diff --git a/templates/etc/nginx/sites-available/conversejs.j2 b/templates/etc/nginx/sites-available/conversejs.j2 index 7dfbd72..8ea5e01 100644 --- a/templates/etc/nginx/sites-available/conversejs.j2 +++ b/templates/etc/nginx/sites-available/conversejs.j2 @@ -4,7 +4,7 @@ ## LOCATIONS location / { root {{ conversejs_app_dir }}; - index {{ conversejs_mode }}.html; + index {{ item.index }}; } location ~ /\. { diff --git a/templates/etc/nginx/sites-available/cryptpad.j2 b/templates/etc/nginx/sites-available/cryptpad.j2 index 950be27..2ad165c 100644 --- a/templates/etc/nginx/sites-available/cryptpad.j2 +++ b/templates/etc/nginx/sites-available/cryptpad.j2 @@ -25,7 +25,7 @@ add_header Access-Control-Allow-Origin "*"; set $coop ''; - if ($uri ~ ^\/(sheet|presentation|doc)\/.*$) { set $coop 'same-origin'; } + if ($uri ~ ^\/(sheet|presentation|doc|convert)\/.*$) { set $coop 'same-origin'; } # Enable SharedArrayBuffer in Firefox (for .xlsx export) add_header Cross-Origin-Resource-Policy cross-origin; @@ -131,6 +131,13 @@ proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + + # These settings prevent both NGINX and the API server + # from setting the same headers and creating duplicates + proxy_hide_header Cross-Origin-Resource-Policy; + add_header Cross-Origin-Resource-Policy cross-origin; + proxy_hide_header Cross-Origin-Embedder-Policy; + add_header Cross-Origin-Embedder-Policy require-corp; } # encrypted blobs are immutable and are thus cached for a year @@ -160,6 +167,7 @@ try_files $uri =404; } +{% if item.debug is defined and item.debug == 'true' %} # This block provides an alternative means of loading content # otherwise only served via websocket. This is solely for debugging purposes, # and is thus not allowed by default. @@ -167,11 +175,12 @@ add_header Cache-Control max-age=0; try_files $uri =404; } +{% endif %} # The nodejs server has some built-in forwarding rules to prevent # URLs like /pad from resulting in a 404. This simply adds a trailing slash # to a variety of applications. - location ~ ^/(register|login|settings|user|pad|drive|poll|slide|code|whiteboard|file|media|profile|contacts|todo|filepicker|debug|kanban|sheet|support|admin|notifications|teams|calendar|presentation|doc)$ { + location ~ ^/(register|login|settings|user|pad|drive|poll|slide|code|whiteboard|file|media|profile|contacts|todo|filepicker|debug|kanban|sheet|support|admin|notifications|teams|calendar|presentation|doc|form|report|convert)$ { rewrite ^(.*)$ $1/ redirect; } {% endblock %} diff --git a/templates/etc/nginx/sites-available/hubzilla.j2 b/templates/etc/nginx/sites-available/hubzilla.j2 index 9a9fe3a..ee7c87f 100644 --- a/templates/etc/nginx/sites-available/hubzilla.j2 +++ b/templates/etc/nginx/sites-available/hubzilla.j2 @@ -5,7 +5,7 @@ index index.php; charset utf-8; include mime.types; - autoindex off + autoindex off; {% endblock %} {% block location %} @@ -62,4 +62,4 @@ deny all; } -{% endblock %} \ No newline at end of file +{% endblock %} diff --git a/templates/etc/nginx/sites-available/mumble-web.j2 b/templates/etc/nginx/sites-available/mumble-web.j2 index 40c5e41..394a061 100644 --- a/templates/etc/nginx/sites-available/mumble-web.j2 +++ b/templates/etc/nginx/sites-available/mumble-web.j2 @@ -1,4 +1,4 @@ -{% extends core.j2 %} +{% extends "core.j2" %} {% block extra_upstreams %} map $http_upgrade $connection_upgrade { @@ -13,9 +13,9 @@ map $http_upgrade $connection_upgrade { root {{ item.root }}; } location /server { - proxy_pass {{ item.mumble_proto }}://{{ item.mumble_server }}:{{ item.mumble_port }}; + proxy_pass {{ item.proto }}://{{ item.server }}:{{ item.port }}; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $connection_upgrade; } -{% endblock %} +{% endblock %}