funkwhale_ynh/conf/nginx.conf

root __FINALPATH__/front/dist;

location / {

  # Force usage of https
  if ($scheme = http) {
    rewrite ^ https://$server_name$request_uri? permanent;
  }

  # global proxy conf
  proxy_set_header Host $host;
  proxy_set_header X-Real-IP $remote_addr;
  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  proxy_set_header X-Forwarded-Proto $scheme;
  proxy_set_header X-Forwarded-Host $host:$server_port;
  proxy_set_header X-Forwarded-Port $server_port;
  proxy_redirect off;

  # websocket support
  proxy_http_version 1.1;
  proxy_set_header Upgrade $http_upgrade;
  proxy_set_header Connection $connection_upgrade;

  # this is needed if you have file import via upload enabled
  client_max_body_size 100M;
  proxy_pass   http://127.0.0.1:__PORT__/;

  # Include SSOWAT user panel.
  include conf.d/yunohost_panel.conf.inc;
}

location /front/ {
  more_set_headers "Content-Security-Policy: default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self' data:; object-src 'none'; media-src 'self' data:";
  more_set_headers "Referrer-Policy: strict-origin-when-cross-origin";
  more_set_headers "Service-Worker-Allowed: /";
  more_set_headers "X-Frame-Options: SAMEORIGIN";
  alias __FINALPATH__/front/dist/;
  expires 30d;
  more_set_headers "Pragma: public";
  more_set_headers "Cache-Control: public, must-revalidate, proxy-revalidate";
}

location /front/embed.html {
  more_set_headers "Content-Security-Policy: default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self' data:; object-src 'none'; media-src 'self' data:";
  more_set_headers "Referrer-Policy: strict-origin-when-cross-origin";

  more_set_headers "X-Frame-Options: ALLOW";
  alias __FINALPATH__/front/dist/embed.html;
  expires 30d;
  more_set_headers "Pragma: public";
  more_set_headers "Cache-Control: public, must-revalidate, proxy-revalidate";
}

location /federation/ {

  # global proxy conf
  proxy_set_header Host $host;
  proxy_set_header X-Real-IP $remote_addr;
  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  proxy_set_header X-Forwarded-Proto $scheme;
  proxy_set_header X-Forwarded-Host $host:$server_port;
  proxy_set_header X-Forwarded-Port $server_port;
  proxy_redirect off;

  # websocket support
  proxy_http_version 1.1;
  proxy_set_header Upgrade $http_upgrade;
  proxy_set_header Connection $connection_upgrade;

  proxy_pass   http://127.0.0.1:__PORT__/federation/;
}

# You can comment this if you do not plan to use the Subsonic API
location /rest/ {

  # global proxy conf
  proxy_set_header Host $host;
  proxy_set_header X-Real-IP $remote_addr;
  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  proxy_set_header X-Forwarded-Proto $scheme;
  proxy_set_header X-Forwarded-Host $host:$server_port;
  proxy_set_header X-Forwarded-Port $server_port;
  proxy_redirect off;

  # websocket support
  proxy_http_version 1.1;
  proxy_set_header Upgrade $http_upgrade;
  proxy_set_header Connection $connection_upgrade;

  proxy_pass   http://127.0.0.1:__PORT__/api/subsonic/rest/;
}

location /.well-known/ {

  # global proxy conf
  proxy_set_header Host $host;
  proxy_set_header X-Real-IP $remote_addr;
  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  proxy_set_header X-Forwarded-Proto $scheme;
  proxy_set_header X-Forwarded-Host $host:$server_port;
  proxy_set_header X-Forwarded-Port $server_port;
  proxy_redirect off;

  # websocket support
  proxy_http_version 1.1;
  proxy_set_header Upgrade $http_upgrade;
  proxy_set_header Connection $connection_upgrade;

  proxy_pass   http://127.0.0.1:__PORT__/.well-known/;
}

location /media/ {
  alias __DATADIR__/media/;
}

location /_protected/media/ {
  # this is an internal location that is used to serve
  # audio files once correct permission / authentication
  # has been checked on API side
  internal;
  alias   __DATADIR__/media;
}

# Comment the previous location and uncomment this one if you're storing
# media files in a S3 bucket
# location ~ /_protected/media/(.+) {
#   internal;
#   # Needed to ensure DSub auth isn't forwarded to S3/Minio, see #932
#   proxy_set_header Authorization "";
#   proxy_pass $1;
# }

location /_protected/music {
  # this is an internal location that is used to serve
  # audio files once correct permission / authentication
  # has been checked on API side
  # Set this to the same value as your MUSIC_DIRECTORY_PATH setting
  internal;
  alias   __DATADIR__/music;
}

location /staticfiles/ {
  # django static files
  alias __DATADIR__/static/;
}
Apply Example_ynh (#131) * Testing (#130) * Uprade to 1.1 and fixes Twisted by retrograding it (#129) * Apply example_ynh Fix #15 * Fix services * Fix several merging * Stick to official install process * fix path_transversal * Using option '--log_type systemd' with 'yunohost service add' is not relevant anymore * Try to fix package_check * Fix package_check test * Update check_process * Trying to fix package_check * Update env.prod * remove sleep * Better service name * missing datadir * line 111: upgrade_type: unbound variable * Implement --is_big * Fix stopping service from previous version * Fix upgrade * Fix upgrade * Apply example_ynh * Apply example_ynh * Fix rights * Update api.src * Update env.prod * Update front.src * Update manifest.json * Update README.md * Update README_fr.md * Fix chmod * Fix rights Co-authored-by: Thomas <51749973+Thovi98@users.noreply.github.com> Co-authored-by: Éric Gaspar <46165813+ericgaspar@users.noreply.github.com> 2021-04-16 14:14:27 +02:00			`root __FINALPATH__/front/dist;`

upgrade to 1.18.2 2019-02-15 06:46:40 +01:00			`location / {`
Apply Example_ynh (#131) * Testing (#130) * Uprade to 1.1 and fixes Twisted by retrograding it (#129) * Apply example_ynh Fix #15 * Fix services * Fix several merging * Stick to official install process * fix path_transversal * Using option '--log_type systemd' with 'yunohost service add' is not relevant anymore * Try to fix package_check * Fix package_check test * Update check_process * Trying to fix package_check * Update env.prod * remove sleep * Better service name * missing datadir * line 111: upgrade_type: unbound variable * Implement --is_big * Fix stopping service from previous version * Fix upgrade * Fix upgrade * Apply example_ynh * Apply example_ynh * Fix rights * Update api.src * Update env.prod * Update front.src * Update manifest.json * Update README.md * Update README_fr.md * Fix chmod * Fix rights Co-authored-by: Thomas <51749973+Thovi98@users.noreply.github.com> Co-authored-by: Éric Gaspar <46165813+ericgaspar@users.noreply.github.com> 2021-04-16 14:14:27 +02:00
			`# Force usage of https`
			`if ($scheme = http) {`
			`rewrite ^ https://$server_name$request_uri? permanent;`
			`}`

			`# global proxy conf`
			`proxy_set_header Host $host;`
			`proxy_set_header X-Real-IP $remote_addr;`
			`proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;`
			`proxy_set_header X-Forwarded-Proto $scheme;`
			`proxy_set_header X-Forwarded-Host $host:$server_port;`
			`proxy_set_header X-Forwarded-Port $server_port;`
			`proxy_redirect off;`

			`# websocket support`
			`proxy_http_version 1.1;`
			`proxy_set_header Upgrade $http_upgrade;`
			`proxy_set_header Connection $connection_upgrade;`

			`# this is needed if you have file import via upload enabled`
			`client_max_body_size 100M;`
			`proxy_pass http://127.0.0.1:__PORT__/;`

			`# Include SSOWAT user panel.`
			`include conf.d/yunohost_panel.conf.inc;`
First installation script, it doesn't work yet 2018-04-17 00:02:25 +02:00			`}`

Update O.18 - minimal 2019-01-26 20:00:47 +01:00			`location /front/ {`
Apply Example_ynh (#131) * Testing (#130) * Uprade to 1.1 and fixes Twisted by retrograding it (#129) * Apply example_ynh Fix #15 * Fix services * Fix several merging * Stick to official install process * fix path_transversal * Using option '--log_type systemd' with 'yunohost service add' is not relevant anymore * Try to fix package_check * Fix package_check test * Update check_process * Trying to fix package_check * Update env.prod * remove sleep * Better service name * missing datadir * line 111: upgrade_type: unbound variable * Implement --is_big * Fix stopping service from previous version * Fix upgrade * Fix upgrade * Apply example_ynh * Apply example_ynh * Fix rights * Update api.src * Update env.prod * Update front.src * Update manifest.json * Update README.md * Update README_fr.md * Fix chmod * Fix rights Co-authored-by: Thomas <51749973+Thovi98@users.noreply.github.com> Co-authored-by: Éric Gaspar <46165813+ericgaspar@users.noreply.github.com> 2021-04-16 14:14:27 +02:00			`more_set_headers "Content-Security-Policy: default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self' data:; object-src 'none'; media-src 'self' data:";`
			`more_set_headers "Referrer-Policy: strict-origin-when-cross-origin";`
			`more_set_headers "Service-Worker-Allowed: /";`
			`more_set_headers "X-Frame-Options: SAMEORIGIN";`
			`alias __FINALPATH__/front/dist/;`
			`expires 30d;`
			`more_set_headers "Pragma: public";`
			`more_set_headers "Cache-Control: public, must-revalidate, proxy-revalidate";`
Upgrade to 2.29 2019-10-31 18:25:28 +01:00			`}`

			`location /front/embed.html {`
Apply Example_ynh (#131) * Testing (#130) * Uprade to 1.1 and fixes Twisted by retrograding it (#129) * Apply example_ynh Fix #15 * Fix services * Fix several merging * Stick to official install process * fix path_transversal * Using option '--log_type systemd' with 'yunohost service add' is not relevant anymore * Try to fix package_check * Fix package_check test * Update check_process * Trying to fix package_check * Update env.prod * remove sleep * Better service name * missing datadir * line 111: upgrade_type: unbound variable * Implement --is_big * Fix stopping service from previous version * Fix upgrade * Fix upgrade * Apply example_ynh * Apply example_ynh * Fix rights * Update api.src * Update env.prod * Update front.src * Update manifest.json * Update README.md * Update README_fr.md * Fix chmod * Fix rights Co-authored-by: Thomas <51749973+Thovi98@users.noreply.github.com> Co-authored-by: Éric Gaspar <46165813+ericgaspar@users.noreply.github.com> 2021-04-16 14:14:27 +02:00			`more_set_headers "Content-Security-Policy: default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self' data:; object-src 'none'; media-src 'self' data:";`
			`more_set_headers "Referrer-Policy: strict-origin-when-cross-origin";`

			`more_set_headers "X-Frame-Options: ALLOW";`
			`alias __FINALPATH__/front/dist/embed.html;`
			`expires 30d;`
			`more_set_headers "Pragma: public";`
			`more_set_headers "Cache-Control: public, must-revalidate, proxy-revalidate";`
First installation script, it doesn't work yet 2018-04-17 00:02:25 +02:00			`}`

			`location /federation/ {`

Apply Example_ynh (#131) * Testing (#130) * Uprade to 1.1 and fixes Twisted by retrograding it (#129) * Apply example_ynh Fix #15 * Fix services * Fix several merging * Stick to official install process * fix path_transversal * Using option '--log_type systemd' with 'yunohost service add' is not relevant anymore * Try to fix package_check * Fix package_check test * Update check_process * Trying to fix package_check * Update env.prod * remove sleep * Better service name * missing datadir * line 111: upgrade_type: unbound variable * Implement --is_big * Fix stopping service from previous version * Fix upgrade * Fix upgrade * Apply example_ynh * Apply example_ynh * Fix rights * Update api.src * Update env.prod * Update front.src * Update manifest.json * Update README.md * Update README_fr.md * Fix chmod * Fix rights Co-authored-by: Thomas <51749973+Thovi98@users.noreply.github.com> Co-authored-by: Éric Gaspar <46165813+ericgaspar@users.noreply.github.com> 2021-04-16 14:14:27 +02:00			`# global proxy conf`
			`proxy_set_header Host $host;`
			`proxy_set_header X-Real-IP $remote_addr;`
			`proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;`
			`proxy_set_header X-Forwarded-Proto $scheme;`
			`proxy_set_header X-Forwarded-Host $host:$server_port;`
			`proxy_set_header X-Forwarded-Port $server_port;`
			`proxy_redirect off;`
upgrade to 1.18.2 2019-02-15 06:46:40 +01:00
Apply Example_ynh (#131) * Testing (#130) * Uprade to 1.1 and fixes Twisted by retrograding it (#129) * Apply example_ynh Fix #15 * Fix services * Fix several merging * Stick to official install process * fix path_transversal * Using option '--log_type systemd' with 'yunohost service add' is not relevant anymore * Try to fix package_check * Fix package_check test * Update check_process * Trying to fix package_check * Update env.prod * remove sleep * Better service name * missing datadir * line 111: upgrade_type: unbound variable * Implement --is_big * Fix stopping service from previous version * Fix upgrade * Fix upgrade * Apply example_ynh * Apply example_ynh * Fix rights * Update api.src * Update env.prod * Update front.src * Update manifest.json * Update README.md * Update README_fr.md * Fix chmod * Fix rights Co-authored-by: Thomas <51749973+Thovi98@users.noreply.github.com> Co-authored-by: Éric Gaspar <46165813+ericgaspar@users.noreply.github.com> 2021-04-16 14:14:27 +02:00			`# websocket support`
			`proxy_http_version 1.1;`
			`proxy_set_header Upgrade $http_upgrade;`
			`proxy_set_header Connection $connection_upgrade;`

			`proxy_pass http://127.0.0.1:__PORT__/federation/;`
upgrade to 1.18.2 2019-02-15 06:46:40 +01:00			`}`

Apply Example_ynh (#131) * Testing (#130) * Uprade to 1.1 and fixes Twisted by retrograding it (#129) * Apply example_ynh Fix #15 * Fix services * Fix several merging * Stick to official install process * fix path_transversal * Using option '--log_type systemd' with 'yunohost service add' is not relevant anymore * Try to fix package_check * Fix package_check test * Update check_process * Trying to fix package_check * Update env.prod * remove sleep * Better service name * missing datadir * line 111: upgrade_type: unbound variable * Implement --is_big * Fix stopping service from previous version * Fix upgrade * Fix upgrade * Apply example_ynh * Apply example_ynh * Fix rights * Update api.src * Update env.prod * Update front.src * Update manifest.json * Update README.md * Update README_fr.md * Fix chmod * Fix rights Co-authored-by: Thomas <51749973+Thovi98@users.noreply.github.com> Co-authored-by: Éric Gaspar <46165813+ericgaspar@users.noreply.github.com> 2021-04-16 14:14:27 +02:00			`# You can comment this if you do not plan to use the Subsonic API`
			`location /rest/ {`

			`# global proxy conf`
			`proxy_set_header Host $host;`
			`proxy_set_header X-Real-IP $remote_addr;`
			`proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;`
			`proxy_set_header X-Forwarded-Proto $scheme;`
			`proxy_set_header X-Forwarded-Host $host:$server_port;`
			`proxy_set_header X-Forwarded-Port $server_port;`
			`proxy_redirect off;`

			`# websocket support`
			`proxy_http_version 1.1;`
			`proxy_set_header Upgrade $http_upgrade;`
			`proxy_set_header Connection $connection_upgrade;`

			`proxy_pass http://127.0.0.1:__PORT__/api/subsonic/rest/;`
			`}`
upgrade to 1.18.2 2019-02-15 06:46:40 +01:00
Upgrade to 0.12 2018-05-10 18:54:23 +02:00			`location /.well-known/ {`
Apply Example_ynh (#131) * Testing (#130) * Uprade to 1.1 and fixes Twisted by retrograding it (#129) * Apply example_ynh Fix #15 * Fix services * Fix several merging * Stick to official install process * fix path_transversal * Using option '--log_type systemd' with 'yunohost service add' is not relevant anymore * Try to fix package_check * Fix package_check test * Update check_process * Trying to fix package_check * Update env.prod * remove sleep * Better service name * missing datadir * line 111: upgrade_type: unbound variable * Implement --is_big * Fix stopping service from previous version * Fix upgrade * Fix upgrade * Apply example_ynh * Apply example_ynh * Fix rights * Update api.src * Update env.prod * Update front.src * Update manifest.json * Update README.md * Update README_fr.md * Fix chmod * Fix rights Co-authored-by: Thomas <51749973+Thovi98@users.noreply.github.com> Co-authored-by: Éric Gaspar <46165813+ericgaspar@users.noreply.github.com> 2021-04-16 14:14:27 +02:00
			`# global proxy conf`
			`proxy_set_header Host $host;`
			`proxy_set_header X-Real-IP $remote_addr;`
			`proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;`
			`proxy_set_header X-Forwarded-Proto $scheme;`
			`proxy_set_header X-Forwarded-Host $host:$server_port;`
			`proxy_set_header X-Forwarded-Port $server_port;`
			`proxy_redirect off;`

			`# websocket support`
			`proxy_http_version 1.1;`
			`proxy_set_header Upgrade $http_upgrade;`
			`proxy_set_header Connection $connection_upgrade;`

			`proxy_pass http://127.0.0.1:__PORT__/.well-known/;`
First installation script, it doesn't work yet 2018-04-17 00:02:25 +02:00			`}`

			`location /media/ {`
Apply Example_ynh (#131) * Testing (#130) * Uprade to 1.1 and fixes Twisted by retrograding it (#129) * Apply example_ynh Fix #15 * Fix services * Fix several merging * Stick to official install process * fix path_transversal * Using option '--log_type systemd' with 'yunohost service add' is not relevant anymore * Try to fix package_check * Fix package_check test * Update check_process * Trying to fix package_check * Update env.prod * remove sleep * Better service name * missing datadir * line 111: upgrade_type: unbound variable * Implement --is_big * Fix stopping service from previous version * Fix upgrade * Fix upgrade * Apply example_ynh * Apply example_ynh * Fix rights * Update api.src * Update env.prod * Update front.src * Update manifest.json * Update README.md * Update README_fr.md * Fix chmod * Fix rights Co-authored-by: Thomas <51749973+Thovi98@users.noreply.github.com> Co-authored-by: Éric Gaspar <46165813+ericgaspar@users.noreply.github.com> 2021-04-16 14:14:27 +02:00			`alias __DATADIR__/media/;`
First installation script, it doesn't work yet 2018-04-17 00:02:25 +02:00			`}`

Update conf/nginx.conf Co-authored-by: Thomas <51749973+Thovi98@users.noreply.github.com> 2021-04-16 19:13:04 +02:00			`location /_protected/media/ {`
Apply Example_ynh (#131) * Testing (#130) * Uprade to 1.1 and fixes Twisted by retrograding it (#129) * Apply example_ynh Fix #15 * Fix services * Fix several merging * Stick to official install process * fix path_transversal * Using option '--log_type systemd' with 'yunohost service add' is not relevant anymore * Try to fix package_check * Fix package_check test * Update check_process * Trying to fix package_check * Update env.prod * remove sleep * Better service name * missing datadir * line 111: upgrade_type: unbound variable * Implement --is_big * Fix stopping service from previous version * Fix upgrade * Fix upgrade * Apply example_ynh * Apply example_ynh * Fix rights * Update api.src * Update env.prod * Update front.src * Update manifest.json * Update README.md * Update README_fr.md * Fix chmod * Fix rights Co-authored-by: Thomas <51749973+Thovi98@users.noreply.github.com> Co-authored-by: Éric Gaspar <46165813+ericgaspar@users.noreply.github.com> 2021-04-16 14:14:27 +02:00			`# this is an internal location that is used to serve`
			`# audio files once correct permission / authentication`
			`# has been checked on API side`
			`internal;`
			`alias __DATADIR__/media;`
First installation script, it doesn't work yet 2018-04-17 00:02:25 +02:00			`}`

Apply Example_ynh (#131) * Testing (#130) * Uprade to 1.1 and fixes Twisted by retrograding it (#129) * Apply example_ynh Fix #15 * Fix services * Fix several merging * Stick to official install process * fix path_transversal * Using option '--log_type systemd' with 'yunohost service add' is not relevant anymore * Try to fix package_check * Fix package_check test * Update check_process * Trying to fix package_check * Update env.prod * remove sleep * Better service name * missing datadir * line 111: upgrade_type: unbound variable * Implement --is_big * Fix stopping service from previous version * Fix upgrade * Fix upgrade * Apply example_ynh * Apply example_ynh * Fix rights * Update api.src * Update env.prod * Update front.src * Update manifest.json * Update README.md * Update README_fr.md * Fix chmod * Fix rights Co-authored-by: Thomas <51749973+Thovi98@users.noreply.github.com> Co-authored-by: Éric Gaspar <46165813+ericgaspar@users.noreply.github.com> 2021-04-16 14:14:27 +02:00			`# Comment the previous location and uncomment this one if you're storing`
			`# media files in a S3 bucket`
			`# location ~ /_protected/media/(.+) {`
			`# internal;`
			`# # Needed to ensure DSub auth isn't forwarded to S3/Minio, see #932`
			`# proxy_set_header Authorization "";`
			`# proxy_pass $1;`
			`# }`

			`location /_protected/music {`
			`# this is an internal location that is used to serve`
			`# audio files once correct permission / authentication`
			`# has been checked on API side`
			`# Set this to the same value as your MUSIC_DIRECTORY_PATH setting`
			`internal;`
			`alias __DATADIR__/music;`
First installation script, it doesn't work yet 2018-04-17 00:02:25 +02:00			`}`

			`location /staticfiles/ {`
Apply Example_ynh (#131) * Testing (#130) * Uprade to 1.1 and fixes Twisted by retrograding it (#129) * Apply example_ynh Fix #15 * Fix services * Fix several merging * Stick to official install process * fix path_transversal * Using option '--log_type systemd' with 'yunohost service add' is not relevant anymore * Try to fix package_check * Fix package_check test * Update check_process * Trying to fix package_check * Update env.prod * remove sleep * Better service name * missing datadir * line 111: upgrade_type: unbound variable * Implement --is_big * Fix stopping service from previous version * Fix upgrade * Fix upgrade * Apply example_ynh * Apply example_ynh * Fix rights * Update api.src * Update env.prod * Update front.src * Update manifest.json * Update README.md * Update README_fr.md * Fix chmod * Fix rights Co-authored-by: Thomas <51749973+Thovi98@users.noreply.github.com> Co-authored-by: Éric Gaspar <46165813+ericgaspar@users.noreply.github.com> 2021-04-16 14:14:27 +02:00			`# django static files`
			`alias __DATADIR__/static/;`
fix channel redis issue 2019-08-28 23:50:20 +02:00			`}`