diff options
| author | Patrick Spek <p.spek@tyil.nl> | 2022-07-21 18:38:01 +0200 |
|---|---|---|
| committer | Patrick Spek <p.spek@tyil.nl> | 2022-07-21 18:38:01 +0200 |
| commit | 18bb9b2f7596082fea25796e415c3921d87c7667 (patch) | |
| tree | de84dc70aeb930a464e986028359d4b486b01aca /playbooks.d/webserver-nginx | |
| parent | 88d701b7fa95051fa7f7bd5960a1c137b2402b69 (diff) | |
Update config for tv.tyil.nl
Diffstat (limited to 'playbooks.d/webserver-nginx')
| -rw-r--r-- | playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.tv | 43 |
1 files changed, 41 insertions, 2 deletions
diff --git a/playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.tv b/playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.tv index 093d938..ffe67d7 100644 --- a/playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.tv +++ b/playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.tv @@ -10,9 +10,48 @@ server { include /etc/nginx/snippets.d/ssl.conf; include /etc/nginx/snippets.d/certbot.conf; + client_max_body_size 20M; + add_header Content-Security-Policy "default-src https: data: blob: http://image.tmdb.org; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' https://www.gstatic.com/cv/js/sender/v1/cast_sender.js https://www.gstatic.com/eureka/clank/95/cast_sender.js https://www.gstatic.com/eureka/clank/96/cast_sender.js https://www.gstatic.com/eureka/clank/97/cast_sender.js https://www.youtube.com blob:; worker-src 'self' blob:; connect-src 'self'; object-src 'none'; frame-ancestors 'self'"; + + location = / { + return 302 https://$host/web/; + } + location / { - proxy_set_header Host $host; - proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header X-Forwarded-Host $http_host; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-Protocol $scheme; + proxy_set_header X-Real-IP $remote_addr; + + proxy_buffering off; + + proxy_pass http://127.0.0.1:8096; + } + + location /web/ { + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-Protocol $scheme; + proxy_set_header X-Forwarded-Host $http_host; + + proxy_pass http://127.0.0.1:8096/web/index.html; + } + + location /socket { + proxy_set_header Connection "upgrade"; + proxy_set_header Host $host; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Host $http_host; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-Protocol $scheme; + proxy_set_header X-Real-IP $remote_addr; + + proxy_http_version 1.1; proxy_pass http://127.0.0.1:8096; } |