54 lines
1.4 KiB
Plaintext
54 lines
1.4 KiB
Plaintext
server {
|
|
include sourcehut.conf;
|
|
include port80.conf;
|
|
server_name chat.sr.ht;
|
|
}
|
|
|
|
server {
|
|
include sourcehut.conf;
|
|
include port443.conf;
|
|
include chat-ssl.conf;
|
|
server_name chat.sr.ht;
|
|
|
|
client_max_body_size 100M;
|
|
|
|
location / {
|
|
# TODO: find a nicer way to do this
|
|
if ($http_cookie !~* "sr.ht.unified-login.v1") {
|
|
return 302 https://meta.sr.ht/login?return_to=$scheme://$host$request_uri;
|
|
}
|
|
|
|
root /usr/share/webapps/gamja;
|
|
include headers.conf;
|
|
# We have to use a weird connect-src because of a Safari bug
|
|
# https://bugs.webkit.org/show_bug.cgi?id=201591
|
|
add_header Content-Security-Policy "default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline'; connect-src wss://chat.sr.ht https://chat.sr.ht; frame-ancestors 'none'" always;
|
|
# TODO: setup caching
|
|
}
|
|
|
|
# Manifests aren't requested with cookies by default,
|
|
# so it needs to be served in a location directive
|
|
# that doesn't perform the auth redirect.
|
|
location = /manifest.webmanifest {
|
|
root /usr/share/webapps/gamja;
|
|
}
|
|
|
|
location /socket {
|
|
proxy_pass http://127.0.0.1:8080;
|
|
proxy_read_timeout 600s;
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Upgrade $http_upgrade;
|
|
proxy_set_header Connection "Upgrade";
|
|
include web.conf;
|
|
}
|
|
|
|
location /config.json {
|
|
proxy_pass http://127.0.0.1:8080;
|
|
include web.conf;
|
|
}
|
|
|
|
location /metrics {
|
|
proxy_pass http://127.0.0.1:6060;
|
|
}
|
|
}
|