From b22190416684e8ed57aa380c89083985eb0d9a4b Mon Sep 17 00:00:00 2001
From: Patrick Spek
Date: Sat, 22 May 2021 10:06:01 +0200
Subject: Move some hidden stuff to the src dir
---
src/.docker/envvars.sh | 14 ++++++++++++++
src/.docker/lighttpd.conf | 29 +++++++++++++++++++++++++++++
2 files changed, 43 insertions(+)
create mode 100644 src/.docker/envvars.sh
create mode 100644 src/.docker/lighttpd.conf
(limited to 'src/.docker')
diff --git a/src/.docker/envvars.sh b/src/.docker/envvars.sh
new file mode 100644
index 0000000..71f47e1
--- /dev/null
+++ b/src/.docker/envvars.sh
@@ -0,0 +1,14 @@
+#! /usr/bin/env sh
+
+main()
+{
+ mkvar intendedHost "${INTENDED_HOST:-localhost}"
+ mkvar intendedHostProto "${INTENDED_HOST_PROTO:-http}"
+}
+
+mkvar()
+{
+ printf 'var.%s="%s"\n' "$1" "$2"
+}
+
+main "$@"
diff --git a/src/.docker/lighttpd.conf b/src/.docker/lighttpd.conf
new file mode 100644
index 0000000..1b480ca
--- /dev/null
+++ b/src/.docker/lighttpd.conf
@@ -0,0 +1,29 @@
+server.modules += (
+ "mod_setenv",
+ "mod_redirect",
+)
+
+setenv.add-response-header = (
+ "Content-Security-Policy" => "default-src 'self'; img-src https:; object-src 'self'; script-src 'self'; style-src 'self'",
+ "Referrer-Policy" => "no-referrer",
+ "X-Content-Type-Options" => "nosniff",
+ "X-Frame-Options" => "SAMEORIGIN",
+ "X-Permitted-Cross-Domain-Policies" => "none",
+ "X-XSS-Protection" => "1; mode=block",
+)
+
+include_shell "/usr/local/bin/lighttpd-env.sh"
+
+# Redirect to the "official" domain
+$HTTP["host"] != var.intendedHost {
+ $HTTP["url"] !~ "^/.well-known" {
+ url.redirect = ( "^/(.*)" => var.intendedHostProto + "://" + var.intendedHost + "/$1" )
+ }
+}
+
+# Add CORS header for WKP
+$HTTP["url"] =~ "^/.well-known/openpgpkey" {
+ setenv.add-response-header = (
+ "Access-Control-Allow-Origin" => "*",
+ )
+}
--
cgit v1.1