free
/
freedombone
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
Browse Source

Allow webfinger for keybase.io verification of sites

Bob Mottram 8 years ago
parent
49b56c47e7
commit
2361b0f0a8
7 changed files with 73 additions and 0 deletions
Unified View Show Diff Stats
  1. 12
    0
      src/freedombone-app-etherpad
  2. 12
    0
      src/freedombone-app-ghost
  3. 11
    0
      src/freedombone-app-gnusocial
  4. 12
    0
      src/freedombone-app-gogs
  5. 2
    0
      src/freedombone-app-jitsi
  6. 12
    0
      src/freedombone-app-mailpile
  7. 12
    0
      src/freedombone-app-postactiv

+ 12
- 0
src/freedombone-app-etherpad View File

537 
         echo '    proxy_set_header  Host $host;' >> $etherpad_nginx_site
 537 
         echo '    proxy_set_header  Host $host;' >> $etherpad_nginx_site
538 
         echo '    proxy_buffering   off;' >> $etherpad_nginx_site
 538 
         echo '    proxy_buffering   off;' >> $etherpad_nginx_site
539 
         echo '  }' >> $etherpad_nginx_site
 539 
         echo '  }' >> $etherpad_nginx_site
540 
+        echo '' >> $etherpad_nginx_site
541 
+        echo "  # make sure webfinger and other well known services aren't blocked" >> $etherpad_nginx_site
542 
+        echo '  # by denying dot files and rewrite request to the front controller' >> $etherpad_nginx_site
543 
+        echo '  location ^~ /.well-known/ {' >> $etherpad_nginx_site
544 
+        echo '      allow all;' >> $etherpad_nginx_site
545 
+        echo '  }' >> $etherpad_nginx_site
540 
         echo '}' >> $etherpad_nginx_site
 546 
         echo '}' >> $etherpad_nginx_site
541 
     else
 547 
     else
542 
         echo -n '' > $etherpad_nginx_site
 548 
         echo -n '' > $etherpad_nginx_site
562 
     echo '    proxy_set_header  Host $host;' >> $etherpad_nginx_site
 568 
     echo '    proxy_set_header  Host $host;' >> $etherpad_nginx_site
563 
     echo '    proxy_buffering   off;' >> $etherpad_nginx_site
 569 
     echo '    proxy_buffering   off;' >> $etherpad_nginx_site
564 
     echo '  }' >> $etherpad_nginx_site
 570 
     echo '  }' >> $etherpad_nginx_site
571 
+    echo '' >> $etherpad_nginx_site
572 
+    echo "  # make sure webfinger and other well known services aren't blocked" >> $etherpad_nginx_site
573 
+    echo '  # by denying dot files and rewrite request to the front controller' >> $etherpad_nginx_site
574 
+    echo '  location ^~ /.well-known/ {' >> $etherpad_nginx_site
575 
+    echo '      allow all;' >> $etherpad_nginx_site
576 
+    echo '  }' >> $etherpad_nginx_site
565 
     echo '}' >> $etherpad_nginx_site
 577 
     echo '}' >> $etherpad_nginx_site
566
578
567 
     function_check create_site_certificate
 579 
     function_check create_site_certificate

+ 12
- 0
src/freedombone-app-ghost View File

376 
         echo '        log_not_found off;' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
 376 
         echo '        log_not_found off;' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
377 
         echo '        access_log /dev/null;' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
 377 
         echo '        access_log /dev/null;' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
378 
         echo '    }' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
 378 
         echo '    }' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
379 
+        echo '' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
380 
+        echo "    # make sure webfinger and other well known services aren't blocked" >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
381 
+        echo '    # by denying dot files and rewrite request to the front controller' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
382 
+        echo '    location ^~ /.well-known/ {' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
383 
+        echo '        allow all;' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
384 
+        echo '    }' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
379 
         echo '}' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
 385 
         echo '}' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
380 
         echo '' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
 386 
         echo '' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
381 
     else
 387 
     else
408 
     echo '        log_not_found off;' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
 414 
     echo '        log_not_found off;' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
409 
     echo '        access_log /dev/null;' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
 415 
     echo '        access_log /dev/null;' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
410 
     echo '    }' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
 416 
     echo '    }' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
417 
+    echo '' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
418 
+    echo "    # make sure webfinger and other well known services aren't blocked" >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
419 
+    echo '    # by denying dot files and rewrite request to the front controller' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
420 
+    echo '    location ^~ /.well-known/ {' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
421 
+    echo '        allow all;' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
422 
+    echo '    }' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
411 
     echo '}' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
 423 
     echo '}' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
412
424
413 
     function_check create_site_certificate
 425 
     function_check create_site_certificate

+ 11
- 0
src/freedombone-app-gnusocial View File

606 
         echo '  location ~ /\.(ht|git) {' >> $gnusocial_nginx_site
 606 
         echo '  location ~ /\.(ht|git) {' >> $gnusocial_nginx_site
607 
         echo '    deny all;' >> $gnusocial_nginx_site
 607 
         echo '    deny all;' >> $gnusocial_nginx_site
608 
         echo '  }' >> $gnusocial_nginx_site
 608 
         echo '  }' >> $gnusocial_nginx_site
609 
+        echo '' >> $gnusocial_nginx_site
610 
+        echo "  # make sure webfinger and other well known services aren't blocked" >> $gnusocial_nginx_site
611 
+        echo '  # by denying dot files and rewrite request to the front controller' >> $gnusocial_nginx_site
612 
+        echo '  location ^~ /.well-known/ {' >> $gnusocial_nginx_site
613 
+        echo '      allow all;' >> $gnusocial_nginx_site
614 
+        echo '  }' >> $gnusocial_nginx_site
609 
         echo '}' >> $gnusocial_nginx_site
 615 
         echo '}' >> $gnusocial_nginx_site
610 
     else
 616 
     else
611 
         echo -n '' > $gnusocial_nginx_site
 617 
         echo -n '' > $gnusocial_nginx_site
649 
     echo '  location ~ /\.(ht|git) {' >> $gnusocial_nginx_site
 655 
     echo '  location ~ /\.(ht|git) {' >> $gnusocial_nginx_site
650 
     echo '    deny all;' >> $gnusocial_nginx_site
 656 
     echo '    deny all;' >> $gnusocial_nginx_site
651 
     echo '  }' >> $gnusocial_nginx_site
 657 
     echo '  }' >> $gnusocial_nginx_site
658 
+    echo "  # make sure webfinger and other well known services aren't blocked" >> $gnusocial_nginx_site
659 
+    echo '  # by denying dot files and rewrite request to the front controller' >> $gnusocial_nginx_site
660 
+    echo '  location ^~ /.well-known/ {' >> $gnusocial_nginx_site
661 
+    echo '      allow all;' >> $gnusocial_nginx_site
662 
+    echo '  }' >> $gnusocial_nginx_site
652 
     echo '}' >> $gnusocial_nginx_site
 663 
     echo '}' >> $gnusocial_nginx_site
653
664
654 
     function_check configure_php
 665 
     function_check configure_php

+ 12
- 0
src/freedombone-app-gogs View File

492 
         echo '        log_not_found off;' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
 492 
         echo '        log_not_found off;' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
493 
         echo '        access_log /dev/null;' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
 493 
         echo '        access_log /dev/null;' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
494 
         echo '    }' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
 494 
         echo '    }' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
495 
+        echo '' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
496 
+        echo "    # make sure webfinger and other well known services aren't blocked" >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
497 
+        echo '    # by denying dot files and rewrite request to the front controller' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
498 
+        echo '    location ^~ /.well-known/ {' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
499 
+        echo '        allow all;' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
500 
+        echo '    }' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
495 
         echo '}' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
 501 
         echo '}' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
496 
         echo '' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
 502 
         echo '' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
497 
     else
 503 
     else
524 
     echo '        log_not_found off;' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
 530 
     echo '        log_not_found off;' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
525 
     echo '        access_log /dev/null;' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
 531 
     echo '        access_log /dev/null;' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
526 
     echo '    }' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
 532 
     echo '    }' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
533 
+    echo '' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
534 
+    echo "    # make sure webfinger and other well known services aren't blocked" >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
535 
+    echo '    # by denying dot files and rewrite request to the front controller' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
536 
+    echo '    location ^~ /.well-known/ {' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
537 
+    echo '        allow all;' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
538 
+    echo '    }' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
527 
     echo '}' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
 539 
     echo '}' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
528
540
529 
     function_check configure_php
 541 
     function_check configure_php

+ 2
- 0
src/freedombone-app-jitsi View File

407 
     sed -i "s|minHDHeight:.*|minHDHeight: 800,|g" /etc/jitsi/meet/${JITSI_DOMAIN_NAME}-config.js
 407 
     sed -i "s|minHDHeight:.*|minHDHeight: 800,|g" /etc/jitsi/meet/${JITSI_DOMAIN_NAME}-config.js
408 
     sed -i "s|clientNode:.*|clientNode: 'https://${JITSI_DOMAIN_NAME}',|g" /etc/jitsi/meet/${JITSI_DOMAIN_NAME}-config.js
 408 
     sed -i "s|clientNode:.*|clientNode: 'https://${JITSI_DOMAIN_NAME}',|g" /etc/jitsi/meet/${JITSI_DOMAIN_NAME}-config.js
409
409
410 
+    sed -i "s|navigator.mozGetUserMedia|navigator.mediaDevices.getUserMedia|g" /usr/share/jitsi-meet/libs/lib-jitsi-meet.min.js
411 
+
410 
     function_check nginx_ensite
 412 
     function_check nginx_ensite
411 
     nginx_ensite ${JITSI_DOMAIN_NAME}.conf
 413 
     nginx_ensite ${JITSI_DOMAIN_NAME}.conf
412
414

+ 12
- 0
src/freedombone-app-mailpile View File

323 
         echo '    proxy_set_header X-Forwarded-Server $host;' >> $mailpile_nginx_site
 323 
         echo '    proxy_set_header X-Forwarded-Server $host;' >> $mailpile_nginx_site
324 
         echo '    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;' >> $mailpile_nginx_site
 324 
         echo '    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;' >> $mailpile_nginx_site
325 
         echo '  }' >> $mailpile_nginx_site
 325 
         echo '  }' >> $mailpile_nginx_site
326 
+        echo '' >> $mailpile_nginx_site
327 
+        echo "  # make sure webfinger and other well known services aren't blocked" >> $mailpile_nginx_site
328 
+        echo '  # by denying dot files and rewrite request to the front controller' >> $mailpile_nginx_site
329 
+        echo '  location ^~ /.well-known/ {' >> $mailpile_nginx_site
330 
+        echo '      allow all;' >> $mailpile_nginx_site
331 
+        echo '  }' >> $mailpile_nginx_site
326 
         echo '}' >> $mailpile_nginx_site
 332 
         echo '}' >> $mailpile_nginx_site
327 
     else
 333 
     else
328 
         echo -n '' > $mailpile_nginx_site
 334 
         echo -n '' > $mailpile_nginx_site
349 
     echo '    proxy_set_header X-Forwarded-Server $host;' >> $mailpile_nginx_site
 355 
     echo '    proxy_set_header X-Forwarded-Server $host;' >> $mailpile_nginx_site
350 
     echo '    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;' >> $mailpile_nginx_site
 356 
     echo '    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;' >> $mailpile_nginx_site
351 
     echo '  }' >> $mailpile_nginx_site
 357 
     echo '  }' >> $mailpile_nginx_site
358 
+    echo '' >> $mailpile_nginx_site
359 
+    echo "  # make sure webfinger and other well known services aren't blocked" >> $mailpile_nginx_site
360 
+    echo '  # by denying dot files and rewrite request to the front controller' >> $mailpile_nginx_site
361 
+    echo '  location ^~ /.well-known/ {' >> $mailpile_nginx_site
362 
+    echo '      allow all;' >> $mailpile_nginx_site
363 
+    echo '  }' >> $mailpile_nginx_site
352 
     echo '}' >> $mailpile_nginx_site
 364 
     echo '}' >> $mailpile_nginx_site
353
365
354 
     function_check create_site_certificate
 366 
     function_check create_site_certificate

+ 12
- 0
src/freedombone-app-postactiv View File

450 
         echo '  location ~ /\.(ht|git) {' >> $postactiv_nginx_site
 450 
         echo '  location ~ /\.(ht|git) {' >> $postactiv_nginx_site
451 
         echo '    deny all;' >> $postactiv_nginx_site
 451 
         echo '    deny all;' >> $postactiv_nginx_site
452 
         echo '  }' >> $postactiv_nginx_site
 452 
         echo '  }' >> $postactiv_nginx_site
453 
+        echo '' >> $postactiv_nginx_site
454 
+        echo "  # make sure webfinger and other well known services aren't blocked" >> $postactiv_nginx_site
455 
+        echo '  # by denying dot files and rewrite request to the front controller' >> $postactiv_nginx_site
456 
+        echo '  location ^~ /.well-known/ {' >> $postactiv_nginx_site
457 
+        echo '      allow all;' >> $postactiv_nginx_site
458 
+        echo '  }' >> $postactiv_nginx_site
453 
         echo '}' >> $postactiv_nginx_site
 459 
         echo '}' >> $postactiv_nginx_site
454 
     else
 460 
     else
455 
         echo -n '' > $postactiv_nginx_site
 461 
         echo -n '' > $postactiv_nginx_site
493 
     echo '  location ~ /\.(ht|git) {' >> $postactiv_nginx_site
 499 
     echo '  location ~ /\.(ht|git) {' >> $postactiv_nginx_site
494 
     echo '    deny all;' >> $postactiv_nginx_site
 500 
     echo '    deny all;' >> $postactiv_nginx_site
495 
     echo '  }' >> $postactiv_nginx_site
 501 
     echo '  }' >> $postactiv_nginx_site
502 
+    echo '' >> $postactiv_nginx_site
503 
+    echo "  # make sure webfinger and other well known services aren't blocked" >> $postactiv_nginx_site
504 
+    echo '  # by denying dot files and rewrite request to the front controller' >> $postactiv_nginx_site
505 
+    echo '  location ^~ /.well-known/ {' >> $postactiv_nginx_site
506 
+    echo '      allow all;' >> $postactiv_nginx_site
507 
+    echo '  }' >> $postactiv_nginx_site
496 
     echo '}' >> $postactiv_nginx_site
 508 
     echo '}' >> $postactiv_nginx_site
497
509
498 
     function_check configure_php
 510 
     function_check configure_php