funkwhale: Fix for potential startup issue
Also updates the nginx config to the current version
This commit is contained in:
parent
9f926c68ed
commit
373ee3cef8
3 changed files with 35 additions and 6 deletions
|
@ -4,7 +4,7 @@ appVersion: "1.2.1"
|
||||||
description: A social platform to enjoy and share music
|
description: A social platform to enjoy and share music
|
||||||
icon: https://funkwhale.audio/favicon.png
|
icon: https://funkwhale.audio/favicon.png
|
||||||
name: funkwhale
|
name: funkwhale
|
||||||
version: 0.4.4
|
version: 0.4.5
|
||||||
|
|
||||||
dependencies:
|
dependencies:
|
||||||
- name: redis
|
- name: redis
|
||||||
|
|
|
@ -28,9 +28,36 @@ data:
|
||||||
|
|
||||||
root /frontend;
|
root /frontend;
|
||||||
|
|
||||||
add_header Content-Security-Policy "default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self' data:; object-src 'none'; media-src 'self' data:";
|
add_header Content-Security-Policy "default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self' data:; object-src 'none'; media-src 'self' data:; worker-src 'self'";
|
||||||
add_header Referrer-Policy "strict-origin-when-cross-origin";
|
add_header Referrer-Policy "strict-origin-when-cross-origin";
|
||||||
|
add_header X-Frame-Options "SAMEORIGIN" always;
|
||||||
|
|
||||||
|
# compression settings
|
||||||
|
gzip on;
|
||||||
|
gzip_comp_level 5;
|
||||||
|
gzip_min_length 256;
|
||||||
|
gzip_proxied any;
|
||||||
|
gzip_vary on;
|
||||||
|
|
||||||
|
gzip_types
|
||||||
|
application/javascript
|
||||||
|
application/vnd.geo+json
|
||||||
|
application/vnd.ms-fontobject
|
||||||
|
application/x-font-ttf
|
||||||
|
application/x-web-app-manifest+json
|
||||||
|
font/opentype
|
||||||
|
image/bmp
|
||||||
|
image/svg+xml
|
||||||
|
image/x-icon
|
||||||
|
text/cache-manifest
|
||||||
|
text/css
|
||||||
|
text/plain
|
||||||
|
text/vcard
|
||||||
|
text/vnd.rim.location.xloc
|
||||||
|
text/vtt
|
||||||
|
text/x-component
|
||||||
|
text/x-cross-domain-policy;
|
||||||
|
# end of compression settings
|
||||||
|
|
||||||
location / {
|
location / {
|
||||||
include /etc/nginx/funkwhale_proxy.conf;
|
include /etc/nginx/funkwhale_proxy.conf;
|
||||||
|
@ -40,7 +67,7 @@ data:
|
||||||
}
|
}
|
||||||
|
|
||||||
location /front/ {
|
location /front/ {
|
||||||
add_header Content-Security-Policy "default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self' data:; object-src 'none'; media-src 'self' data:";
|
add_header Content-Security-Policy "default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self' data:; object-src 'none'; media-src 'self' data:; worker-src 'self'";
|
||||||
add_header Referrer-Policy "strict-origin-when-cross-origin";
|
add_header Referrer-Policy "strict-origin-when-cross-origin";
|
||||||
add_header Service-Worker-Allowed "/";
|
add_header Service-Worker-Allowed "/";
|
||||||
add_header X-Frame-Options "ALLOW";
|
add_header X-Frame-Options "ALLOW";
|
||||||
|
@ -51,10 +78,10 @@ data:
|
||||||
}
|
}
|
||||||
|
|
||||||
location /front/embed.html {
|
location /front/embed.html {
|
||||||
add_header Content-Security-Policy "default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self' data:; object-src 'none'; media-src 'self' data:";
|
add_header Content-Security-Policy "default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self' data:; object-src 'none'; media-src 'self' data:; worker-src 'self'";
|
||||||
add_header Referrer-Policy "strict-origin-when-cross-origin";
|
add_header Referrer-Policy "strict-origin-when-cross-origin";
|
||||||
|
|
||||||
add_header X-Frame-Options "ALLOW";
|
add_header X-Frame-Options "" always;
|
||||||
alias /frontend/embed.html;
|
alias /frontend/embed.html;
|
||||||
expires 30d;
|
expires 30d;
|
||||||
add_header Pragma public;
|
add_header Pragma public;
|
||||||
|
@ -84,6 +111,7 @@ data:
|
||||||
{{- if .Values.s3.enabled }}
|
{{- if .Values.s3.enabled }}
|
||||||
location ~ /_protected/media/(.+) {
|
location ~ /_protected/media/(.+) {
|
||||||
internal;
|
internal;
|
||||||
|
# Needed to ensure DSub auth isn't forwarded to S3/Minio, see #932
|
||||||
proxy_set_header Authorization "";
|
proxy_set_header Authorization "";
|
||||||
proxy_pass $1;
|
proxy_pass $1;
|
||||||
}
|
}
|
||||||
|
@ -103,7 +131,7 @@ data:
|
||||||
# has been checked on API side
|
# has been checked on API side
|
||||||
# Set this to the same value as your MUSIC_DIRECTORY_PATH setting
|
# Set this to the same value as your MUSIC_DIRECTORY_PATH setting
|
||||||
internal;
|
internal;
|
||||||
alias ${MUSIC_DIRECTORY_PATH};
|
alias ${MUSIC_DIRECTORY_SERVE_PATH};
|
||||||
}
|
}
|
||||||
|
|
||||||
location /staticfiles/ {
|
location /staticfiles/ {
|
||||||
|
|
|
@ -11,6 +11,7 @@ metadata:
|
||||||
data:
|
data:
|
||||||
FUNKWHALE_HOSTNAME: {{ .Values.ingress.host }}
|
FUNKWHALE_HOSTNAME: {{ .Values.ingress.host }}
|
||||||
FUNKWHALE_PROTOCOL: {{ .Values.ingress.protocol }}
|
FUNKWHALE_PROTOCOL: {{ .Values.ingress.protocol }}
|
||||||
|
FUNKWHALE_SPA_HTML_ROOT: http://localhost/front/
|
||||||
REVERSE_PROXY_TYPE: nginx
|
REVERSE_PROXY_TYPE: nginx
|
||||||
MEDIA_ROOT: /srv/funkwhale/data/media
|
MEDIA_ROOT: /srv/funkwhale/data/media
|
||||||
STATIC_ROOT: /srv/funkwhale/data/static
|
STATIC_ROOT: /srv/funkwhale/data/static
|
||||||
|
|
Loading…
Reference in a new issue