diff --git a/conf/.env b/conf/.env index f80b51f..e0f110b 100644 --- a/conf/.env +++ b/conf/.env @@ -1,10 +1,7 @@ OCIS_URL=https://__DOMAIN__ PROXY_HTTP_ADDR=127.0.0.1:__PORT__ PROXY_TLS=true -OCIS_INSECURE=false - -#OCIS_HTTP_TLS_CERTIFICATE="/etc/yunohost/certs/__DOMAIN__/crt.pem" -#OCIS_HTTP_TLS_KEY="/etc/yunohost/certs/__DOMAIN__/key.pem" +OCIS_INSECURE=true OCIS_LOG_LEVEL=warn @@ -13,17 +10,15 @@ OCIS_FORCE_CONFIG_OVERWRITE=true OCIS_CONFIG_DIR=__INSTALL_DIR__ OCIS_BASE_DATA_PATH=__DATA_DIR__ - -IDM_ADMIN_PASSWORD=__PASSWORD__ - +#IDM_ADMIN_PASSWORD=__PASSWORD__ OCIS_DEFAULT_LANGUAGE=__LANGUAGE__ #AUTH_BASIC_AUTH_MANAGER=ldap -#OCIS_LDAP_URI=ldap://localhost:9235 -#OCIS_LDAP_USER_BASE_DN="ou=users,dc=yunohost,dc=org" -#OCIS_LDAP_GROUP_BASE_DN="ou=groups,dc=yunohost,dc=org" -#OCIS_LDAP_USER_FILTER=(&(|(objectclass=posixAccount))(uid=%uid)(permission=cn=__APP__.main,ou=permission,dc=yunohost,dc=org)) -#OCIS_LDAP_LOGIN_ATTRIBUTES="uid" -#OCIS_LDAP_USER_SCHEMA_MAIL="mail" -#OCIS_LDAP_GROUP_SCHEMA_DISPLAYNAME="cn" \ No newline at end of file +#OCIS_LDAP_URI=ldap://127.0.0.1:389 +#OCIS_LDAP_USER_BASE_DN='ou=users,dc=yunohost,dc=org' +#OCIS_LDAP_GROUP_BASE_DN='ou=groups,dc=yunohost,dc=org' +#OCIS_LDAP_USER_FILTER='(&(|(objectclass=posixAccount))(uid=%uid)(permission=cn=__APP__.main,ou=permission,dc=yunohost,dc=org))' +#OCIS_LDAP_LOGIN_ATTRIBUTES=uid +#OCIS_LDAP_USER_SCHEMA_MAIL=mail +#OCIS_LDAP_GROUP_SCHEMA_DISPLAYNAME=cn diff --git a/conf/nginx.conf b/conf/nginx.conf index 1bf9fb3..9e7b372 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -2,16 +2,13 @@ location __PATH__/ { proxy_pass https://127.0.0.1:__PORT__; - proxy_redirect off; proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Host $server_name; + # OIDC Tokens in headers are quite large and can exceed default limits of reverse proxies proxy_buffers 4 256k; proxy_buffer_size 128k; proxy_busy_buffers_size 256k; + # Disable checking of client request body size client_max_body_size 0; } diff --git a/manifest.toml b/manifest.toml index 93fcf9b..7287364 100644 --- a/manifest.toml +++ b/manifest.toml @@ -44,9 +44,6 @@ ram.runtime = "50M" choices = ["de", "fr", "en"] default = "fr" - [install.admin] - type = "user" - [install.password] type = "password" diff --git a/scripts/restore b/scripts/restore index 5660de6..712a42c 100755 --- a/scripts/restore +++ b/scripts/restore @@ -17,7 +17,6 @@ ynh_script_progression --message="Restoring the app main directory..." --weight= ynh_restore_file --origin_path="$install_dir" -chmod 750 "$install_dir" chmod -R o-rwx "$install_dir" chown -R $app:www-data "$install_dir" chmod +x $install_dir/ocis diff --git a/scripts/upgrade b/scripts/upgrade index a0a93fe..4767d8d 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -33,7 +33,7 @@ then ynh_script_progression --message="Upgrading source files..." --weight=1 # Download, check integrity, uncompress and patch the source from app.src - ynh_setup_source --dest_dir="$install_dir" --keep=".ocis ocis.env" + ynh_setup_source --dest_dir="$install_dir" --keep="ocis.env ocis.yaml" fi chmod -R o-rwx "$install_dir"