Allow other public endpoints for /share

2024-01-19 16:09:45 +01:00 · 2024-01-19 16:09:45 +01:00 · a32d06cd4f
parent 9f08c15979
commit a32d06cd4f
3 changed files with 3 additions and 3 deletions
--- a/example/immich.nomad.hcl
+++ b/example/immich.nomad.hcl
@ -67,7 +67,7 @@ job "immich" {
        "traefik.http.middlewares.immich-headers.headers.contentsecuritypolicy=connect-src 'self' https://maputnik.github.io https://*.cofractal.com https://fonts.openmaptiles.org;default-src 'self';font-src 'self' data:;img-src 'self' data: blob:;script-src 'self' 'unsafe-inline' 'unsafe-eval';style-src 'self' 'unsafe-inline';worker-src 'self' blob:;",
        "traefik.http.middlewares.immich-headers.headers.customrequestheaders.X-Forwarded-Proto=https",
        # We use a distinct routers for /share so we can apply different middlewares (eg, /share is public while everything else is private)
-        "traefik.http.routers.immich-share.rule=Host(`immich.example.org`) && PathPrefix(`/share/`)",
+        "traefik.http.routers.immich-share.rule=Host(`immich.example.org`) && PathRegexp(`^/(share/|_app/immutable/|custom\\.css|api/(asset|server-info)/)`)",
        "traefik.http.routers.immich-share.entrypoints=https",
        "traefik.http.routers.immich-share.middlewares=immich-headers,security-headers@file,hsts@file,compression@file",

--- a/immich.nomad.hcl
+++ b/immich.nomad.hcl
@ -46,7 +46,7 @@ job "[[ .instance ]]" {

 [[- $s := merge .immich.server.share .immich.server .immich . ]]
        # We use a distinct routers for /share so we can apply different middlewares (eg, /share is public while everything else is private)
-        "[[ $s.traefik.instance ]].http.routers.[[ .instance ]]-share[[ .consul.suffix ]].rule=Host(`[[ (urlParse $c.public_url).Hostname ]]`) && PathPrefix(`[[ (urlParse $c.public_url).Path ]]/share/`)",
+        "[[ $s.traefik.instance ]].http.routers.[[ .instance ]]-share[[ .consul.suffix ]].rule=Host(`[[ (urlParse $c.public_url).Hostname ]]`) && PathRegexp(`^[[ (urlParse $c.public_url).Path ]]/(share/|_app/immutable/|custom\\.css|api/(asset|server-info)/)`)",
        "[[ $c.traefik.instance ]].http.routers.[[ .instance ]]-share[[ .consul.suffix ]].entrypoints=[[ join $c.traefik.entrypoints "," ]]",
 [[- if not (regexp.Match "^/?$" (urlParse $c.public_url).Path) ]]
        "[[ $s.traefik.instance ]].http.routers.[[ .instance ]]-share[[ .consul.suffix ]].middlewares=[[ .instance ]]-headers[[ .consul.suffix ]],[[ .instance ]]-prefix[[ $c.consul.suffix ]],[[ template "common/traefik_middlewares" $s ]]",
--- a/variables.yml
+++ b/variables.yml
@ -64,7 +64,7 @@ immich:
        worker-src: "'self' blob:"
        connect-src: "'self' https://maputnik.github.io https://*.cofractal.com https://fonts.openmaptiles.org"

-      # Override the list of base middlewares as we need to remove csp-relaxed and rate-limits
+      # Override the list of base middlewares as we need to remove rate-limits
      base_middlewares:
        - security-headers@file
        - hsts@file