summaryrefslogtreecommitdiffstats
path: root/roles/lists/files/etc/nginx/sites-available/sympa
diff options
context:
space:
mode:
authorGuilhem Moulin <guilhem@fripost.org>2020-05-16 04:07:47 +0200
committerGuilhem Moulin <guilhem@fripost.org>2020-05-16 05:51:06 +0200
commit30c52c6fd758059604b44564384ae919940cf994 (patch)
tree8025ab2ea4a4e69457ad1b9233dd45fb43fc4cae /roles/lists/files/etc/nginx/sites-available/sympa
parent655e051437391797e0e6a152e650c80b2517a723 (diff)
antilop: Upgrade baseline to Debian 10.
Diffstat (limited to 'roles/lists/files/etc/nginx/sites-available/sympa')
-rw-r--r--roles/lists/files/etc/nginx/sites-available/sympa34
1 files changed, 19 insertions, 15 deletions
diff --git a/roles/lists/files/etc/nginx/sites-available/sympa b/roles/lists/files/etc/nginx/sites-available/sympa
index f5a67bf..cdc2364 100644
--- a/roles/lists/files/etc/nginx/sites-available/sympa
+++ b/roles/lists/files/etc/nginx/sites-available/sympa
@@ -4,7 +4,7 @@ server {
server_name lists.fripost.org;
- include snippets/acme-challenge.conf;
+ include /etc/lacme/nginx.conf;
access_log /var/log/nginx/lists.access.log;
error_log /var/log/nginx/lists.error.log info;
@@ -26,13 +26,19 @@ server {
include snippets/headers.conf;
add_header Content-Security-Policy
- "default-src 'none'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self'; font-src 'self'; upgrade-insecure-requests; block-all-mixed-content; reflected-xss block; referrer no-referrer-when-downgrade; frame-ancestors 'none'; form-action 'self'; base-uri lists.fripost.org";
+ "default-src 'none'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self'; font-src 'self'; frame-ancestors 'none'; form-action 'self'; base-uri lists.fripost.org";
include snippets/ssl.conf;
ssl_certificate ssl/lists.fripost.org.pem;
ssl_certificate_key ssl/lists.fripost.org.key;
include snippets/lists.fripost.org.hpkp-hdr;
+ gzip on;
+ gzip_vary on;
+ gzip_min_length 256;
+ gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
+ gzip_types application/javascript application/json application/xml image/x-icon text/css text/plain;
+
location = /robots.txt {
allow all;
log_not_found off;
@@ -44,24 +50,24 @@ server {
return 302 /sympa$args;
}
- location ^~ /static-sympa/ {
- alias /var/lib/sympa/static_content/;
- expires 30d;
- }
+ location ^~ /static-sympa/ { alias /usr/share/sympa/static_content/; }
+ location ^~ /css-sympa/ { alias /var/lib/sympa/css/; }
+ location ^~ /pictures-sympa/ { alias /var/lib/sympa/pictures; }
+
+ location ~* ^/sympa(?:/|$) {
+ gzip off;
- location ^~ /sympa {
fastcgi_split_path_info ^(/sympa)(.*)$;
include snippets/fastcgi.conf;
-
+ fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_pass unix:/run/wwsympa.socket;
- gzip off;
}
location ~* ^/([^/]+)/?$ {
return 302 /$1/sympa$args;
}
- location ~* ^/([^/]+)/sympa(/.*)?$ {
- set $vhost $1;
+ location ~* ^/(?<vhost>[^/]+)/sympa(?:/|$) {
+ gzip off;
if (!-f /etc/sympa/$vhost/robot.conf) {
return 404;
@@ -69,11 +75,9 @@ server {
fastcgi_split_path_info ^(/[^/]+/sympa)(.*)$;
include snippets/fastcgi.conf;
-
- fastcgi_pass unix:/run/wwsympa.socket;
- gzip off;
-
+ fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param SERVER_NAME $vhost;
+ fastcgi_pass unix:/run/wwsympa.socket;
}
location / {