hackmd: LDAP and vhost

roles/hackmd/templates/config.json.j2

@@ -1,6 +1,6 @@
 {
     "production": {
-        "_domain": "{{ hackmd_domain }}",
+        "domain": "{{ hackmd_domain }}",
         "_hsts": {
             "enable": true,
             "maxAgeSeconds": "31536000",
@@ -10,6 +10,7 @@
         "csp": {
             "enable": true,
             "directives": {
+                "imgSrc": ["self", "unsafe-inline"]
             },
             "upgradeInsecureRequests": "auto",
             "addDefaults": true,
@@ -30,12 +31,12 @@
             "bindCredentials": "{{ ldap_bindpw }}",
             "searchBase": "{{ ldap_base }}",
             "searchFilter": "(uid={{ '{{' }}username{{ '}}' }})",
-            "searchAttributes": ["cn"],
+            "searchAttributes": ["cn", "uid"],
             "usernameField": "cn",
             "useridField": "uid",
-            "tlsOptions": {
+            "tlsca": "/etc/ldap/ssl/BKCA.crt"
-                "changeme": "See https://nodejs.org/api/tls.html#tls_tls_connect_options_callback"
-            }
             }
+        },
+        "email": false
     }
 }

roles/hackmd/templates/vhost.j2

@@ -23,10 +23,13 @@ server {
 	ssl_certificate_key /etc/nginx/ssl/{{ hackmd_domain }}.key;
 	ssl_certificate /etc/nginx/ssl/{{ hackmd_domain }}.crt;
 
-
 	location / {
 		proxy_set_header X-Real-IP $remote_addr;
+		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
 		proxy_pass http://localhost:3000;
+		proxy_http_version 1.1;
+		proxy_set_header Upgrade $http_upgrade;
+		proxy_set_header Connection "Upgrade";
 	}
 
 }