53 lines
2.1 KiB
Django/Jinja
53 lines
2.1 KiB
Django/Jinja
#
|
|
# This file is provided by publik-common package: DO NOT EDIT.
|
|
#
|
|
|
|
location ~ ^/static/(.+)$ {
|
|
root /;
|
|
try_files /var/lib/{{ MODULE }}/tenants/$host/static/$1
|
|
/var/lib/{{ MODULE }}/tenants/$host/theme/static/$1
|
|
/var/lib/{{ MODULE }}/collectstatic/$1
|
|
=404;
|
|
add_header 'X-Content-Type-Options' 'nosniff';
|
|
add_header 'X-XSS-Protection' '1; mode=block';
|
|
add_header 'Content-Security-Policy' "default-src 'none'; style-src 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; img-src 'self' data:;";
|
|
add_header 'Access-Control-Allow-Origin' '*';
|
|
include snippets/publik-gzip.conf;
|
|
}
|
|
|
|
{% if MODULE not in ("passerelle", "fargo") -%}
|
|
location ~ ^/media/(.+)$ {
|
|
alias /var/lib/{{ MODULE }}/tenants/$host/media/$1;
|
|
add_header 'X-Content-Type-Options' 'nosniff';
|
|
add_header 'X-XSS-Protection' '1; mode=block';
|
|
add_header 'Content-Security-Policy' "default-src 'none'; style-src 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; img-src 'self' data:;";
|
|
include snippets/publik-gzip.conf;
|
|
}
|
|
{%- else -%}
|
|
location ~ ^/media/public/(.+)$ {
|
|
alias /var/lib/{{ MODULE }}/tenants/$host/media/public/$1;
|
|
add_header 'X-Content-Type-Options' 'nosniff';
|
|
add_header 'X-XSS-Protection' '1; mode=block';
|
|
add_header 'Content-Security-Policy' "default-src 'none'; style-src 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; img-src 'self' data:;";
|
|
include snippets/publik-gzip.conf;
|
|
}
|
|
{%- endif %}
|
|
|
|
{% if MODULE == "combo" -%}
|
|
location ~ ^/.well-known/pki-validation/(.+)$ {
|
|
alias /var/lib/{{ MODULE }}/tenants/$host/well-known/pki-validation/$1;
|
|
}
|
|
{% endif -%}
|
|
|
|
location / {
|
|
proxy_pass http://unix:/var/run/{{ MODULE }}/{{ MODULE }}.sock;
|
|
proxy_set_header Host $http_host;
|
|
proxy_set_header X-Forwarded-SSL on;
|
|
proxy_set_header X-Forwarded-Protocol ssl;
|
|
proxy_set_header X-Forwarded-Proto https;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
add_header 'X-Content-Type-Options' 'nosniff';
|
|
add_header 'X-XSS-Protection' '1; mode=block';
|
|
}
|