From 76a4bbf0fce6a46131c27d1e7ef652b3e0e8edb4 Mon Sep 17 00:00:00 2001
From: Yohann D'ANELLO <ynerant@crans.org>
Date: Wed, 31 Mar 2021 12:06:39 +0200
Subject: [PATCH] [galene] Clean nginx configuration

Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
---
 group_vars/galene.yml | 28 ++++++++++++++++++++++++++++
 1 file changed, 28 insertions(+)
 create mode 100644 group_vars/galene.yml

diff --git a/group_vars/galene.yml b/group_vars/galene.yml
new file mode 100644
index 00000000..fa988fbc
--- /dev/null
+++ b/group_vars/galene.yml
@@ -0,0 +1,28 @@
+---
+service_nginx:
+  service_name: galene
+  servers:
+    - ssl: crans.org
+      default: true
+      server_name:
+        - "galene.crans.org"
+      locations:
+        - filter: "/"
+          params:
+            - "include /etc/nginx/snippets/options-proxypass.conf"
+            - "proxy_pass http://localhost:8443"
+
+    - ssl: crans.org
+      server_name:
+        - "neree.crans.org"
+      root: "/var/www/galene-stream-frontend/static"
+      locations:
+        - filter: "~ ^/(ws|public-groups.json)"
+          params:
+            - "include /etc/nginx/snippets/options-proxypass.conf"
+            - "proxy_pass http://localhost:8443"
+
+        - filter: "~ ^\\/(?!.*\\.\\.)[^/]+$"
+          params:
+            - " add_header Content-Security-Policy \"connect-src ws: wss: 'self'; img-src data: 'self'; media-src blob: 'self'; default-src 'self';\""
+            - "try_files $uri /galene.html =404"
-- 
GitLab