hackmd: LDAP and vhost
This commit is contained in:
parent
344139e75c
commit
b9086690dc
@ -1,6 +1,6 @@
|
||||
{
|
||||
"production": {
|
||||
"_domain": "{{ hackmd_domain }}",
|
||||
"domain": "{{ hackmd_domain }}",
|
||||
"_hsts": {
|
||||
"enable": true,
|
||||
"maxAgeSeconds": "31536000",
|
||||
@ -10,6 +10,7 @@
|
||||
"csp": {
|
||||
"enable": true,
|
||||
"directives": {
|
||||
"imgSrc": ["self", "unsafe-inline"]
|
||||
},
|
||||
"upgradeInsecureRequests": "auto",
|
||||
"addDefaults": true,
|
||||
@ -30,12 +31,12 @@
|
||||
"bindCredentials": "{{ ldap_bindpw }}",
|
||||
"searchBase": "{{ ldap_base }}",
|
||||
"searchFilter": "(uid={{ '{{' }}username{{ '}}' }})",
|
||||
"searchAttributes": ["cn"],
|
||||
"searchAttributes": ["cn", "uid"],
|
||||
"usernameField": "cn",
|
||||
"useridField": "uid",
|
||||
"tlsOptions": {
|
||||
"changeme": "See https://nodejs.org/api/tls.html#tls_tls_connect_options_callback"
|
||||
"tlsca": "/etc/ldap/ssl/BKCA.crt"
|
||||
}
|
||||
}
|
||||
},
|
||||
"email": false
|
||||
}
|
||||
}
|
||||
|
@ -23,10 +23,13 @@ server {
|
||||
ssl_certificate_key /etc/nginx/ssl/{{ hackmd_domain }}.key;
|
||||
ssl_certificate /etc/nginx/ssl/{{ hackmd_domain }}.crt;
|
||||
|
||||
|
||||
location / {
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_pass http://localhost:3000;
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection "Upgrade";
|
||||
}
|
||||
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user