From 5256c712dc9750523fe2b72fe845e1b2c950e86c Mon Sep 17 00:00:00 2001 From: Mark Felder Date: Fri, 13 Apr 2018 13:40:24 +0000 Subject: Caching /objects/ URLs breaks them in Mastoweb as they don't redirect to the /notice/ Not sure why it matters if you cache it or not. What's different about this JSON blob? Perhaps it's a header that needs to be set for the redirect to happen? --- installation/pleroma.vcl | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'installation') diff --git a/installation/pleroma.vcl b/installation/pleroma.vcl index fe9bf056b..466fc8eb1 100644 --- a/installation/pleroma.vcl +++ b/installation/pleroma.vcl @@ -47,7 +47,7 @@ sub vcl_recv { # Strip headers that will affect caching from all other static content # This also permits caching of individual toots and AP Activities - if ((req.url ~ "^/(media|notice|objects|static)/") || + if ((req.url ~ "^/(media|notice|static)/") || (req.url ~ "(?i)\.(html|js|css|jpg|jpeg|png|gif|gz|tgz|bz2|tbz|mp3|ogg|svg|swf|ttf|pdf|woff|woff2)$")) { unset req.http.Cookie; @@ -99,7 +99,7 @@ sub vcl_backend_response { # Strip cache-restricting headers from Pleroma on static content that we want to cache # Also enable streaming of cached content to clients (no waiting for Varnish to complete backend fetch) - if ((bereq.url ~ "^/(notice|objects)/") || + if ((bereq.url ~ "^/(notice)/") || (bereq.url ~ "(?i)\.(js|css|jpg|jpeg|png|gif|gz|tgz|bz2|tbz|mp3|ogg|svg|swf|ttf|pdf|woff|woff2)$")) { unset beresp.http.set-cookie; -- cgit v1.2.3 From 8dbb4c6c50a5308f4f41c59b562ed8f344648d0e Mon Sep 17 00:00:00 2001 From: Mark Felder Date: Thu, 19 Apr 2018 18:58:13 +0000 Subject: Remove hack for /about/more as we are doing this in Pleroma now --- installation/pleroma.vcl | 6 ------ 1 file changed, 6 deletions(-) (limited to 'installation') diff --git a/installation/pleroma.vcl b/installation/pleroma.vcl index 466fc8eb1..f3faa9432 100644 --- a/installation/pleroma.vcl +++ b/installation/pleroma.vcl @@ -39,12 +39,6 @@ sub vcl_recv { return (hash); } - # Hack to enable a Terms of Service page missing from Pleroma - if (req.url ~ "^/about/more$") { - set req.http.x-redir = "https://" + req.http.host + "/static/terms-of-service.html"; - return (synth(750, "")); - } - # Strip headers that will affect caching from all other static content # This also permits caching of individual toots and AP Activities if ((req.url ~ "^/(media|notice|static)/") || -- cgit v1.2.3 From 0a1fd8adf0c28a5a9384555e3d27a947ee904a62 Mon Sep 17 00:00:00 2001 From: Artik Banana Date: Sun, 6 May 2018 14:19:29 +0000 Subject: Added headers for a more secure default. --- installation/pleroma.nginx | 10 ++++++++++ 1 file changed, 10 insertions(+) (limited to 'installation') diff --git a/installation/pleroma.nginx b/installation/pleroma.nginx index 895799a8e..44905da49 100644 --- a/installation/pleroma.nginx +++ b/installation/pleroma.nginx @@ -59,6 +59,16 @@ server { } # stop removing lines here. + add_header X-XSS-Protection "1; mode=block"; + add_header X-Permitted-Cross-Domain-Policies none; + add_header X-Frame-Options DENY; + add_header X-Content-Type-Options nosniff; + add_header Referrer-Policy same-origin; + add_header X-Download-Options noopen; + + # Uncomment this only after you get HTTPS working. + # add_header Strict-Transport-Security "max-age=31536000; includeSubDomains"; + proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; -- cgit v1.2.3 From 4233b1504fb4ac81c9700fc71a806407452c6c54 Mon Sep 17 00:00:00 2001 From: Mark Felder Date: Mon, 7 May 2018 23:43:27 +0000 Subject: Caching notice URLs does not produce pleasant results --- installation/pleroma.vcl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'installation') diff --git a/installation/pleroma.vcl b/installation/pleroma.vcl index f3faa9432..9f783b5da 100644 --- a/installation/pleroma.vcl +++ b/installation/pleroma.vcl @@ -41,7 +41,7 @@ sub vcl_recv { # Strip headers that will affect caching from all other static content # This also permits caching of individual toots and AP Activities - if ((req.url ~ "^/(media|notice|static)/") || + if ((req.url ~ "^/(media|static)/") || (req.url ~ "(?i)\.(html|js|css|jpg|jpeg|png|gif|gz|tgz|bz2|tbz|mp3|ogg|svg|swf|ttf|pdf|woff|woff2)$")) { unset req.http.Cookie; -- cgit v1.2.3 From a85d05167580035608909db241dd8f5756c351b9 Mon Sep 17 00:00:00 2001 From: Mark Felder Date: Mon, 7 May 2018 23:44:40 +0000 Subject: Don't strip headers from backend for /notice/ either --- installation/pleroma.vcl | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'installation') diff --git a/installation/pleroma.vcl b/installation/pleroma.vcl index 9f783b5da..63c1cb74d 100644 --- a/installation/pleroma.vcl +++ b/installation/pleroma.vcl @@ -93,8 +93,7 @@ sub vcl_backend_response { # Strip cache-restricting headers from Pleroma on static content that we want to cache # Also enable streaming of cached content to clients (no waiting for Varnish to complete backend fetch) - if ((bereq.url ~ "^/(notice)/") || - (bereq.url ~ "(?i)\.(js|css|jpg|jpeg|png|gif|gz|tgz|bz2|tbz|mp3|ogg|svg|swf|ttf|pdf|woff|woff2)$")) + if (bereq.url ~ "(?i)\.(js|css|jpg|jpeg|png|gif|gz|tgz|bz2|tbz|mp3|ogg|svg|swf|ttf|pdf|woff|woff2)$") { unset beresp.http.set-cookie; unset beresp.http.Cache-Control; -- cgit v1.2.3 From 38f5f6f659f4b5c4c669044e62e6bae5a9b962ef Mon Sep 17 00:00:00 2001 From: Normandy Date: Fri, 11 May 2018 05:19:20 +0000 Subject: Remove alias directive in service file Systemd will complain otherwise. --- installation/pleroma.service | 1 - 1 file changed, 1 deletion(-) (limited to 'installation') diff --git a/installation/pleroma.service b/installation/pleroma.service index fe314ed2b..fd4180985 100644 --- a/installation/pleroma.service +++ b/installation/pleroma.service @@ -13,4 +13,3 @@ Restart=on-failure [Install] WantedBy=multi-user.target -Alias=pleroma.service -- cgit v1.2.3