YunoHost-Apps/cryptpad_ynh
1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/cryptpad_ynh.git synced 2024-09-03 18:26:14 +02:00
Code Issues Activity Actions

Fix

Browse source
This commit is contained in:
ericgaspar 2022-04-04 15:55:58 +02:00
parent 369c87afb5
commit d8c9493fee
No known key found for this signature in database
GPG key ID: 574F281483054D44
4 changed files with 88 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
conf/config.js
View file

@ -72,7 +72,7 @@ module.exports = {
* *
* CUSTOMIZE AND UNCOMMENT THIS FOR PRODUCTION INSTALLATIONS. * CUSTOMIZE AND UNCOMMENT THIS FOR PRODUCTION INSTALLATIONS.
*/ */
// httpSafeOrigin: "https://some-other-domain.xyz", httpSafeOrigin: "https://__SANDBOX_DOMAIN__",
/* httpAddress specifies the address on which the nodejs server /* httpAddress specifies the address on which the nodejs server
* should be accessible. By default it will listen on 127.0.0.1 * should be accessible. By default it will listen on 127.0.0.1

77
conf/nginx.conf
View file

@ -1,3 +1,68 @@
set $main_domain "__DOMAIN__";
set $sandbox_domain "__SANDBOX_DOMAIN__";
set $allowed_origins "*";
# set $allowed_origins "https://${sandbox_domain}";
set $api_domain "api.__DOMAIN__";
set $files_domain "files.__DOMAIN__";
server_name __DOMAIN__ __SANDBOX_DOMAIN__;
# https://cipherli.st/
ssl_ciphers EECDH+AESGCM:EDH+AESGCM;
ssl_ecdh_curve secp384r1; # Requires nginx >= 1.1.0
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
add_header X-XSS-Protection "1; mode=block";
add_header X-Content-Type-Options nosniff;
add_header Access-Control-Allow-Origin "${allowed_origins}";
# add_header X-Frame-Options "SAMEORIGIN";
# Enable SharedArrayBuffer in Firefox (for .xlsx export)
add_header Cross-Origin-Resource-Policy cross-origin;
add_header Cross-Origin-Embedder-Policy require-corp;
# Insert the path to your CryptPad repository root here
root /home/cryptpad/cryptpad;
index index.html;
error_page 404 /customize.dist/404.html;
# any static assets loaded with "ver=" in their URL will be cached for a year
if ($args ~ ver=) {
set $cacheControl max-age=31536000;
}
if ($uri ~ ^/.*(\/|\.html)$) {
set $cacheControl no-cache;
}
# Will not set any header if it is emptystring
add_header Cache-Control $cacheControl;
set $styleSrc "'unsafe-inline' 'self' https://${main_domain}";
set $connectSrc "'self' https://${main_domain} blob: wss://${api_domain} https://${sandbox_domain}";
set $fontSrc "'self' data: https://${main_domain}";
set $imgSrc "'self' data: blob: https://${main_domain}";
set $frameSrc "'self' https://${sandbox_domain} blob:";
set $mediaSrc "blob:";
set $childSrc "https://${main_domain}";
set $workerSrc "'self'";
set $scriptSrc "'self' resource: https://${main_domain}";
set $frameAncestors "'self' https://${main_domain}";
# set $frameAncestors "'self' https: vector:";
set $unsafe 0;
if ($uri ~ ^\/(sheet|doc|presentation)\/inner.html.*$) { set $unsafe 1; }
if ($uri ~ ^\/common\/onlyoffice\/.*\/.*\.html.*$) { set $unsafe 1; }
if ($host != $sandbox_domain) { set $unsafe 0; }
if ($uri ~ ^\/unsafeiframe\/inner\.html.*$) { set $unsafe 1; }
if ($unsafe) {
set $scriptSrc "'self' 'unsafe-eval' 'unsafe-inline' resource: https://${main_domain}";
}
location ^~ / { location ^~ / {
proxy_pass http://127.0.0.1:__PORT__; proxy_pass http://127.0.0.1:__PORT__;
@ -16,3 +81,15 @@ location ^~ / {
include conf.d/yunohost_panel.conf.inc; include conf.d/yunohost_panel.conf.inc;
more_clear_input_headers 'Accept-Encoding'; more_clear_input_headers 'Accept-Encoding';
} }
location ^~ /cryptpad_websocket {
proxy_pass http://localhost:__PORT__;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# WebSocket support (nginx 1.4)
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection upgrade;
}

8
manifest.json
View file

@ -38,6 +38,14 @@
"fr": "CryptPad doit être installé dans un domaine ou sous-domaine dédié." "fr": "CryptPad doit être installé dans un domaine ou sous-domaine dédié."
} }
}, },
{
"name": "sandbox_domain",
"type": "domain",
"help": {
"en": "CryptPad needs to be installed in a dedicated domain or sub-domain.",
"fr": "CryptPad doit être installé dans un domaine ou sous-domaine dédié."
}
},
{ {
"name": "admin", "name": "admin",
"type": "user" "type": "user"

2
scripts/install
View file

@ -28,6 +28,7 @@ is_public=$YNH_APP_ARG_IS_PUBLIC
path_url="/" path_url="/"
admin=$YNH_APP_ARG_ADMIN admin=$YNH_APP_ARG_ADMIN
email=$(ynh_user_get_info --username=$admin --key=mail) email=$(ynh_user_get_info --username=$admin --key=mail)
sandbox_domain=$YNH_APP_ARG_SANDBOX_DOMAIN
app=$YNH_APP_INSTANCE_NAME app=$YNH_APP_INSTANCE_NAME
@ -49,6 +50,7 @@ ynh_webpath_register --app=$app --domain=$domain --path_url=$path_url
ynh_app_setting_set --app=$app --key=domain --value=$domain ynh_app_setting_set --app=$app --key=domain --value=$domain
ynh_app_setting_set --app=$app --key=path_url --value=$path_url ynh_app_setting_set --app=$app --key=path_url --value=$path_url
ynh_app_setting_set --app=$app --key=admin --value=$admin ynh_app_setting_set --app=$app --key=admin --value=$admin
ynh_app_setting_set --app=$app --key=sandbox_domain --value=$sandbox_domain
#================================================= #=================================================
# STANDARD MODIFICATIONS # STANDARD MODIFICATIONS