YunoHost-Apps/funkwhale_ynh
1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/funkwhale_ynh.git synced 2024-09-03 18:36:24 +02:00
Code Issues Activity Actions 1

fix nginx one more time

Browse source
This commit is contained in:
Thomas 2023-12-13 19:58:39 +01:00 committed by GitHub
parent bdd2baf3ee
commit 33da504a81
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 2 additions and 29 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

31
conf/nginx.conf
View file

@ -7,37 +7,10 @@
client_max_body_size 100M; client_max_body_size 100M;
charset utf-8; charset utf-8;
# compression settings
gzip on;
gzip_comp_level 5;
gzip_min_length 256;
gzip_proxied any;
gzip_vary on;
gzip_types
application/javascript
application/vnd.geo+json
application/vnd.ms-fontobject
application/x-font-ttf
application/x-web-app-manifest+json
font/opentype
image/bmp
image/svg+xml
image/x-icon
text/cache-manifest
text/css
text/plain
text/vcard
text/vnd.rim.location.xloc
text/vtt
text/x-component
text/x-cross-domain-policy;
# end of compression settings
# headers # headers
more_set_headers Content-Security-Policy "default-src 'self'; connect-src https: wss: http: ws: 'self' 'unsafe-eval'; script-src 'self' 'wasm-unsafe-eval'; style-src https: http: 'self' 'unsafe-inline'; img-src https: http: 'self' data:; font-src https: http: 'self' data:; media-src https: http: 'self' data:; object-src 'none'"; more_set_headers Content-Security-Policy "default-src 'self'; connect-src https: wss: http: ws: 'self' 'unsafe-eval'; script-src 'self' 'wasm-unsafe-eval'; style-src https: http: 'self' 'unsafe-inline'; img-src https: http: 'self' data:; font-src https: http: 'self' data:; media-src https: http: 'self' data:; object-src 'none'";
more_set_headers Referrer-Policy "strict-origin-when-cross-origin"; more_set_headers Referrer-Policy "strict-origin-when-cross-origin";
more_set_headers X-Frame-Options "SAMEORIGIN" always; more_set_headers X-Frame-Options "SAMEORIGIN" always;
more_set_headers Service-Worker-Allowed "/";
location /api/ { location /api/ {
include /etc/nginx/conf.d/$domain.d/funkwhale_proxy.conf; include /etc/nginx/conf.d/$domain.d/funkwhale_proxy.conf;
@ -74,7 +47,7 @@
try_files $uri $uri/ /index.html; try_files $uri $uri/ /index.html;
} }
location ~ "/(front/)?embed.html" { location ~ "/(front/)?embed.html/" {
alias __INSTALL_DIR__/front/dist/;embed.html; alias __INSTALL_DIR__/front/dist/;embed.html;
more_set_headers Content-Security-Policy "connect-src https: http: 'self'; default-src 'self'; script-src 'self' unpkg.com 'unsafe-inline' 'unsafe-eval'; style-src https: http: 'self' 'unsafe-inline'; img-src https: http: 'self' data:; font-src https: http: 'self' data:; object-src 'none'; media-src https: http: 'self' data:"; more_set_headers Content-Security-Policy "connect-src https: http: 'self'; default-src 'self'; script-src 'self' unpkg.com 'unsafe-inline' 'unsafe-eval'; style-src https: http: 'self' 'unsafe-inline'; img-src https: http: 'self' data:; font-src https: http: 'self' data:; object-src 'none'; media-src https: http: 'self' data:";
more_set_headers Referrer-Policy "strict-origin-when-cross-origin"; more_set_headers Referrer-Policy "strict-origin-when-cross-origin";
@ -121,7 +94,7 @@
# has been checked on API side. # has been checked on API side.
# Comment the "NON-S3" commented lines and uncomment "S3" commented lines # Comment the "NON-S3" commented lines and uncomment "S3" commented lines
# if you're storing media files in a S3 bucket. # if you're storing media files in a S3 bucket.
location ~ /_protected/media/(.+) { location ~ /_protected/media/(.+)/ {
internal; internal;
alias __DATA_DIR__/data/media/$1; # NON-S3 alias __DATA_DIR__/data/media/$1; # NON-S3
# Needed to ensure DSub auth isn't forwarded to S3/Minio, see #932. # Needed to ensure DSub auth isn't forwarded to S3/Minio, see #932.