From f92b84bd94f44bd32b4c6b799262a6e5d21f60fb Mon Sep 17 00:00:00 2001
From: ljf <ljf+git@grimaud.me>
Date: Thu, 3 Sep 2020 22:27:46 +0200
Subject: [PATCH] [fix] SSO unavailable

---
 data/templates/nginx/plain/yunohost_sso.conf.inc | 5 +++++
 data/templates/nginx/server.tpl.conf             | 3 ++-
 2 files changed, 7 insertions(+), 1 deletion(-)
 create mode 100644 data/templates/nginx/plain/yunohost_sso.conf.inc

diff --git a/data/templates/nginx/plain/yunohost_sso.conf.inc b/data/templates/nginx/plain/yunohost_sso.conf.inc
new file mode 100644
index 000000000..cb3c5453d
--- /dev/null
+++ b/data/templates/nginx/plain/yunohost_sso.conf.inc
@@ -0,0 +1,5 @@
+# Avoid the nginx path/alias traversal weakness ( #1037 )
+rewrite ^/yunohost/sso$ /yunohost/sso/ permanent;
+
+location /yunohost/sso/ {
+}
diff --git a/data/templates/nginx/server.tpl.conf b/data/templates/nginx/server.tpl.conf
index 29af9f532..8bd689a92 100644
--- a/data/templates/nginx/server.tpl.conf
+++ b/data/templates/nginx/server.tpl.conf
@@ -14,7 +14,7 @@ server {
 
     include /etc/nginx/conf.d/{{ domain }}.d/*.conf;
 
-    location /yunohost/admin {
+    location /yunohost {
         return 301 https://$http_host$request_uri;
     }
 
@@ -60,6 +60,7 @@ server {
 
     include /etc/nginx/conf.d/{{ domain }}.d/*.conf;
 
+    include /etc/nginx/conf.d/yunohost_sso.conf.inc;
     include /etc/nginx/conf.d/yunohost_admin.conf.inc;
     include /etc/nginx/conf.d/yunohost_api.conf.inc;