Allow webfinger for keybase.io verification of sites

src/freedombone-app-etherpad

@@ -537,6 +537,12 @@ function install_etherpad {
         echo '    proxy_set_header  Host $host;' >> $etherpad_nginx_site
         echo '    proxy_buffering   off;' >> $etherpad_nginx_site
         echo '  }' >> $etherpad_nginx_site
+        echo '' >> $etherpad_nginx_site
+        echo "  # make sure webfinger and other well known services aren't blocked" >> $etherpad_nginx_site
+        echo '  # by denying dot files and rewrite request to the front controller' >> $etherpad_nginx_site
+        echo '  location ^~ /.well-known/ {' >> $etherpad_nginx_site
+        echo '      allow all;' >> $etherpad_nginx_site
+        echo '  }' >> $etherpad_nginx_site
         echo '}' >> $etherpad_nginx_site
     else
         echo -n '' > $etherpad_nginx_site
@@ -562,6 +568,12 @@ function install_etherpad {
     echo '    proxy_set_header  Host $host;' >> $etherpad_nginx_site
     echo '    proxy_buffering   off;' >> $etherpad_nginx_site
     echo '  }' >> $etherpad_nginx_site
+    echo '' >> $etherpad_nginx_site
+    echo "  # make sure webfinger and other well known services aren't blocked" >> $etherpad_nginx_site
+    echo '  # by denying dot files and rewrite request to the front controller' >> $etherpad_nginx_site
+    echo '  location ^~ /.well-known/ {' >> $etherpad_nginx_site
+    echo '      allow all;' >> $etherpad_nginx_site
+    echo '  }' >> $etherpad_nginx_site
     echo '}' >> $etherpad_nginx_site
 
     function_check create_site_certificate

src/freedombone-app-ghost

@@ -376,6 +376,12 @@ function install_ghost {
         echo '        log_not_found off;' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
         echo '        access_log /dev/null;' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
         echo '    }' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
+        echo '' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
+        echo "    # make sure webfinger and other well known services aren't blocked" >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
+        echo '    # by denying dot files and rewrite request to the front controller' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
+        echo '    location ^~ /.well-known/ {' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
+        echo '        allow all;' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
+        echo '    }' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
         echo '}' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
         echo '' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
     else
@@ -408,6 +414,12 @@ function install_ghost {
     echo '        log_not_found off;' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
     echo '        access_log /dev/null;' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
     echo '    }' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
+    echo '' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
+    echo "    # make sure webfinger and other well known services aren't blocked" >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
+    echo '    # by denying dot files and rewrite request to the front controller' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
+    echo '    location ^~ /.well-known/ {' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
+    echo '        allow all;' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
+    echo '    }' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
     echo '}' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
 
     function_check create_site_certificate

src/freedombone-app-gnusocial

@@ -606,6 +606,12 @@ function install_gnusocial_main {
         echo '  location ~ /\.(ht|git) {' >> $gnusocial_nginx_site
         echo '    deny all;' >> $gnusocial_nginx_site
         echo '  }' >> $gnusocial_nginx_site
+        echo '' >> $gnusocial_nginx_site
+        echo "  # make sure webfinger and other well known services aren't blocked" >> $gnusocial_nginx_site
+        echo '  # by denying dot files and rewrite request to the front controller' >> $gnusocial_nginx_site
+        echo '  location ^~ /.well-known/ {' >> $gnusocial_nginx_site
+        echo '      allow all;' >> $gnusocial_nginx_site
+        echo '  }' >> $gnusocial_nginx_site
         echo '}' >> $gnusocial_nginx_site
     else
         echo -n '' > $gnusocial_nginx_site
@@ -649,6 +655,11 @@ function install_gnusocial_main {
     echo '  location ~ /\.(ht|git) {' >> $gnusocial_nginx_site
     echo '    deny all;' >> $gnusocial_nginx_site
     echo '  }' >> $gnusocial_nginx_site
+    echo "  # make sure webfinger and other well known services aren't blocked" >> $gnusocial_nginx_site
+    echo '  # by denying dot files and rewrite request to the front controller' >> $gnusocial_nginx_site
+    echo '  location ^~ /.well-known/ {' >> $gnusocial_nginx_site
+    echo '      allow all;' >> $gnusocial_nginx_site
+    echo '  }' >> $gnusocial_nginx_site
     echo '}' >> $gnusocial_nginx_site
 
     function_check configure_php

src/freedombone-app-gogs

@@ -492,6 +492,12 @@ function install_gogs {
         echo '        log_not_found off;' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
         echo '        access_log /dev/null;' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
         echo '    }' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
+        echo '' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
+        echo "    # make sure webfinger and other well known services aren't blocked" >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
+        echo '    # by denying dot files and rewrite request to the front controller' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
+        echo '    location ^~ /.well-known/ {' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
+        echo '        allow all;' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
+        echo '    }' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
         echo '}' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
         echo '' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
     else
@@ -524,6 +530,12 @@ function install_gogs {
     echo '        log_not_found off;' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
     echo '        access_log /dev/null;' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
     echo '    }' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
+    echo '' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
+    echo "    # make sure webfinger and other well known services aren't blocked" >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
+    echo '    # by denying dot files and rewrite request to the front controller' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
+    echo '    location ^~ /.well-known/ {' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
+    echo '        allow all;' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
+    echo '    }' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
     echo '}' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
 
     function_check configure_php

src/freedombone-app-jitsi

@@ -407,6 +407,8 @@ function install_jitsi {
     sed -i "s|minHDHeight:.*|minHDHeight: 800,|g" /etc/jitsi/meet/${JITSI_DOMAIN_NAME}-config.js
     sed -i "s|clientNode:.*|clientNode: 'https://${JITSI_DOMAIN_NAME}',|g" /etc/jitsi/meet/${JITSI_DOMAIN_NAME}-config.js
 
+    sed -i "s|navigator.mozGetUserMedia|navigator.mediaDevices.getUserMedia|g" /usr/share/jitsi-meet/libs/lib-jitsi-meet.min.js
+
     function_check nginx_ensite
     nginx_ensite ${JITSI_DOMAIN_NAME}.conf
 

src/freedombone-app-mailpile

@@ -323,6 +323,12 @@ function install_mailpile {
         echo '    proxy_set_header X-Forwarded-Server $host;' >> $mailpile_nginx_site
         echo '    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;' >> $mailpile_nginx_site
         echo '  }' >> $mailpile_nginx_site
+        echo '' >> $mailpile_nginx_site
+        echo "  # make sure webfinger and other well known services aren't blocked" >> $mailpile_nginx_site
+        echo '  # by denying dot files and rewrite request to the front controller' >> $mailpile_nginx_site
+        echo '  location ^~ /.well-known/ {' >> $mailpile_nginx_site
+        echo '      allow all;' >> $mailpile_nginx_site
+        echo '  }' >> $mailpile_nginx_site
         echo '}' >> $mailpile_nginx_site
     else
         echo -n '' > $mailpile_nginx_site
@@ -349,6 +355,12 @@ function install_mailpile {
     echo '    proxy_set_header X-Forwarded-Server $host;' >> $mailpile_nginx_site
     echo '    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;' >> $mailpile_nginx_site
     echo '  }' >> $mailpile_nginx_site
+    echo '' >> $mailpile_nginx_site
+    echo "  # make sure webfinger and other well known services aren't blocked" >> $mailpile_nginx_site
+    echo '  # by denying dot files and rewrite request to the front controller' >> $mailpile_nginx_site
+    echo '  location ^~ /.well-known/ {' >> $mailpile_nginx_site
+    echo '      allow all;' >> $mailpile_nginx_site
+    echo '  }' >> $mailpile_nginx_site
     echo '}' >> $mailpile_nginx_site
 
     function_check create_site_certificate

src/freedombone-app-postactiv

@@ -450,6 +450,12 @@ function install_postactiv_main {
         echo '  location ~ /\.(ht|git) {' >> $postactiv_nginx_site
         echo '    deny all;' >> $postactiv_nginx_site
         echo '  }' >> $postactiv_nginx_site
+        echo '' >> $postactiv_nginx_site
+        echo "  # make sure webfinger and other well known services aren't blocked" >> $postactiv_nginx_site
+        echo '  # by denying dot files and rewrite request to the front controller' >> $postactiv_nginx_site
+        echo '  location ^~ /.well-known/ {' >> $postactiv_nginx_site
+        echo '      allow all;' >> $postactiv_nginx_site
+        echo '  }' >> $postactiv_nginx_site
         echo '}' >> $postactiv_nginx_site
     else
         echo -n '' > $postactiv_nginx_site
@@ -493,6 +499,12 @@ function install_postactiv_main {
     echo '  location ~ /\.(ht|git) {' >> $postactiv_nginx_site
     echo '    deny all;' >> $postactiv_nginx_site
     echo '  }' >> $postactiv_nginx_site
+    echo '' >> $postactiv_nginx_site
+    echo "  # make sure webfinger and other well known services aren't blocked" >> $postactiv_nginx_site
+    echo '  # by denying dot files and rewrite request to the front controller' >> $postactiv_nginx_site
+    echo '  location ^~ /.well-known/ {' >> $postactiv_nginx_site
+    echo '      allow all;' >> $postactiv_nginx_site
+    echo '  }' >> $postactiv_nginx_site
     echo '}' >> $postactiv_nginx_site
 
     function_check configure_php