1
0
forked from infra/ansible

hackmd: LDAP and vhost

This commit is contained in:
Markus 2018-04-12 18:30:30 +02:00
parent 344139e75c
commit b9086690dc
2 changed files with 10 additions and 6 deletions

View File

@ -1,6 +1,6 @@
{
"production": {
"_domain": "{{ hackmd_domain }}",
"domain": "{{ hackmd_domain }}",
"_hsts": {
"enable": true,
"maxAgeSeconds": "31536000",
@ -10,6 +10,7 @@
"csp": {
"enable": true,
"directives": {
"imgSrc": ["self", "unsafe-inline"]
},
"upgradeInsecureRequests": "auto",
"addDefaults": true,
@ -30,12 +31,12 @@
"bindCredentials": "{{ ldap_bindpw }}",
"searchBase": "{{ ldap_base }}",
"searchFilter": "(uid={{ '{{' }}username{{ '}}' }})",
"searchAttributes": ["cn"],
"searchAttributes": ["cn", "uid"],
"usernameField": "cn",
"useridField": "uid",
"tlsOptions": {
"changeme": "See https://nodejs.org/api/tls.html#tls_tls_connect_options_callback"
"tlsca": "/etc/ldap/ssl/BKCA.crt"
}
}
},
"email": false
}
}

View File

@ -23,10 +23,13 @@ server {
ssl_certificate_key /etc/nginx/ssl/{{ hackmd_domain }}.key;
ssl_certificate /etc/nginx/ssl/{{ hackmd_domain }}.crt;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://localhost:3000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
}
}