2021-08-12 13:28:44 +02:00
|
|
|
location / {
|
|
|
|
|
|
|
|
# Path to source
|
2021-08-12 14:01:48 +02:00
|
|
|
alias __FINALPATH__/web/;
|
2021-08-12 13:28:44 +02:00
|
|
|
|
|
|
|
# Force usage of https
|
|
|
|
if ($scheme = http) {
|
|
|
|
rewrite ^ https://$server_name$request_uri? permanent;
|
|
|
|
}
|
|
|
|
|
|
|
|
index index.php;
|
|
|
|
|
2021-08-12 14:01:48 +02:00
|
|
|
try_files $uri $uri/ __PATH__/index.php?$query_string;
|
2021-08-12 13:28:44 +02:00
|
|
|
|
|
|
|
location ~ \.php$ {
|
|
|
|
if (!-e $request_filename) {
|
|
|
|
rewrite ^__PATH__/?(.*)$ __PATH__/index.php?/$1 last;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
fastcgi_pass unix:/var/run/php/php__PHPVERSION__-fpm-__NAME__.sock;
|
|
|
|
fastcgi_index index.php;
|
|
|
|
include fastcgi_params;
|
|
|
|
fastcgi_param REMOTE_USER $remote_user;
|
|
|
|
fastcgi_param PATH_INFO $fastcgi_path_info;
|
|
|
|
fastcgi_param SCRIPT_FILENAME $request_filename;
|
|
|
|
}
|
|
|
|
|
|
|
|
# security headers
|
|
|
|
more_set_headers "Strict-Transport-Security: max-age=63072000";
|
|
|
|
more_set_headers "X-XSS-Protection: 0";
|
|
|
|
more_set_headers "X-Content-Type-Options: nosniff";
|
|
|
|
more_set_headers "Content-Security-Policy: default-src 'self' data:; script-src 'self'; connect-src 'self' blob: https://get.elabftw.net; img-src 'self' data: blob: https://www.cornify.com; style-src 'self' 'unsafe-inline'; font-src 'self' data:; object-src 'self'; base-uri 'none'; frame-ancestors 'none'";
|
|
|
|
more_set_headers "Referrer-Policy: no-referrer";
|
|
|
|
more_set_headers "Feature-Policy: autoplay 'none'; camera 'none'; document-domain 'none'; encrypted-media 'none'; fullscreen 'self'; geolocation 'none'; microphone 'none'; midi 'none'; payment 'none'; vr 'none'";
|
|
|
|
more_set_headers "Vary: Accept-Encoding";
|
|
|
|
|
|
|
|
# Include SSOWAT user panel.
|
|
|
|
include conf.d/yunohost_panel.conf.inc;
|
|
|
|
}
|