From c5d1b8a95df22dd5dce7d6ea5dd6c73a0967be95 Mon Sep 17 00:00:00 2001
From: Twizzay <88040412+twizzay-code@users.noreply.github.com>
Date: Sat, 10 Jun 2023 04:52:18 -0700
Subject: [PATCH] Update nginx.conf (#40)

* Update nginx.conf

Fix bug in which media was being scrubbed out by CSP

* Use __PORT__ instead of fixed value

---------

Co-authored-by: lapineige <lapineige@users.noreply.github.com>
---
 conf/nginx.conf | 17 +++++++++++++++--
 1 file changed, 15 insertions(+), 2 deletions(-)

diff --git a/conf/nginx.conf b/conf/nginx.conf
index ac25ddf..d5ac03c 100644
--- a/conf/nginx.conf
+++ b/conf/nginx.conf
@@ -36,6 +36,19 @@ location / {
   include conf.d/yunohost_panel.conf.inc;
 }
 
-location ~ ^/(proxy|media) {
-    more_set_headers "Content-Security-Policy : default-src 'none'; upgrade-insecure-requests; sandbox;";
+rewrite ^/proxy/(.*)/(.*)/.* /proxy/$1/$2 last;
+
+location ~ ^/(media|proxy) {
+  proxy_cache akkoma_media_cache;
+  proxy_cache_key    $host$uri$is_args$args;
+  proxy_http_version 1.1;
+  proxy_cache_valid  200 206 301 304 1h;
+  proxy_cache_lock on;
+  proxy_ignore_client_abort on;
+  proxy_buffering on;
+  chunked_transfer_encoding on;
+# added some stuff that seirdy said to add to make me bullet proof. B-) https://akkoma.dev/AkkomaGang/akkoma/issues/547#issuecomment-9261
+  more_set_headers "Content-Security-Policy : script-src 'none'; default-src 'none'; upgrade-insecure-requests; base-uri 'none'; form-action 'none'; 'sandbox';";
+
+  proxy_pass http://localhost:__PORT__;
 }