Commit ef192357 authored by nono's avatar nono 💻
Browse files

Updated configuration of permissions

parent 23cf750f
...@@ -3,31 +3,37 @@ map $http_upgrade $connection_upgrade { ...@@ -3,31 +3,37 @@ map $http_upgrade $connection_upgrade {
'' close; '' close;
} }
server { server {
server_name {{ service_hedgedocs_domain | lower }};
server_name {{ service_hedgedocs_domain }};
location / {
proxy_pass http://127.0.0.1:3000; location / {
proxy_set_header Host $host; proxy_pass http://127.0.0.1:3000;
proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
} proxy_set_header X-Forwarded-Proto $scheme;
}
location /socket.io/ {
proxy_pass http://127.0.0.1:3000; location /socket.io/ {
proxy_set_header Host $host; proxy_pass http://127.0.0.1:3000;
proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade; proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Connection $connection_upgrade; proxy_set_header Upgrade $http_upgrade;
} proxy_set_header Connection $connection_upgrade;
}
listen [::]:443 ssl http2; listen [::]:443 ssl http2;
listen 443 ssl http2; listen 443 ssl http2;
ssl_certificate /etc/letsencrypt/live/{{ service_hedgedocs_domain | lower }}/fullchain.pem; # Errors
ssl_certificate_key /etc/letsencrypt/live/{{ service_hedgedocs_domain | lower }}/privkey.pem; access_log /var/log/nginx/hedgedocs_access.log;
error_log /var/log/nginx/hedgedocs_error.log warn;
# SSL
ssl_certificate /etc/letsencrypt/live/{{ service_hedgedocs_domain }}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/{{ service_hedgedocs_domain }}/privkey.pem;
# Improve HTTPS performance with session resumption # Improve HTTPS performance with session resumption
ssl_session_cache shared:SSL:10m; ssl_session_cache shared:SSL:10m;
......
...@@ -13,8 +13,9 @@ RestartSec=2s ...@@ -13,8 +13,9 @@ RestartSec=2s
User=hedgedocs User=hedgedocs
Group=www-data Group=www-data
# the location you cloned CodiMD to. # the location you cloned CodiMD to.
WorkingDirectory=/home/hedgedocs/hedgedoc # This is relative to the home of the hedgedocs user : https://www.freedesktop.org/software/systemd/man/systemd.exec.html
ExecStart=/usr/bin/npm start --production WorkingDirectory=hedgedoc/
ExecStart=npm start --production
Restart=always Restart=always
PrivateTmp=true PrivateTmp=true
PrivateDevices=true PrivateDevices=true
......
...@@ -28,7 +28,7 @@ ...@@ -28,7 +28,7 @@
dest: /home/hedgedocs/hedgedoc/config.json dest: /home/hedgedocs/hedgedoc/config.json
owner: hedgedocs owner: hedgedocs
group: www-data group: www-data
mode: 0644 mode: 0600
- name: Configuration du fichier SystemD - name: Configuration du fichier SystemD
template: template:
......
...@@ -17,5 +17,5 @@ ...@@ -17,5 +17,5 @@
dest: /home/hedgedocs/ dest: /home/hedgedocs/
owner: hedgedocs owner: hedgedocs
group: www-data group: www-data
mode: 0644 mode: 0740
remote_src: yes remote_src: yes
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment