates/;
        "~^/chainguard/chainguard-enforce/authentication/custom-idps/(.+)?$" /chainguard/administration/custom-idps/custom-idps/;
        "~^/chainguard/network-requirements/(.+)?$" /chainguard/administration/network-requirements/;
        "~^/chainguard/chainguard-enforce/reference/events/(.+)?$" /chainguard/administration/cloudevents/events-reference/;
        "~^/chainguard/administration/cloudevents/create-github-issues/(.+)?$" /chainguard/administration/cloudevents/;
        "~^/chainguard/administration/cloudevents/create-jira-issues/(.+)?$" /chainguard/administration/cloudevents/;
        "~^/chainguard/administration/cloudevents/create-slack-alerts/(.+)?$" /chainguard/administration/cloudevents/;
        "~^/chainguard/chainguard-images/getting-started/istio(.+)?$" https://images.chainguard.dev/directory/image/istio-pilot/overview/;
        "~^/chainguard/chainguard-images/network-requirements/(.+)?$"  /chainguard/administration/network-requirements/;
        "~^/chainguard/network-requirements/(.+)?$"  /chainguard/administration/network-requirements/;

        # complete content directory redirects here
        "~^/chainguard/chainguard-enforce/events/(.+)$" /chainguard/administration/cloudevents/$1;
        "~^/chainguard/chainguard-enforce/cloudevents/(.+)$" /chainguard/administration/cloudevents/$1;
        "~^/chainguard/chainguard-images/registry/(.+)?$"  /chainguard/chainguard-registry/;
        "~^/chainguard/chainguard-enforce/iam-groups/(.+)?$"  /chainguard/administration/iam-groups/$1;
        "~^/chainguard/chainguard-enforce/cloudevents/(.+)?$"  /chainguard/administration/cloudevents/$1;
        "~^/chainguard/chainguard-enforce/iam-groups/identity-examples/(.+)?$"  /chainguard/chainguard-enforce/authentication/$1;
        "~^/chainguard/chainguard-enforce/authentication/identity-examples/(.+)?$"  /chainguard/administration/iam-groups/identity-examples/;
        "~^/chainguard/chainguard-images/vulnerability-comparisons/(.+)?$"  /chainguard/chainguard-images/comparing-images/vulnerability-comparisons;
        "~^/chainguard/administration/iam-groups/(.+)?$"  /chainguard/administration/iam-organizations/$1;

        # enforce docs turndown
        "~^/chainguard/chainguard-enforce/(.+)?$"  /;

        # getting-started docs redirects
        "~^/chainguard/chainguard-images/reference/go/getting-started-go/(.+)?$" /chainguard/chainguard-images/getting-started/getting-started-go/;
        "~^/chainguard/chainguard-images/reference/mariadb/getting-started-mariadb/(.+)?$" /chainguard/chainguard-images/getting-started/getting-started-mariadb/;
        "~^/chainguard/chainguard-images/reference/node/getting-started-node/(.+)?$" /chainguard/chainguard-images/getting-started/getting-started-node/;
        "~^/chainguard/chainguard-images/reference/php/getting-started-php/(.+)?$" /chainguard/chainguard-images/getting-started/getting-started-php/;
        "~^/chainguard/chainguard-images/reference/postgres/getting-started-postgres/(.+)?$" /chainguard/chainguard-images/getting-started/getting-started-postgres/;
        "~^/chainguard/chainguard-images/reference/python/getting-started-python/(.+)?$" /chainguard/chainguard-images/getting-started/getting-started-python/;
        "~^/chainguard/chainguard-images/reference/ruby/getting-started-ruby/(.+)?$" /chainguard/chainguard-images/getting-started/getting-started-ruby/;
        # reference docs redirects - images
        "~^/chainguard/chainguard-images/reference/(.+)/image_specs/?$" https://images.chainguard.dev/directory/image/$1/specifications;
        "~^/chainguard/chainguard-images/reference/(.+)/tags_history/?$" https://images.chainguard.dev/directory/image/$1/versions;
        "~^/chainguard/chainguard-images/reference/(.+)/provenance_info/?$" https://images.chainguard.dev/directory/image/$1/provenance;
        "~^/chainguard/chainguard-images/reference/(.+)/overview/?$" https://images.chainguard.dev/directory/image/$1/overview;
        "~^/chainguard/chainguard-images/reference/(.+)/$" https://images.chainguard.dev/directory/image/$1/overview;
        "~^/chainguard/chainguard-images/reference/(.+)$" https://images.chainguard.dev/directory/image/$1/overview;
        "~^/chainguard/chainguard-images/reference/?$" https://images.chainguard.dev/directory;
        # apko reference redirect
        "~^/open-source/build-tools/apko/reference/?$" https://github.com/chainguard-dev/apko/blob/main/docs/apko_file.md;
        # melange reference redirect
        "~^/open-source/build-tools/melange/reference/?$" https://github.com/chainguard-dev/melange/blob/main/docs/md/melange.md;
        "~^/open-source/build-tools/melange/melange-pipelines/?$" https://github.com/chainguard-dev/melange/blob/main/docs/PIPELINES.md;
    }

    server {
        listen       8080;
        server_name  localhost;
        root   /usr/share/nginx/html/;

        # Add Hugo aliases as 301 redirects
        include aliases;

        # process $request_uri -> $redirect_url if url is absolute
        if ($redirect_url ~ ^https://) {
            rewrite ^(.*)$ $redirect_url permanent;
        }
        # process $request_uri -> $redirect_url, preserving https, and ensure URLs don't have any ports in them
        if ($redirect_url != "") {
            rewrite ^(.*)$ $scheme://$http_host$redirect_url permanent;
        }

        location / {
	    index  index.html index.htm;
            try_files $uri $uri/index.html =404;
        }

        # serve the vuln-comparison page for /vulnerabilities page without a vuln id
        # captures /vulnerabilities /vulnerabilities/ and /vulnerabilities/index.html
        location ~ ^/vulnerabilities(\/|\/index.html)?$ {
            rewrite ^ /chainguard/chainguard-images/vuln-comparison/index.html;
        }

        # all vulnerabilities with an ID get rendered by this page using javascript
        location ~ ^/vulnerabilities/ {
            rewrite ^ /vulnerabilities/index.html break;
        }

        location ~* /(\index.html)?$ {
            add_header Cache-Control "public, max-age=300, stale-while-revalidate=300";
        }

	# use hugo's built in 404 page for now
	error_page 404 /404.html;

        # redirect server error pages to the static page /50x.html
        #
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }
    }
}
error_log  stderr  notice;