From: Dessalines Date: Fri, 12 Jun 2020 21:05:19 +0000 (-0400) Subject: Blocking pict-rs import location X-Git-Url: http://these/git/%7B%60%24%7BwebArchiveUrl%7D/%22%7B%7D/%22https:/nerdica.net/static/%7BpictshareAvatarThumbnail%28?a=commitdiff_plain;h=f647f2ae6cb187be08c6fd0f7daeb51e4093145a;p=lemmy.git Blocking pict-rs import location --- diff --git a/ansible/templates/nginx.conf b/ansible/templates/nginx.conf index 68fa64fc..6a5990a7 100644 --- a/ansible/templates/nginx.conf +++ b/ansible/templates/nginx.conf @@ -48,8 +48,8 @@ server { add_header X-Frame-Options "DENY"; add_header X-XSS-Protection "1; mode=block"; - # Upload limit for pictshare - client_max_body_size 50M; + # Upload limit for pictrs + client_max_body_size 20M; location / { proxy_pass http://0.0.0.0:8536; @@ -70,12 +70,17 @@ server { proxy_cache_min_uses 5; } - location /pictrs/ { + location /pictrs/image/ { proxy_pass http://0.0.0.0:8537/; proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + # Block the import + location /pictrs/import { + return 403; + } + if ($request_uri ~ \.(?:ico|gif|jpe?g|png|webp|bmp|mp4)$) { add_header Cache-Control "public, max-age=31536000, immutable"; } diff --git a/docker/dev/nginx.conf b/docker/dev/nginx.conf deleted file mode 100644 index 3e4ff510..00000000 --- a/docker/dev/nginx.conf +++ /dev/null @@ -1,40 +0,0 @@ -events { - worker_connections 1024; -} - -http { - server { - listen 8536; - server_name 127.0.0.1; - #access_log off; - - # Upload limit for pictshare - client_max_body_size 50M; - - location / { - proxy_pass http://lemmy:8536; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header Host $host; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - - # WebSocket support - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - } - - location /pictrs/ { - proxy_pass http://pictrs:8080/; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header Host $host; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - } - - location /iframely/ { - proxy_pass http://iframely:80/; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header Host $host; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - } - } -}