From 7c3ed39eea1f39951d972cadddd59a58b08967a6 Mon Sep 17 00:00:00 2001 From: DDATAA <45762540+Ddataa@users.noreply.github.com> Date: Fri, 24 Mar 2023 07:27:18 +0000 Subject: [PATCH 1/4] Update nginx.conf --- conf/nginx.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/conf/nginx.conf b/conf/nginx.conf index fba1cd7..f07531d 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -21,7 +21,7 @@ if ($args ~ ver=) { } more_set_headers "Cache-Control: $cacheControl"; set $styleSrc "'unsafe-inline' 'self' https://${main_domain}"; -set $connectSrc "'self' blob: https://${main_domain} https://${sandbox_domain} wss://${main_domain}"; +set $connectSrc "'self' https://${main_domain} blob: wss://${api_domain} https://${sandbox_domain}"; set $fontSrc "'self' data: https://${main_domain}"; set $imgSrc "'self' data: blob: https://${main_domain}"; set $frameSrc "'self' https://${sandbox_domain} blob:"; From f1d3e8b1d877ea0fe78e6b60f2435d7b47ea5798 Mon Sep 17 00:00:00 2001 From: DDATAA <45762540+Ddataa@users.noreply.github.com> Date: Fri, 24 Mar 2023 08:25:13 +0000 Subject: [PATCH 2/4] Update nginx.conf --- conf/nginx.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/conf/nginx.conf b/conf/nginx.conf index f07531d..eb2e105 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -4,7 +4,7 @@ set $allowed_origins "https://${sandbox_domain}"; set $api_domain "__DOMAIN__"; set $files_domain "__DOMAIN__"; ssl_ecdh_curve secp384r1; -more_set_headers "Strict-Transport-Security: 'max-age=31536000; includeSubDomains' always"; +more_set_headers "Strict-Transport-Security: max-age=31536000; includeSubDomains; always"; more_set_headers "X-XSS-Protection: '1; mode=block'"; more_set_headers "X-Content-Type-Options: nosniff"; more_set_headers "Access-Control-Allow-Origin: '${allowed_origins}'"; From bb1d1f155d31308f3c477eaa9622806419746365 Mon Sep 17 00:00:00 2001 From: DDATAA <45762540+Ddataa@users.noreply.github.com> Date: Fri, 24 Mar 2023 08:35:15 +0000 Subject: [PATCH 3/4] Update nginx.conf --- conf/nginx.conf | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/conf/nginx.conf b/conf/nginx.conf index eb2e105..4d9c445 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -67,9 +67,9 @@ location ~ ^/api/.*$ { } location ^~ /blob/ { if ($request_method = 'OPTIONS') { - more_set_headers "Access-Control-Allow-Origin: '${allowed_origins}'"; + more_set_headers "Access-Control-Allow-Origin: ${allowed_origins}"; more_set_headers "Access-Control-Allow-Methods: 'GET, POST, OPTIONS'"; - more_set_headers "Access-Control-Allow-Headers: 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range'"; + more_set_headers "Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range"; more_set_headers "Access-Control-Max-Age: 1728000"; more_set_headers "Content-Type: 'application/octet-stream; charset=utf-8'"; more_set_headers "Content-Length: 0"; @@ -77,10 +77,10 @@ location ^~ /blob/ { } more_set_headers "X-Content-Type-Options: nosniff"; more_set_headers "Cache-Control: max-age=31536000'"; - more_set_headers "Access-Control-Allow-Origin: '${allowed_origins}'"; + more_set_headers "Access-Control-Allow-Origin: ${allowed_origins}"; more_set_headers "Access-Control-Allow-Methods: 'GET, POST, OPTIONS'"; - more_set_headers "Access-Control-Allow-Headers: 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range,Content-Length'"; - more_set_headers "Access-Control-Expose-Headers: 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range,Content-Length'"; + more_set_headers "Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range,Content-Length"; + more_set_headers "Access-Control-Expose-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range,Content-Length"; try_files $uri =404; } location ^~ /block/ { From 57d43bde9aeb39e8f35fe984f6c3c82ddcd0dd81 Mon Sep 17 00:00:00 2001 From: Alexandre Aubin Date: Fri, 24 Mar 2023 13:36:43 +0100 Subject: [PATCH 4/4] Tweak POST_INSTALL.md --- doc/POST_INSTALL.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/doc/POST_INSTALL.md b/doc/POST_INSTALL.md index d617b01..9c530ab 100644 --- a/doc/POST_INSTALL.md +++ b/doc/POST_INSTALL.md @@ -2,12 +2,15 @@ We have added a sandbox domain: __SANDBOXDOMAIN__ for you but you still need to You will need also to restart CryptPad service after this is done. Then you can please open CryptPad domain: https://__DOMAIN__ + Once CryptPad is installed, create an account via the Sign Up button on the home page which will take you to the Register page. To make this account an instance administrator: 1. Copy the public key found in User Menu (avatar at the top right) > Settings > Account > Public Signing Key -2. Paste this key in /var/www/cryptpad/config/config.js in the following array (uncomment and replace the placeholder): +2. Paste this key in `/var/www/cryptpad/config/config.js` in the following array (uncomment and replace the placeholder): +``` adminKeys: [ "[cryptpad-user1@my.awesome.website/YZgXQxKR0Rcb6r6CmxHPdAGLVludrAF2lEnkbx1vVOo=]", ], +```