Commit e916f983 authored by root's avatar root

Change the way headers are handled since they are handled by Pleroma now

I've changed it in the install as well as for backwards compatibillity in the upgrade script
parent 160bffae
location / {
# if you do not want remote frontends to be able to access your Pleroma backend
# server, remove these lines.
add_header 'Access-Control-Allow-Origin' '*' always;
add_header 'Access-Control-Allow-Methods' 'POST, PUT, DELETE, GET, PATCH, OPTIONS' always;
add_header 'Access-Control-Allow-Headers' 'Authorization, Content-Type, Idempotency-Key' always;
add_header 'Access-Control-Expose-Headers' 'Link, X-RateLimit-Reset, X-RateLimit-Limit, X-RateLimit-Remaining, X-Request-Id' always;
if ($request_method = OPTIONS) {
return 204;
}
# stop removing lines here.
add_header X-XSS-Protection "1; mode=block";
add_header X-Permitted-Cross-Domain-Policies none;
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
add_header Referrer-Policy same-origin;
add_header X-Download-Options noopen;
# Uncomment this only after you get HTTPS working.
# add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
......
......@@ -214,6 +214,9 @@ cp -rf "../conf/pleroma_cache.conf" "/etc/nginx/conf.d/$app-cache.conf"
ynh_replace_string "{APP}" "$app" "/etc/nginx/conf.d/$app-cache.conf"
ynh_store_file_checksum "/etc/nginx/conf.d/$domain.d/$app.conf"
# Pleroma sets the headers so ynh doesn't need to do it for us
ynh_replace_string "add_header" "# add_header" "/etc/nginx/conf.d/$domain.conf"
# TODO: Does the prod.secret.ext needs _enabled: true_ for media proxy to work?
# Do we keep it at 10g? Do we want it on by default or should it be a choice?
......
......@@ -22,21 +22,22 @@ domain=$(ynh_app_setting_get $app domain)
path_url=$(ynh_app_setting_get $app path)
is_public=$(ynh_app_setting_get $app is_public)
final_path=$(ynh_app_setting_get $app final_path)
port=$(ynh_app_setting_get $app port)
db_name=$(ynh_app_setting_get $app db_name)
#=================================================
# ENSURE DOWNWARD COMPATIBILITY
#=================================================
# Unused atm
# This can be used in cases where the repo changes between versions
# or if specific setup is needed between certain versions...
# Basically it schould be something like
#
# if (current_version <= specific version) {first do this};
#
# This line can then remain and new lines can be added when needed
# Always assume people can be using any version of the package!
# Pleroma sets the headers so ynh doesn't need to do it for us
if (cat "/etc/nginx/conf.d/$domain.d/$app.conf" | grep 'add_header')
then
cp -rf "../conf/nginx.conf" "/etc/nginx/conf.d/$domain.d/$app.conf"
ynh_replace_string "{APP}" "$app" "/etc/nginx/conf.d/$domain.d/$app.conf"
ynh_replace_string "{PORT}" "$port" "/etc/nginx/conf.d/$domain.d/$app.conf"
ynh_replace_string "add_header" "# add_header" "/etc/nginx/conf.d/$domain.conf"
systemctl reload nginx
fi
#=================================================
# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP
......@@ -49,7 +50,7 @@ db_name=$(ynh_app_setting_get $app db_name)
# ynh_restore_upgradebackup
#}
# Exit if an error occurs during the execution of the script
ynh_abort_if_errors
#ynh_abort_if_errors
#=================================================
# CHECK THE PATH
......@@ -63,12 +64,12 @@ path_url=$(ynh_normalize_url_path $path_url)
#=================================================
# PULL CHANGES AND SPECIFIC SETUP
#=================================================
# su - $app -c "cd $final_path/pleroma;git pull;MIX_ENV=prod mix deps.get;MIX_ENV=prod mix ecto.migrate;"
systemctl stop $app
su - $app -c "cd $final_path/pleroma;git pull;MIX_ENV=prod mix deps.get;MIX_ENV=prod mix ecto.migrate;"
#=================================================
# RESTART PLEROMA
#=================================================
# systemctl restart $app
systemctl restart $app
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment