Disroot-Ansible
/
nginx
11
1
Fork 0
Code Pull Requests 4 Projects Releases Activity

Merge branch 'master' into akaunting

This commit is contained in:
meaz 2021-07-28 09:50:42 +00:00
parent c296082c5d 36cfb5106a
commit c97c7514f8
4 changed files with 17 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
templates/etc/nginx/sites-available/conversejs.j2
View File

@ -4,7 +4,7 @@
## LOCATIONS ## LOCATIONS
location / { location / {
root {{ conversejs_app_dir }}; root {{ conversejs_app_dir }};
index {{ conversejs_mode }}.html; index {{ item.index }};
} }
location ~ /\. { location ~ /\. {

13
templates/etc/nginx/sites-available/cryptpad.j2
View File

@ -25,7 +25,7 @@
add_header Access-Control-Allow-Origin "*"; add_header Access-Control-Allow-Origin "*";
set $coop ''; set $coop '';
if ($uri ~ ^\/(sheet|presentation|doc)\/.*$) { set $coop 'same-origin'; } if ($uri ~ ^\/(sheet|presentation|doc|convert)\/.*$) { set $coop 'same-origin'; }
# Enable SharedArrayBuffer in Firefox (for .xlsx export) # Enable SharedArrayBuffer in Firefox (for .xlsx export)
add_header Cross-Origin-Resource-Policy cross-origin; add_header Cross-Origin-Resource-Policy cross-origin;
@ -131,6 +131,13 @@
proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host; proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# These settings prevent both NGINX and the API server
# from setting the same headers and creating duplicates
proxy_hide_header Cross-Origin-Resource-Policy;
add_header Cross-Origin-Resource-Policy cross-origin;
proxy_hide_header Cross-Origin-Embedder-Policy;
add_header Cross-Origin-Embedder-Policy require-corp;
} }
# encrypted blobs are immutable and are thus cached for a year # encrypted blobs are immutable and are thus cached for a year
@ -160,6 +167,7 @@
try_files $uri =404; try_files $uri =404;
} }
{% if item.debug is defined and item.debug == 'true' %}
# This block provides an alternative means of loading content # This block provides an alternative means of loading content
# otherwise only served via websocket. This is solely for debugging purposes, # otherwise only served via websocket. This is solely for debugging purposes,
# and is thus not allowed by default. # and is thus not allowed by default.
@ -167,11 +175,12 @@
add_header Cache-Control max-age=0; add_header Cache-Control max-age=0;
try_files $uri =404; try_files $uri =404;
} }
{% endif %}
# The nodejs server has some built-in forwarding rules to prevent # The nodejs server has some built-in forwarding rules to prevent
# URLs like /pad from resulting in a 404. This simply adds a trailing slash # URLs like /pad from resulting in a 404. This simply adds a trailing slash
# to a variety of applications. # to a variety of applications.
location ~ ^/(register|login|settings|user|pad|drive|poll|slide|code|whiteboard|file|media|profile|contacts|todo|filepicker|debug|kanban|sheet|support|admin|notifications|teams|calendar|presentation|doc)$ { location ~ ^/(register|login|settings|user|pad|drive|poll|slide|code|whiteboard|file|media|profile|contacts|todo|filepicker|debug|kanban|sheet|support|admin|notifications|teams|calendar|presentation|doc|form|report|convert)$ {
rewrite ^(.*)$ $1/ redirect; rewrite ^(.*)$ $1/ redirect;
} }
{% endblock %} {% endblock %}

4
templates/etc/nginx/sites-available/hubzilla.j2
View File

@ -5,7 +5,7 @@
index index.php; index index.php;
charset utf-8; charset utf-8;
include mime.types; include mime.types;
autoindex off autoindex off;
{% endblock %} {% endblock %}
{% block location %} {% block location %}
@ -62,4 +62,4 @@
deny all; deny all;
} }
{% endblock %} {% endblock %}

6
templates/etc/nginx/sites-available/mumble-web.j2
View File

@ -1,4 +1,4 @@
{% extends core.j2 %} {% extends "core.j2" %}
{% block extra_upstreams %} {% block extra_upstreams %}
map $http_upgrade $connection_upgrade { map $http_upgrade $connection_upgrade {
@ -13,9 +13,9 @@ map $http_upgrade $connection_upgrade {
root {{ item.root }}; root {{ item.root }};
} }
location /server { location /server {
proxy_pass {{ item.mumble_proto }}://{{ item.mumble_server }}:{{ item.mumble_port }}; proxy_pass {{ item.proto }}://{{ item.server }}:{{ item.port }};
proxy_http_version 1.1; proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade; proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade; proxy_set_header Connection $connection_upgrade;
} }
{% endblock %} {% endblock %}