From 241f95935cab3cc052cdeea30c61b05a465e91af Mon Sep 17 00:00:00 2001
From: yalh76 <yalh@yahoo.com>
Date: Sun, 17 Mar 2019 23:35:04 +0100
Subject: [PATCH] Force listening locally

---
 conf/generated_config.exs |  2 +-
 conf/media.conf           |  5 ++++-
 conf/nginx.conf           | 19 +++++++++++--------
 3 files changed, 16 insertions(+), 10 deletions(-)

diff --git a/conf/generated_config.exs b/conf/generated_config.exs
index 6b7eebe..8781368 100644
--- a/conf/generated_config.exs
+++ b/conf/generated_config.exs
@@ -8,7 +8,7 @@ use Mix.Config
 config :pleroma, Pleroma.Web.Endpoint,
    url: [host: "__DOMAIN__", scheme: "https", port: 443],
    secret_key_base: "__KEY__",
-   http: [port: __PORT__]
+   http: [ip: {127, 0, 0, 1}, port: __PORT__]
 
 config :pleroma, :instance,
   name: "__INSTANCE_NAME__",
diff --git a/conf/media.conf b/conf/media.conf
index 768b570..550fae5 100644
--- a/conf/media.conf
+++ b/conf/media.conf
@@ -1,4 +1,6 @@
- location /proxy {
+ rewrite ^/proxy/(.*)/(.*)/.* /proxy/$1/$2 last;
+
+ location ~ ^/(media|proxy) {
         proxy_cache {APP}_media_cache;
         proxy_cache_key    $host$uri$is_args$args;
         proxy_http_version 1.1;
@@ -9,5 +11,6 @@
         chunked_transfer_encoding on;
         proxy_ignore_headers Cache-Control;
         proxy_hide_header Cache-Control;
+
         proxy_pass http://localhost:__PORT__;
     }
diff --git a/conf/nginx.conf b/conf/nginx.conf
index 6be7e2c..e1fb8e7 100755
--- a/conf/nginx.conf
+++ b/conf/nginx.conf
@@ -4,6 +4,17 @@
         if ($scheme = http) {
         rewrite ^ https://$server_name$request_uri? permanent;
 		}
+
+        # Standard nginx configuration
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+        proxy_set_header Host $http_host;
+
+        proxy_pass http://localhost:__PORT__;
+
+        client_max_body_size 16m;
+
         add_header 'Access-Control-Allow-Origin' '*' always;
         add_header 'Access-Control-Allow-Methods' 'POST, PUT, DELETE, GET, PATCH, OPTIONS' always;
         add_header 'Access-Control-Allow-Headers' 'Authorization, Content-Type, Idempotency-Key' always;
@@ -24,14 +35,6 @@
         # Uncomment this only after you get HTTPS working.
         # add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
 
-        proxy_http_version 1.1;
-        proxy_set_header Upgrade $http_upgrade;
-        proxy_set_header Connection "upgrade";
-        proxy_set_header Host $http_host;
-
-        proxy_pass http://localhost:__PORT__;
-
-        client_max_body_size 16m;
 
         # Include SSOWAT user panel.
         include conf.d/yunohost_panel.conf.inc;