From e7b0fd2b9c0dbacf3c4b0f8604f15e226de3f801 Mon Sep 17 00:00:00 2001
From: meaz <meaz@disroot.org>
Date: Tue, 6 Apr 2021 17:44:02 +0200
Subject: [PATCH 1/7] Fix issue and match with vars from role

---
 templates/etc/nginx/sites-available/mumble-web.j2 | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/templates/etc/nginx/sites-available/mumble-web.j2 b/templates/etc/nginx/sites-available/mumble-web.j2
index 40c5e41..394a061 100644
--- a/templates/etc/nginx/sites-available/mumble-web.j2
+++ b/templates/etc/nginx/sites-available/mumble-web.j2
@@ -1,4 +1,4 @@
-{% extends core.j2 %}
+{% extends "core.j2" %}
 
 {% block extra_upstreams %}
 map $http_upgrade $connection_upgrade {
@@ -13,9 +13,9 @@ map $http_upgrade $connection_upgrade {
     root {{ item.root }};
   }
   location /server {
-    proxy_pass {{ item.mumble_proto }}://{{ item.mumble_server }}:{{ item.mumble_port }};
+    proxy_pass {{ item.proto }}://{{ item.server }}:{{ item.port }};
     proxy_http_version 1.1;
     proxy_set_header Upgrade $http_upgrade;
     proxy_set_header Connection $connection_upgrade;
   }
-{% endblock %} 
+{% endblock %}

From 1dd23b29d01ded9f26ce2cf71532456d551aff78 Mon Sep 17 00:00:00 2001
From: muppeth <muppeth@no-reply@disroot.org>
Date: Tue, 27 Apr 2021 19:17:17 +0000
Subject: [PATCH 2/7] cryptpad - commented out by default datastore location
 (#10)

Merge branch 'cryptpad' of git.disroot.org:Disroot-Ansible/nginx into cryptpad

fixed

Merge branch 'master' into cryptpad

Merge branch 'master' into cryptpad

cryptpad - commented out by default datastore location

Co-authored-by: muppeth <muppeth@disroot.org>
Co-authored-by: meaz <meaz@no-reply@disroot.org>
Reviewed-on: https://git.disroot.org/Disroot-Ansible/nginx/pulls/10
Reviewed-by: antilopa <antilopa@no-reply@disroot.org>
Reviewed-by: meaz <meaz@no-reply@disroot.org>
Co-Authored-By: muppeth <muppeth@no-reply@disroot.org>
Co-Committed-By: muppeth <muppeth@no-reply@disroot.org>
---
 templates/etc/nginx/sites-available/cryptpad.j2 | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/templates/etc/nginx/sites-available/cryptpad.j2 b/templates/etc/nginx/sites-available/cryptpad.j2
index 950be27..963affa 100644
--- a/templates/etc/nginx/sites-available/cryptpad.j2
+++ b/templates/etc/nginx/sites-available/cryptpad.j2
@@ -160,6 +160,7 @@
     try_files $uri =404;
   }
 
+{% if item.debug is defined and item.debug == 'true' %}
   # This block provides an alternative means of loading content
   # otherwise only served via websocket. This is solely for debugging purposes,
   # and is thus not allowed by default.
@@ -167,6 +168,7 @@
     add_header Cache-Control max-age=0;
     try_files $uri =404;
   }
+{% endif %}
 
   # The nodejs server has some built-in forwarding rules to prevent
   # URLs like /pad from resulting in a 404. This simply adds a trailing slash

From 47df8450113fabd6db2c3b7cfb38a5754ae4a8a9 Mon Sep 17 00:00:00 2001
From: muppeth <muppeth@no-reply@disroot.org>
Date: Thu, 20 May 2021 09:07:28 +0000
Subject: [PATCH 3/7] small fix for hubzilla template (#12)

Co-authored-by: muppeth <muppeth@disroot.org>
Reviewed-on: https://git.disroot.org/Disroot-Ansible/nginx/pulls/12
Reviewed-by: meaz <meaz@no-reply@disroot.org>
Reviewed-by: antilopa <antilopa@no-reply@disroot.org>
Co-authored-by: muppeth <muppeth@no-reply@disroot.org>
Co-committed-by: muppeth <muppeth@no-reply@disroot.org>
---
 templates/etc/nginx/sites-available/hubzilla.j2 | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/templates/etc/nginx/sites-available/hubzilla.j2 b/templates/etc/nginx/sites-available/hubzilla.j2
index 9a9fe3a..ee7c87f 100644
--- a/templates/etc/nginx/sites-available/hubzilla.j2
+++ b/templates/etc/nginx/sites-available/hubzilla.j2
@@ -5,7 +5,7 @@
   index index.php;
   charset utf-8;
   include mime.types;
-  autoindex off
+  autoindex off;
 {% endblock %}
 
 {% block location %}
@@ -62,4 +62,4 @@
     deny all;
   }
 
-{% endblock %}
\ No newline at end of file
+{% endblock %}

From bf33fdc640b1eca92c27fbdee85deb112144b8e9 Mon Sep 17 00:00:00 2001
From: meaz <meaz@disroot.org>
Date: Tue, 1 Jun 2021 17:54:32 +0200
Subject: [PATCH 4/7] add new config section in cryptpad

---
 templates/etc/nginx/sites-available/cryptpad.j2 | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/templates/etc/nginx/sites-available/cryptpad.j2 b/templates/etc/nginx/sites-available/cryptpad.j2
index 963affa..d1d411c 100644
--- a/templates/etc/nginx/sites-available/cryptpad.j2
+++ b/templates/etc/nginx/sites-available/cryptpad.j2
@@ -131,6 +131,13 @@
     proxy_set_header X-Real-IP $remote_addr;
     proxy_set_header Host $host;
     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+
+    # These settings prevent both NGINX and the API server
+    # from setting the same headers and creating duplicates
+    proxy_hide_header Cross-Origin-Resource-Policy;
+    add_header Cross-Origin-Resource-Policy cross-origin;
+    proxy_hide_header Cross-Origin-Embedder-Policy;
+    add_header Cross-Origin-Embedder-Policy require-corp;
   }
 
   # encrypted blobs are immutable and are thus cached for a year

From 361ec7afe3ab54fa02e74755d7f76f413363644a Mon Sep 17 00:00:00 2001
From: muppeth <muppeth@no-reply@disroot.org>
Date: Tue, 8 Jun 2021 21:28:31 +0000
Subject: [PATCH 5/7] conversejs template - changed index variable (#14)

Co-authored-by: muppeth <muppeth@disroot.org>
Reviewed-on: https://git.disroot.org/Disroot-Ansible/nginx/pulls/14
Reviewed-by: meaz <meaz@no-reply@disroot.org>
Reviewed-by: antilopa <antilopa@no-reply@disroot.org>
Co-authored-by: muppeth <muppeth@no-reply@disroot.org>
Co-committed-by: muppeth <muppeth@no-reply@disroot.org>
---
 templates/etc/nginx/sites-available/conversejs.j2 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/templates/etc/nginx/sites-available/conversejs.j2 b/templates/etc/nginx/sites-available/conversejs.j2
index 7dfbd72..8ea5e01 100644
--- a/templates/etc/nginx/sites-available/conversejs.j2
+++ b/templates/etc/nginx/sites-available/conversejs.j2
@@ -4,7 +4,7 @@
 ## LOCATIONS
   location / {
     root {{ conversejs_app_dir }};
-    index {{ conversejs_mode }}.html;
+    index {{ item.index }};
   }
 
   location ~ /\. {

From 56a52771982327fcaebf0651fe54d6e969ca08d3 Mon Sep 17 00:00:00 2001
From: meaz <meaz@disroot.org>
Date: Thu, 17 Jun 2021 06:28:56 +0200
Subject: [PATCH 6/7] update to 4.7.0

---
 templates/etc/nginx/sites-available/cryptpad.j2 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/templates/etc/nginx/sites-available/cryptpad.j2 b/templates/etc/nginx/sites-available/cryptpad.j2
index d1d411c..038a61e 100644
--- a/templates/etc/nginx/sites-available/cryptpad.j2
+++ b/templates/etc/nginx/sites-available/cryptpad.j2
@@ -180,7 +180,7 @@
   # The nodejs server has some built-in forwarding rules to prevent
   # URLs like /pad from resulting in a 404. This simply adds a trailing slash
   # to a variety of applications.
-  location ~ ^/(register|login|settings|user|pad|drive|poll|slide|code|whiteboard|file|media|profile|contacts|todo|filepicker|debug|kanban|sheet|support|admin|notifications|teams|calendar|presentation|doc)$ {
+  location ~ ^/(register|login|settings|user|pad|drive|poll|slide|code|whiteboard|file|media|profile|contacts|todo|filepicker|debug|kanban|sheet|support|admin|notifications|teams|calendar|presentation|doc|form|report)$ {
       rewrite ^(.*)$ $1/ redirect;
   }
 {% endblock %}

From 62d15822d880133129e8ca5767a62e010571d0f4 Mon Sep 17 00:00:00 2001
From: meaz <meaz@disroot.org>
Date: Thu, 8 Jul 2021 10:59:26 +0200
Subject: [PATCH 7/7] update to 4.8.0

---
 templates/etc/nginx/sites-available/cryptpad.j2 | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/templates/etc/nginx/sites-available/cryptpad.j2 b/templates/etc/nginx/sites-available/cryptpad.j2
index 038a61e..2ad165c 100644
--- a/templates/etc/nginx/sites-available/cryptpad.j2
+++ b/templates/etc/nginx/sites-available/cryptpad.j2
@@ -25,7 +25,7 @@
   add_header Access-Control-Allow-Origin "*";
 
   set $coop '';
- if ($uri ~ ^\/(sheet|presentation|doc)\/.*$) { set $coop 'same-origin'; }
+ if ($uri ~ ^\/(sheet|presentation|doc|convert)\/.*$) { set $coop 'same-origin'; }
 
   # Enable SharedArrayBuffer in Firefox (for .xlsx export)
   add_header Cross-Origin-Resource-Policy cross-origin;
@@ -180,7 +180,7 @@
   # The nodejs server has some built-in forwarding rules to prevent
   # URLs like /pad from resulting in a 404. This simply adds a trailing slash
   # to a variety of applications.
-  location ~ ^/(register|login|settings|user|pad|drive|poll|slide|code|whiteboard|file|media|profile|contacts|todo|filepicker|debug|kanban|sheet|support|admin|notifications|teams|calendar|presentation|doc|form|report)$ {
+  location ~ ^/(register|login|settings|user|pad|drive|poll|slide|code|whiteboard|file|media|profile|contacts|todo|filepicker|debug|kanban|sheet|support|admin|notifications|teams|calendar|presentation|doc|form|report|convert)$ {
       rewrite ^(.*)$ $1/ redirect;
   }
 {% endblock %}