Playing with CSP report-to/report-uri.
This commit is contained in:
parent
1bba7b29ed
commit
60d71bd8eb
|
@ -64,6 +64,11 @@
|
|||
root /var/www/afpy.org/;
|
||||
include snippets/letsencrypt-afpy.org.conf;
|
||||
index index.html;
|
||||
|
||||
add_header Report-To '{"group": "xmpp", "max_age": 10886400, "endpoints": [{ "url": "https://http-to-xmpp.afpy.org" }] }';
|
||||
add_header Content-Security-Policy-Report-Only "default-src 'none'; img-src 'self'; style-src 'self'; script-src 'self'; frame-ancestors 'self'; frame-src https://www.helloasso.com https://web.libera.chat report-uri https://http-to-xmpp.afpy.org; report-to xmpp";
|
||||
add_header X-Content-Type-Options "nosniff";
|
||||
|
||||
location /discord
|
||||
{
|
||||
return 301 https://discord.gg/qaxq8tVcjx;
|
||||
|
|
|
@ -0,0 +1,99 @@
|
|||
---
|
||||
|
||||
- hosts: http_to_xmpp
|
||||
vars:
|
||||
user: http-to-xmpp
|
||||
home: /home/http-to-xmpp/
|
||||
xmpp_jid: 'afpy@chapril.org'
|
||||
xmpp_dest_jid: 'mdk@chapril.org'
|
||||
xmpp_password: !vault |
|
||||
$ANSIBLE_VAULT;1.1;AES256
|
||||
31393038346161613063653031313232633461373937656433363364656131376330316461666664
|
||||
3363636533376632646239393364623762653535343563310a353434666166626232363339313235
|
||||
39303566363935613138663536343236643964663838343839616562393732633034393938383430
|
||||
6361613237666235390a653332373339636262663633363833666237653538646439363766383536
|
||||
3738
|
||||
tasks:
|
||||
- name: A user for the HTTP to XMPP gate
|
||||
user:
|
||||
name: "{{ user }}"
|
||||
system: true
|
||||
|
||||
- name: A venv for the HTTP to XMPP gate
|
||||
become: true
|
||||
become_user: "{{ user }}"
|
||||
command: python3 -m venv --upgrade-deps {{ home }}/venv
|
||||
changed_when: False
|
||||
|
||||
- name: Install http-to-xmpp
|
||||
become: true
|
||||
become_user: "{{ user }}"
|
||||
pip:
|
||||
name: [http-to-xmpp, pytz]
|
||||
virtualenv_command: /usr/bin/python3 -m venv
|
||||
virtualenv: "{{ home }}/venv/"
|
||||
|
||||
- name: Setup http-to-xmpp.afpy.org
|
||||
include_role: name=nginx
|
||||
vars:
|
||||
nginx_owner: "{{ user }}"
|
||||
nginx_domain: http-to-xmpp.afpy.org
|
||||
nginx_certificates: [http-to-xmpp.afpy.org]
|
||||
nginx_conf: |
|
||||
server
|
||||
{
|
||||
listen [::]:80; listen 80;
|
||||
server_name http-to-xmpp.afpy.org;
|
||||
return 301 https://$host$request_uri;
|
||||
}
|
||||
|
||||
server
|
||||
{
|
||||
listen [::]:443 ssl http2; listen 443 ssl http2;
|
||||
server_name http-to-xmpp.afpy.org;
|
||||
include snippets/letsencrypt-http-to-xmpp.afpy.org.conf;
|
||||
index index.html;
|
||||
|
||||
location /
|
||||
{
|
||||
include proxy_params;
|
||||
proxy_pass http://localhost:1985;
|
||||
}
|
||||
}
|
||||
|
||||
- name: Service for http-to-xmpp
|
||||
notify: restart gate
|
||||
copy:
|
||||
dest: /etc/systemd/system/http-to-xmpp.service
|
||||
mode: 0600
|
||||
content: |
|
||||
[Unit]
|
||||
Description=HTTP to XMPP gateway
|
||||
After=network.target
|
||||
|
||||
[Service]
|
||||
Type=simple
|
||||
Environment="XMPP_JID={{ xmpp_jid }}"
|
||||
Environment="XMPP_PASSWORD={{ xmpp_password }}"
|
||||
Environment="XMPP_DEST_JID={{ xmpp_dest_jid }}"
|
||||
ExecStart={{ home }}/venv/bin/http-to-xmpp
|
||||
|
||||
User={{ user }}
|
||||
WorkingDirectory={{ home }}
|
||||
Restart=on-failure
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
|
||||
- service:
|
||||
name: http-to-xmpp
|
||||
enabled: yes
|
||||
state: started
|
||||
daemon_reload: yes
|
||||
|
||||
handlers:
|
||||
- name: restart gate
|
||||
systemd:
|
||||
daemon_reload: true
|
||||
state: restarted
|
||||
name: http-to-xmpp
|
Loading…
Reference in New Issue