install/cryptpad
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

update nginx template.

Browse Source
This commit is contained in:
Christoph 2022-09-22 14:34:39 +02:00
parent 9fb7314455
commit 53edf9810a
1 changed files with 10 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
nginx_cryptpad.conf.tmpl
View File

@ -1,16 +1,16 @@
# -- cpad-01.oopen.de
# -- @cryptpad-url@
# we want restrict authentication to cryptpad sandbox urls "cpadsb-01.oopen.de"
# we want restrict authentication to cryptpad sandbox urls "@cryptpad_sandbox_url@"
#
#map $http_host $auth_type {
# default "off"; #This will turn off auth-basic
# cpadsb-01.oopen.de "Restricted"; #This or any other string will turn it back on
# @cryptpad_sandbox_url@ "Restricted"; #This or any other string will turn it back on
#}
server {
listen 80;
listen [::]:80;
server_name cpad-01.oopen.de;
server_name @cryptpad-url@;
return 301 https://$server_name$request_uri;
}
@ -33,8 +33,8 @@ server {
# These variables must be different to take advantage of CryptPad's sandboxing techniques.
# In the event of an XSS vulnerability in CryptPad's front-end code
# this will limit the amount of information accessible to attackers.
set $main_domain "cpad-01.oopen.de";
set $sandbox_domain "cpadsb-01.oopen.de";
set $main_domain "@cryptpad-url@";
set $sandbox_domain "@cryptpad_sandbox_url@";
# By default CryptPad allows remote domains to embed CryptPad documents in iframes.
# This behaviour can be blocked by changing $allowed_origins from "*" to the
@ -57,15 +57,15 @@ server {
set $files_domain "${main_domain}";
# nginx doesn't let you set server_name via variables, so you need to hardcode your domains here
server_name cpad-01.oopen.de cpadsb-01.oopen.de;
server_name @cryptpad-url@ @cryptpad_sandbox_url@;
# You'll need to Set the path to your certificates and keys here
# IMPORTANT: this config is intended to serve assets for at least two domains
# (your main domain and your sandbox domain). As such, you'll need to generate a single SSL certificate
# that includes both domains in order for things to work as expected.
ssl_certificate /var/lib/dehydrated/certs/cpad-01.oopen.de/fullchain.pem;
ssl_certificate_key /var/lib/dehydrated/certs/cpad-01.oopen.de/privkey.pem;
ssl_trusted_certificate /var/lib/dehydrated/certs/cpad-01.oopen.de/chain.pem;
ssl_certificate /var/lib/dehydrated/certs/@cryptpad-url@/fullchain.pem;
ssl_certificate_key /var/lib/dehydrated/certs/@cryptpad-url@/privkey.pem;
ssl_trusted_certificate /var/lib/dehydrated/certs/@cryptpad-url@/chain.pem;
# ----------
# !! inserted by ckubu !!