Commit ef192357 authored by nono's avatar nono 💻
Browse files

Updated configuration of permissions

parent 23cf750f
......@@ -3,31 +3,37 @@ map $http_upgrade $connection_upgrade {
'' close;
}
server {
server_name {{ service_hedgedocs_domain | lower }};
location / {
proxy_pass http://127.0.0.1:3000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
location /socket.io/ {
proxy_pass http://127.0.0.1:3000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
}
server_name {{ service_hedgedocs_domain }};
location / {
proxy_pass http://127.0.0.1:3000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
location /socket.io/ {
proxy_pass http://127.0.0.1:3000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
}
listen [::]:443 ssl http2;
listen 443 ssl http2;
ssl_certificate /etc/letsencrypt/live/{{ service_hedgedocs_domain | lower }}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/{{ service_hedgedocs_domain | lower }}/privkey.pem;
# Errors
access_log /var/log/nginx/hedgedocs_access.log;
error_log /var/log/nginx/hedgedocs_error.log warn;
# SSL
ssl_certificate /etc/letsencrypt/live/{{ service_hedgedocs_domain }}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/{{ service_hedgedocs_domain }}/privkey.pem;
# Improve HTTPS performance with session resumption
ssl_session_cache shared:SSL:10m;
......
......@@ -13,8 +13,9 @@ RestartSec=2s
User=hedgedocs
Group=www-data
# the location you cloned CodiMD to.
WorkingDirectory=/home/hedgedocs/hedgedoc
ExecStart=/usr/bin/npm start --production
# This is relative to the home of the hedgedocs user : https://www.freedesktop.org/software/systemd/man/systemd.exec.html
WorkingDirectory=hedgedoc/
ExecStart=npm start --production
Restart=always
PrivateTmp=true
PrivateDevices=true
......
......@@ -28,7 +28,7 @@
dest: /home/hedgedocs/hedgedoc/config.json
owner: hedgedocs
group: www-data
mode: 0644
mode: 0600
- name: Configuration du fichier SystemD
template:
......
......@@ -17,5 +17,5 @@
dest: /home/hedgedocs/
owner: hedgedocs
group: www-data
mode: 0644
mode: 0740
remote_src: yes
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment