entrouvert
/
publik-common
17
0
Fork 0
Code Issues Pull Requests Releases Activity
publik-common/nginx/snippets/publik-application.conf.j2

53 lines
2.1 KiB
Django/Jinja
Raw Blame History

#
# This file is provided by publik-common package: DO NOT EDIT.
#
location ~ ^/static/(.+)$ {
root /;
try_files /var/lib/{{ MODULE }}/tenants/$host/static/$1
/var/lib/{{ MODULE }}/tenants/$host/theme/static/$1
/var/lib/{{ MODULE }}/collectstatic/$1
=404;
add_header 'X-Content-Type-Options' 'nosniff';
add_header 'X-XSS-Protection' '1; mode=block';
add_header 'Content-Security-Policy' "default-src 'none'; style-src 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; img-src 'self' data:;";
add_header 'Access-Control-Allow-Origin' '*';
include snippets/publik-gzip.conf;
}
{% if MODULE not in ("passerelle", "fargo") -%}
location ~ ^/media/(.+)$ {
alias /var/lib/{{ MODULE }}/tenants/$host/media/$1;
add_header 'X-Content-Type-Options' 'nosniff';
add_header 'X-XSS-Protection' '1; mode=block';
add_header 'Content-Security-Policy' "default-src 'none'; style-src 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; img-src 'self' data:;";
include snippets/publik-gzip.conf;
}
{%- else -%}
location ~ ^/media/public/(.+)$ {
alias /var/lib/{{ MODULE }}/tenants/$host/media/public/$1;
add_header 'X-Content-Type-Options' 'nosniff';
add_header 'X-XSS-Protection' '1; mode=block';
add_header 'Content-Security-Policy' "default-src 'none'; style-src 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; img-src 'self' data:;";
include snippets/publik-gzip.conf;
}
{%- endif %}
{% if MODULE == "combo" -%}
location ~ ^/.well-known/pki-validation/(.+)$ {
alias /var/lib/{{ MODULE }}/tenants/$host/well-known/pki-validation/$1;
}
{% endif -%}
location / {
proxy_pass http://unix:/var/run/{{ MODULE }}/{{ MODULE }}.sock;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-SSL on;
proxy_set_header X-Forwarded-Protocol ssl;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
add_header 'X-Content-Type-Options' 'nosniff';
add_header 'X-XSS-Protection' '1; mode=block';
}
View Git Blame Copy Permalink