conf/nginx.conf


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55

# upload max size
client_max_body_size 100M;

# Content Security Policy : security to avoid launching unsecure script	
add_header Content-Security-Policy "default-src 'none'; font-src 'self'; media-src 'self' *.__DOMAIN__; object-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' *.__DOMAIN__; img-src 'self' blob: data:; connect-src 'self' wss://__DOMAIN__ *.__DOMAIN__;";

# add to v1.4 assets
root __FINALPATH__/live/public;

location / {

	if ($scheme = http) {
	rewrite ^ https://$server_name$request_uri? permanent;
	}

	try_files $uri @proxy;

	# Include SSOWAT user panel.
	include conf.d/yunohost_panel.conf.inc;
}

# add to v1.4 assets
location ~ ^/(assets|system/media_attachments/files|system/accounts/avatars) {
    add_header Cache-Control "public, max-age=31536000, immutable";
    try_files $uri @proxy;
  }

location @proxy {
	proxy_set_header Host $host;
	proxy_set_header X-Real-IP $remote_addr;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	proxy_set_header X-Forwarded-Proto https;
	proxy_pass_header Server;
	proxy_pass http://127.0.0.1:__PORT_WEB__;
	proxy_buffering off;
	proxy_redirect off;
	proxy_http_version 1.1;
	proxy_set_header Upgrade $http_upgrade;
	proxy_set_header Connection "upgrade";
	tcp_nodelay on;
}

location /api/v1/streaming {
	proxy_set_header Host $host;
	proxy_set_header X-Real-IP $remote_addr;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	proxy_set_header X-Forwarded-Proto https;
	proxy_pass http://127.0.0.1:__PORT_STREAM__;
	proxy_buffering off;
	proxy_redirect off;
	proxy_http_version 1.1;
	proxy_set_header Upgrade $http_upgrade;
	proxy_set_header Connection "upgrade";
	tcp_nodelay on;
}