Fix and improve nginx redirects, akkounts headers

2024-10-16 12:39:34 +02:00
parent 7949fd067c
commit d1097c7688
4 changed files with 14 additions and 16 deletions
--- a/site-cookbooks/kosmos_website/templates/nginx_conf_redirect.erb
+++ b/site-cookbooks/kosmos_website/templates/nginx_conf_redirect.erb
@@ -14,7 +14,5 @@ server {
  ssl_certificate     <%= @ssl_cert %>;
  ssl_certificate_key <%= @ssl_key %>;

-  location / {
-    return <%= @http_status || 301 %> <%= @target %>;
-  }
+  return <%= @http_status || 307 %> <%= @target %>;
 }
--- a/site-cookbooks/kosmos_website/templates/nginx_conf_website.erb
+++ b/site-cookbooks/kosmos_website/templates/nginx_conf_website.erb
@@ -2,7 +2,7 @@

 server {
  server_name _;
-  listen 80 default_server;
+  listen <%= "#{node['openresty']['listen_ip']}:" if node['openresty']['listen_ip'] %>80 default_server;

  location / {
    return 301 https://<%= @domain %>;
@@ -14,6 +14,10 @@ server {
  listen <%= "#{node['openresty']['listen_ip']}:" if node['openresty']['listen_ip'] %>443 ssl http2 default_server;
  listen [::]:443 ssl http2 default_server;

+  if ($host != $server_name) {
+    return 307 $scheme://$server_name;
+  }
+
  root /var/www/<%= @domain %>/public;

  access_log <%= node[:openresty][:log_dir] %>/<%= @domain %>.access.log;
@@ -22,14 +26,13 @@ server {
  gzip_static on;
  gzip_comp_level 5;

-  add_header 'Access-Control-Allow-Origin' '*';
-
  ssl_certificate     <%= @ssl_cert %>;
  ssl_certificate_key <%= @ssl_key %>;

 <% if @accounts_url %>
  location ~ ^/.well-known/(webfinger|nostr|lnurlp|keysend) {
    proxy_ssl_server_name on;
+    proxy_set_header X-Forwarded-Host $host;
    proxy_pass https://accounts.kosmos.org;
  }
 <% end %>