Allow other public endpoints for /share
This commit is contained in:
parent
9f08c15979
commit
a32d06cd4f
|
@ -67,7 +67,7 @@ job "immich" {
|
|||
"traefik.http.middlewares.immich-headers.headers.contentsecuritypolicy=connect-src 'self' https://maputnik.github.io https://*.cofractal.com https://fonts.openmaptiles.org;default-src 'self';font-src 'self' data:;img-src 'self' data: blob:;script-src 'self' 'unsafe-inline' 'unsafe-eval';style-src 'self' 'unsafe-inline';worker-src 'self' blob:;",
|
||||
"traefik.http.middlewares.immich-headers.headers.customrequestheaders.X-Forwarded-Proto=https",
|
||||
# We use a distinct routers for /share so we can apply different middlewares (eg, /share is public while everything else is private)
|
||||
"traefik.http.routers.immich-share.rule=Host(`immich.example.org`) && PathPrefix(`/share/`)",
|
||||
"traefik.http.routers.immich-share.rule=Host(`immich.example.org`) && PathRegexp(`^/(share/|_app/immutable/|custom\\.css|api/(asset|server-info)/)`)",
|
||||
"traefik.http.routers.immich-share.entrypoints=https",
|
||||
"traefik.http.routers.immich-share.middlewares=immich-headers,security-headers@file,hsts@file,compression@file",
|
||||
|
||||
|
|
|
@ -46,7 +46,7 @@ job "[[ .instance ]]" {
|
|||
|
||||
[[- $s := merge .immich.server.share .immich.server .immich . ]]
|
||||
# We use a distinct routers for /share so we can apply different middlewares (eg, /share is public while everything else is private)
|
||||
"[[ $s.traefik.instance ]].http.routers.[[ .instance ]]-share[[ .consul.suffix ]].rule=Host(`[[ (urlParse $c.public_url).Hostname ]]`) && PathPrefix(`[[ (urlParse $c.public_url).Path ]]/share/`)",
|
||||
"[[ $s.traefik.instance ]].http.routers.[[ .instance ]]-share[[ .consul.suffix ]].rule=Host(`[[ (urlParse $c.public_url).Hostname ]]`) && PathRegexp(`^[[ (urlParse $c.public_url).Path ]]/(share/|_app/immutable/|custom\\.css|api/(asset|server-info)/)`)",
|
||||
"[[ $c.traefik.instance ]].http.routers.[[ .instance ]]-share[[ .consul.suffix ]].entrypoints=[[ join $c.traefik.entrypoints "," ]]",
|
||||
[[- if not (regexp.Match "^/?$" (urlParse $c.public_url).Path) ]]
|
||||
"[[ $s.traefik.instance ]].http.routers.[[ .instance ]]-share[[ .consul.suffix ]].middlewares=[[ .instance ]]-headers[[ .consul.suffix ]],[[ .instance ]]-prefix[[ $c.consul.suffix ]],[[ template "common/traefik_middlewares" $s ]]",
|
||||
|
|
|
@ -64,7 +64,7 @@ immich:
|
|||
worker-src: "'self' blob:"
|
||||
connect-src: "'self' https://maputnik.github.io https://*.cofractal.com https://fonts.openmaptiles.org"
|
||||
|
||||
# Override the list of base middlewares as we need to remove csp-relaxed and rate-limits
|
||||
# Override the list of base middlewares as we need to remove rate-limits
|
||||
base_middlewares:
|
||||
- security-headers@file
|
||||
- hsts@file
|
||||
|
|
Loading…
Reference in New Issue