|
|
|
|
@ -24,7 +24,8 @@ server {
|
|
|
|
|
# for these purposes allows you to move them to a separate machine at a later date
|
|
|
|
|
# if you find that a single machine cannot handle all of your users.
|
|
|
|
|
# If you don't use dedicated domains, this can be the same as $main_domain
|
|
|
|
|
# If you do, they'll be added as exceptions to any rules which block connections to remote domains.
|
|
|
|
|
# If you do, they can be added as exceptions to any rules which block connections to remote domains.
|
|
|
|
|
# You can find these variables referenced below in the relevant places
|
|
|
|
|
set $api_domain "api.your-main-domain.com";
|
|
|
|
|
set $files_domain "files.your-main-domain.com";
|
|
|
|
|
|
|
|
|
|
@ -86,7 +87,9 @@ server {
|
|
|
|
|
set $styleSrc "'unsafe-inline' 'self' https://${main_domain}";
|
|
|
|
|
|
|
|
|
|
# connect-src restricts URLs which can be loaded using script interfaces
|
|
|
|
|
set $connectSrc "'self' https://${main_domain} https://${api_domain} blob: wss://${api_domain} https://${files_domain} https://${sandbox_domain}";
|
|
|
|
|
# if you have configured your instance to use a dedicated $files_domain or $api_domain
|
|
|
|
|
# you will need to add them below as: https://${files_domain} and https://${api_domain}
|
|
|
|
|
set $connectSrc "'self' https://${main_domain} blob: wss://${api_domain} https://${sandbox_domain}";
|
|
|
|
|
|
|
|
|
|
# fonts can be loaded from data-URLs or the main domain
|
|
|
|
|
set $fontSrc "'self' data: https://${main_domain}";
|
|
|
|
|
|
ansuz
3 years ago