Allow webfinger for keybase.io verification of sites

This commit is contained in:
Bob Mottram 2016-11-11 16:26:54 +00:00
parent 49b56c47e7
commit 2361b0f0a8
7 changed files with 73 additions and 0 deletions

View File

@ -537,6 +537,12 @@ function install_etherpad {
echo ' proxy_set_header Host $host;' >> $etherpad_nginx_site echo ' proxy_set_header Host $host;' >> $etherpad_nginx_site
echo ' proxy_buffering off;' >> $etherpad_nginx_site echo ' proxy_buffering off;' >> $etherpad_nginx_site
echo ' }' >> $etherpad_nginx_site echo ' }' >> $etherpad_nginx_site
echo '' >> $etherpad_nginx_site
echo " # make sure webfinger and other well known services aren't blocked" >> $etherpad_nginx_site
echo ' # by denying dot files and rewrite request to the front controller' >> $etherpad_nginx_site
echo ' location ^~ /.well-known/ {' >> $etherpad_nginx_site
echo ' allow all;' >> $etherpad_nginx_site
echo ' }' >> $etherpad_nginx_site
echo '}' >> $etherpad_nginx_site echo '}' >> $etherpad_nginx_site
else else
echo -n '' > $etherpad_nginx_site echo -n '' > $etherpad_nginx_site
@ -562,6 +568,12 @@ function install_etherpad {
echo ' proxy_set_header Host $host;' >> $etherpad_nginx_site echo ' proxy_set_header Host $host;' >> $etherpad_nginx_site
echo ' proxy_buffering off;' >> $etherpad_nginx_site echo ' proxy_buffering off;' >> $etherpad_nginx_site
echo ' }' >> $etherpad_nginx_site echo ' }' >> $etherpad_nginx_site
echo '' >> $etherpad_nginx_site
echo " # make sure webfinger and other well known services aren't blocked" >> $etherpad_nginx_site
echo ' # by denying dot files and rewrite request to the front controller' >> $etherpad_nginx_site
echo ' location ^~ /.well-known/ {' >> $etherpad_nginx_site
echo ' allow all;' >> $etherpad_nginx_site
echo ' }' >> $etherpad_nginx_site
echo '}' >> $etherpad_nginx_site echo '}' >> $etherpad_nginx_site
function_check create_site_certificate function_check create_site_certificate

View File

@ -376,6 +376,12 @@ function install_ghost {
echo ' log_not_found off;' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME} echo ' log_not_found off;' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
echo ' access_log /dev/null;' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME} echo ' access_log /dev/null;' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
echo ' }' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME} echo ' }' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
echo '' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
echo " # make sure webfinger and other well known services aren't blocked" >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
echo ' # by denying dot files and rewrite request to the front controller' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
echo ' location ^~ /.well-known/ {' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
echo ' allow all;' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
echo ' }' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
echo '}' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME} echo '}' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
echo '' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME} echo '' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
else else
@ -408,6 +414,12 @@ function install_ghost {
echo ' log_not_found off;' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME} echo ' log_not_found off;' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
echo ' access_log /dev/null;' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME} echo ' access_log /dev/null;' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
echo ' }' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME} echo ' }' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
echo '' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
echo " # make sure webfinger and other well known services aren't blocked" >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
echo ' # by denying dot files and rewrite request to the front controller' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
echo ' location ^~ /.well-known/ {' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
echo ' allow all;' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
echo ' }' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
echo '}' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME} echo '}' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
function_check create_site_certificate function_check create_site_certificate

View File

@ -606,6 +606,12 @@ function install_gnusocial_main {
echo ' location ~ /\.(ht|git) {' >> $gnusocial_nginx_site echo ' location ~ /\.(ht|git) {' >> $gnusocial_nginx_site
echo ' deny all;' >> $gnusocial_nginx_site echo ' deny all;' >> $gnusocial_nginx_site
echo ' }' >> $gnusocial_nginx_site echo ' }' >> $gnusocial_nginx_site
echo '' >> $gnusocial_nginx_site
echo " # make sure webfinger and other well known services aren't blocked" >> $gnusocial_nginx_site
echo ' # by denying dot files and rewrite request to the front controller' >> $gnusocial_nginx_site
echo ' location ^~ /.well-known/ {' >> $gnusocial_nginx_site
echo ' allow all;' >> $gnusocial_nginx_site
echo ' }' >> $gnusocial_nginx_site
echo '}' >> $gnusocial_nginx_site echo '}' >> $gnusocial_nginx_site
else else
echo -n '' > $gnusocial_nginx_site echo -n '' > $gnusocial_nginx_site
@ -649,6 +655,11 @@ function install_gnusocial_main {
echo ' location ~ /\.(ht|git) {' >> $gnusocial_nginx_site echo ' location ~ /\.(ht|git) {' >> $gnusocial_nginx_site
echo ' deny all;' >> $gnusocial_nginx_site echo ' deny all;' >> $gnusocial_nginx_site
echo ' }' >> $gnusocial_nginx_site echo ' }' >> $gnusocial_nginx_site
echo " # make sure webfinger and other well known services aren't blocked" >> $gnusocial_nginx_site
echo ' # by denying dot files and rewrite request to the front controller' >> $gnusocial_nginx_site
echo ' location ^~ /.well-known/ {' >> $gnusocial_nginx_site
echo ' allow all;' >> $gnusocial_nginx_site
echo ' }' >> $gnusocial_nginx_site
echo '}' >> $gnusocial_nginx_site echo '}' >> $gnusocial_nginx_site
function_check configure_php function_check configure_php

View File

@ -492,6 +492,12 @@ function install_gogs {
echo ' log_not_found off;' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME} echo ' log_not_found off;' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
echo ' access_log /dev/null;' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME} echo ' access_log /dev/null;' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
echo ' }' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME} echo ' }' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
echo '' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
echo " # make sure webfinger and other well known services aren't blocked" >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
echo ' # by denying dot files and rewrite request to the front controller' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
echo ' location ^~ /.well-known/ {' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
echo ' allow all;' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
echo ' }' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
echo '}' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME} echo '}' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
echo '' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME} echo '' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
else else
@ -524,6 +530,12 @@ function install_gogs {
echo ' log_not_found off;' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME} echo ' log_not_found off;' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
echo ' access_log /dev/null;' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME} echo ' access_log /dev/null;' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
echo ' }' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME} echo ' }' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
echo '' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
echo " # make sure webfinger and other well known services aren't blocked" >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
echo ' # by denying dot files and rewrite request to the front controller' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
echo ' location ^~ /.well-known/ {' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
echo ' allow all;' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
echo ' }' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
echo '}' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME} echo '}' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
function_check configure_php function_check configure_php

View File

@ -407,6 +407,8 @@ function install_jitsi {
sed -i "s|minHDHeight:.*|minHDHeight: 800,|g" /etc/jitsi/meet/${JITSI_DOMAIN_NAME}-config.js sed -i "s|minHDHeight:.*|minHDHeight: 800,|g" /etc/jitsi/meet/${JITSI_DOMAIN_NAME}-config.js
sed -i "s|clientNode:.*|clientNode: 'https://${JITSI_DOMAIN_NAME}',|g" /etc/jitsi/meet/${JITSI_DOMAIN_NAME}-config.js sed -i "s|clientNode:.*|clientNode: 'https://${JITSI_DOMAIN_NAME}',|g" /etc/jitsi/meet/${JITSI_DOMAIN_NAME}-config.js
sed -i "s|navigator.mozGetUserMedia|navigator.mediaDevices.getUserMedia|g" /usr/share/jitsi-meet/libs/lib-jitsi-meet.min.js
function_check nginx_ensite function_check nginx_ensite
nginx_ensite ${JITSI_DOMAIN_NAME}.conf nginx_ensite ${JITSI_DOMAIN_NAME}.conf

View File

@ -323,6 +323,12 @@ function install_mailpile {
echo ' proxy_set_header X-Forwarded-Server $host;' >> $mailpile_nginx_site echo ' proxy_set_header X-Forwarded-Server $host;' >> $mailpile_nginx_site
echo ' proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;' >> $mailpile_nginx_site echo ' proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;' >> $mailpile_nginx_site
echo ' }' >> $mailpile_nginx_site echo ' }' >> $mailpile_nginx_site
echo '' >> $mailpile_nginx_site
echo " # make sure webfinger and other well known services aren't blocked" >> $mailpile_nginx_site
echo ' # by denying dot files and rewrite request to the front controller' >> $mailpile_nginx_site
echo ' location ^~ /.well-known/ {' >> $mailpile_nginx_site
echo ' allow all;' >> $mailpile_nginx_site
echo ' }' >> $mailpile_nginx_site
echo '}' >> $mailpile_nginx_site echo '}' >> $mailpile_nginx_site
else else
echo -n '' > $mailpile_nginx_site echo -n '' > $mailpile_nginx_site
@ -349,6 +355,12 @@ function install_mailpile {
echo ' proxy_set_header X-Forwarded-Server $host;' >> $mailpile_nginx_site echo ' proxy_set_header X-Forwarded-Server $host;' >> $mailpile_nginx_site
echo ' proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;' >> $mailpile_nginx_site echo ' proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;' >> $mailpile_nginx_site
echo ' }' >> $mailpile_nginx_site echo ' }' >> $mailpile_nginx_site
echo '' >> $mailpile_nginx_site
echo " # make sure webfinger and other well known services aren't blocked" >> $mailpile_nginx_site
echo ' # by denying dot files and rewrite request to the front controller' >> $mailpile_nginx_site
echo ' location ^~ /.well-known/ {' >> $mailpile_nginx_site
echo ' allow all;' >> $mailpile_nginx_site
echo ' }' >> $mailpile_nginx_site
echo '}' >> $mailpile_nginx_site echo '}' >> $mailpile_nginx_site
function_check create_site_certificate function_check create_site_certificate

View File

@ -450,6 +450,12 @@ function install_postactiv_main {
echo ' location ~ /\.(ht|git) {' >> $postactiv_nginx_site echo ' location ~ /\.(ht|git) {' >> $postactiv_nginx_site
echo ' deny all;' >> $postactiv_nginx_site echo ' deny all;' >> $postactiv_nginx_site
echo ' }' >> $postactiv_nginx_site echo ' }' >> $postactiv_nginx_site
echo '' >> $postactiv_nginx_site
echo " # make sure webfinger and other well known services aren't blocked" >> $postactiv_nginx_site
echo ' # by denying dot files and rewrite request to the front controller' >> $postactiv_nginx_site
echo ' location ^~ /.well-known/ {' >> $postactiv_nginx_site
echo ' allow all;' >> $postactiv_nginx_site
echo ' }' >> $postactiv_nginx_site
echo '}' >> $postactiv_nginx_site echo '}' >> $postactiv_nginx_site
else else
echo -n '' > $postactiv_nginx_site echo -n '' > $postactiv_nginx_site
@ -493,6 +499,12 @@ function install_postactiv_main {
echo ' location ~ /\.(ht|git) {' >> $postactiv_nginx_site echo ' location ~ /\.(ht|git) {' >> $postactiv_nginx_site
echo ' deny all;' >> $postactiv_nginx_site echo ' deny all;' >> $postactiv_nginx_site
echo ' }' >> $postactiv_nginx_site echo ' }' >> $postactiv_nginx_site
echo '' >> $postactiv_nginx_site
echo " # make sure webfinger and other well known services aren't blocked" >> $postactiv_nginx_site
echo ' # by denying dot files and rewrite request to the front controller' >> $postactiv_nginx_site
echo ' location ^~ /.well-known/ {' >> $postactiv_nginx_site
echo ' allow all;' >> $postactiv_nginx_site
echo ' }' >> $postactiv_nginx_site
echo '}' >> $postactiv_nginx_site echo '}' >> $postactiv_nginx_site
function_check configure_php function_check configure_php