1
0
mirror of https://github.com/laurivosandi/certidude synced 2024-12-23 00:25:18 +00:00

Configuration generation fixes for nchan

This commit is contained in:
Lauri Võsandi 2017-04-14 11:06:09 +00:00
parent d6265c10d6
commit b9ac55fe26
2 changed files with 33 additions and 21 deletions

View File

@ -87,15 +87,20 @@ renewal allowed = false
;renewal allowed = true ;renewal allowed = true
[push] [push]
# This should occasionally be regenerated
event source token = {{ push_token }} event source token = {{ push_token }}
event source subscribe =
;event source subscribe = {{ push_server }}/ev/sub/%s # For local nchan
event source publish = event source publish = http://localhost/ev/pub/%s
;event source publish = {{ push_server }}/ev/pub/%s long poll publish = http://localhost/lp/pub/%s
long poll subscribe = event source subscribe = /ev/sub/%s
;long poll subscribe = {{ push_server }}/lp/sub/%s long poll subscribe = /lp/sub/%s
long poll publish =
;long poll publish = {{ push_server }}/lp/pub/%s # For remote nchan
;event source publish = //push.example.com/ev/pub/%s
;long poll publish = http://push.example.com/lp/pub/%s
;event source subscribe = //push.example.com/ev/sub/%s
;long poll subscribe = http://push.example.com/lp/sub/%s
[authority] [authority]
# Present form for CSR submission for logged in users # Present form for CSR submission for logged in users

View File

@ -41,19 +41,6 @@ server {
{% if not push_server %} {% if not push_server %}
# This only works with nchan, for Debian 9 just apt install libnginx-mod-nchan # This only works with nchan, for Debian 9 just apt install libnginx-mod-nchan
# For Ubuntu and older Debian releases install nchan from https://nchan.io/ # For Ubuntu and older Debian releases install nchan from https://nchan.io/
location ~ "^/lp/pub/(.*)" {
allow 127.0.0.1;
nchan_publisher;
nchan_channel_id $1;
nchan_message_buffer_length 0;
}
location ~ "^/ev/pub/(.*)" {
allow 127.0.0.1;
nchan_publisher;
nchan_channel_id $1;
nchan_message_buffer_length 0;
}
location ~ "^/lp/sub/(.*)" { location ~ "^/lp/sub/(.*)" {
nchan_channel_id $1; nchan_channel_id $1;
@ -68,3 +55,23 @@ server {
} }
{% if not push_server %}
server {
# Allow publishing only from localhost to prevent abuse
server_name localhost;
listen 127.0.0.1:80;
location ~ "^/lp/pub/(.*)" {
nchan_publisher;
nchan_channel_id $1;
nchan_message_buffer_length 0;
}
location ~ "^/ev/pub/(.*)" {
nchan_publisher;
nchan_channel_id $1;
nchan_message_buffer_length 0;
}
}
{% endif %}