hackmd: LDAP and vhost

This commit is contained in:
Markus 2018-04-12 18:30:30 +02:00
parent 344139e75c
commit b9086690dc
2 changed files with 10 additions and 6 deletions

View File

@ -1,6 +1,6 @@
{ {
"production": { "production": {
"_domain": "{{ hackmd_domain }}", "domain": "{{ hackmd_domain }}",
"_hsts": { "_hsts": {
"enable": true, "enable": true,
"maxAgeSeconds": "31536000", "maxAgeSeconds": "31536000",
@ -10,6 +10,7 @@
"csp": { "csp": {
"enable": true, "enable": true,
"directives": { "directives": {
"imgSrc": ["self", "unsafe-inline"]
}, },
"upgradeInsecureRequests": "auto", "upgradeInsecureRequests": "auto",
"addDefaults": true, "addDefaults": true,
@ -30,12 +31,12 @@
"bindCredentials": "{{ ldap_bindpw }}", "bindCredentials": "{{ ldap_bindpw }}",
"searchBase": "{{ ldap_base }}", "searchBase": "{{ ldap_base }}",
"searchFilter": "(uid={{ '{{' }}username{{ '}}' }})", "searchFilter": "(uid={{ '{{' }}username{{ '}}' }})",
"searchAttributes": ["cn"], "searchAttributes": ["cn", "uid"],
"usernameField": "cn", "usernameField": "cn",
"useridField": "uid", "useridField": "uid",
"tlsOptions": { "tlsca": "/etc/ldap/ssl/BKCA.crt"
"changeme": "See https://nodejs.org/api/tls.html#tls_tls_connect_options_callback"
}
} }
},
"email": false
} }
} }

View File

@ -23,10 +23,13 @@ server {
ssl_certificate_key /etc/nginx/ssl/{{ hackmd_domain }}.key; ssl_certificate_key /etc/nginx/ssl/{{ hackmd_domain }}.key;
ssl_certificate /etc/nginx/ssl/{{ hackmd_domain }}.crt; ssl_certificate /etc/nginx/ssl/{{ hackmd_domain }}.crt;
location / { location / {
proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://localhost:3000; proxy_pass http://localhost:3000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
} }
} }