From aa7d197f00ab8cf8130725f44147d3fbfdfec6f1 Mon Sep 17 00:00:00 2001 From: frju365 Date: Fri, 28 Apr 2017 11:34:07 +0200 Subject: [PATCH] Update nginx.conf --- conf/nginx.conf | 82 +++++++++++++++++++++++-------------------------- 1 file changed, 39 insertions(+), 43 deletions(-) diff --git a/conf/nginx.conf b/conf/nginx.conf index 8f34500..b81156c 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -1,28 +1,26 @@ -location / { - if ($args ~ ver=) { - set $cacheControl max-age=31536000; - } - # Will not set any header if it is emptystring - add_header Cache-Control $cacheControl; - - if ($scheme = http) { - rewrite ^ https://$server_name$request_uri? permanent; - } - - set $styleSrc "'unsafe-inline' 'self'"; - set $scriptSrc "'self'"; - set $connectSrc "'self' wss://cryptpad.fr wss://api.cryptpad.fr"; - set $fontSrc "'self'"; - set $imgSrc "data: *"; - set $frameSrc "'self' beta.cryptpad.fr"; +root ROOT_PATH; +index index.html; - if ($uri = /pad/inner.html) { - set $scriptSrc "'self' 'unsafe-eval' 'unsafe-inline'"; - } - add_header Content-Security-Policy "default-src 'none'; style-src $styleSrc; script-src $scriptSrc; connect-src $connectSrc; font-src $fontSrc; img-src $imgSrc; frame-src $frameSrc;"; +if ($args ~ ver=) { + set $cacheControl max-age=31536000; +} +# Will not set any header if it is emptystring +add_header Cache-Control $cacheControl; - location = /cryptpad_websocket { - proxy_pass http://localhost:__PORT__/; +set $styleSrc "'unsafe-inline' 'self'"; + set $scriptSrc "'self'"; + set $connectSrc "'self' wss://cryptpad.fr wss://api.cryptpad.fr"; + set $fontSrc "'self'"; + set $imgSrc "data: *"; + set $frameSrc "'self' beta.cryptpad.fr"; + + if ($uri = /pad/inner.html) { + set $scriptSrc "'self' 'unsafe-eval' 'unsafe-inline'"; + } + add_header Content-Security-Policy "default-src 'none'; style-src $styleSrc; script-src $scriptSrc; connect-src $connectSrc; font-src $fontSrc; img-src $imgSrc; frame-src $frameSrc;"; + + location = /cryptpad_websocket { + proxy_pass http://localhost:3000; proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; @@ -32,27 +30,25 @@ location / { proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection upgrade; - } + } - location ^~ /customize.dist/ { - # This is needed in order to prevent infinite recursion between /customize/ and the root - } - location ^~ /customize/ { - rewrite ^/customize/(.*)$ $1 break; - try_files /customize/$uri /customize.dist/$uri; - } - location = /api/config { - default_type text/javascript; - rewrite ^.*$ /customize/api/config break; - } + location ^~ /customize.dist/ { + # This is needed in order to prevent infinite recursion between /customize/ and the root + } + location ^~ /customize/ { + rewrite ^/customize/(.*)$ $1 break; + try_files /customize/$uri /customize.dist/$uri; + } + location = /api/config { + default_type text/javascript; + rewrite ^.*$ /customize/api/config break; + } - ## TODO fix in the code so that we don't need this - location ~ ^/(register|login|settings|user|pad|drive|poll|slide|code|whiteboard)$ { - rewrite ^(.*)$ $1/ redirect; - } - - try_files /www/$uri /www/$uri/index.html /customize/$uri; + ## TODO fix in the code so that we don't need this + location ~ ^/(register|login|settings|user|pad|drive|poll|slide|code|whiteboard)$ { + rewrite ^(.*)$ $1/ redirect; + } + try_files /www/$uri /www/$uri/index.html /customize/$uri; # Include SSOWAT user panel. - include conf.d/yunohost_panel.conf.inc; -} + include conf.d/yunohost_panel.conf.inc;