From 18bb9b2f7596082fea25796e415c3921d87c7667 Mon Sep 17 00:00:00 2001
From: Patrick Spek <p.spek@tyil.nl>
Date: Thu, 21 Jul 2022 18:38:01 +0200
Subject: Update config for tv.tyil.nl

---
 .../webserver-nginx/share/sites.d/https/nl.tyil.tv | 43 +++++++++++++++++++++-
 1 file changed, 41 insertions(+), 2 deletions(-)

(limited to 'playbooks.d/webserver-nginx')

diff --git a/playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.tv b/playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.tv
index 093d938..ffe67d7 100644
--- a/playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.tv
+++ b/playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.tv
@@ -10,9 +10,48 @@ server {
 	include /etc/nginx/snippets.d/ssl.conf;
 	include /etc/nginx/snippets.d/certbot.conf;
 
+	client_max_body_size 20M;
+	add_header Content-Security-Policy "default-src https: data: blob: http://image.tmdb.org; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' https://www.gstatic.com/cv/js/sender/v1/cast_sender.js https://www.gstatic.com/eureka/clank/95/cast_sender.js https://www.gstatic.com/eureka/clank/96/cast_sender.js https://www.gstatic.com/eureka/clank/97/cast_sender.js https://www.youtube.com blob:; worker-src 'self' blob:; connect-src 'self'; object-src 'none'; frame-ancestors 'self'";
+
+	location = / {
+		return 302 https://$host/web/;
+	}
+
 	location / {
-		proxy_set_header Host            $host;
-		proxy_set_header X-Forwarded-For $remote_addr;
+		proxy_set_header Host                 $host;
+		proxy_set_header X-Forwarded-For      $remote_addr;
+		proxy_set_header X-Forwarded-Host     $http_host;
+		proxy_set_header X-Forwarded-Proto    $scheme;
+		proxy_set_header X-Forwarded-Protocol $scheme;
+		proxy_set_header X-Real-IP            $remote_addr;
+
+		proxy_buffering off;
+
+		proxy_pass http://127.0.0.1:8096;
+	}
+
+	location /web/ {
+		proxy_set_header Host                 $host;
+		proxy_set_header X-Real-IP            $remote_addr;
+		proxy_set_header X-Forwarded-For      $proxy_add_x_forwarded_for;
+		proxy_set_header X-Forwarded-Proto    $scheme;
+		proxy_set_header X-Forwarded-Protocol $scheme;
+		proxy_set_header X-Forwarded-Host     $http_host;
+
+		proxy_pass http://127.0.0.1:8096/web/index.html;
+	}
+
+	location /socket {
+		proxy_set_header Connection           "upgrade";
+		proxy_set_header Host                 $host;
+		proxy_set_header Upgrade              $http_upgrade;
+		proxy_set_header X-Forwarded-For      $proxy_add_x_forwarded_for;
+		proxy_set_header X-Forwarded-Host     $http_host;
+		proxy_set_header X-Forwarded-Proto    $scheme;
+		proxy_set_header X-Forwarded-Protocol $scheme;
+		proxy_set_header X-Real-IP            $remote_addr;
+
+		proxy_http_version 1.1;
 
 		proxy_pass http://127.0.0.1:8096;
 	}
-- 
cgit v1.1