nomad
/
onlyoffice-docserver
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Adapt to new middleware model

This commit is contained in:
Daniel Berteaud 2024-01-29 00:17:03 +01:00
parent 20b6495c8b
commit 87d9fff606
3 changed files with 1 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
example/onlyoffice-docserver.nomad.hcl
View File

@ -83,9 +83,8 @@ job "onlyoffice" {
"traefik.http.routers.onlyoffice.rule=Host(`oods.example.org`)",
"traefik.http.routers.onlyoffice.entrypoints=https",
"traefik.http.middlewares.onlyoffice-csp.headers.contentsecuritypolicy=connect-src 'self' https://www.zotero.org https://cdn.jsdelivr.net https://cdn.rawgit.com https://translate.googleapis.com https://code.responsivevoice.org https://onlyoffice.github.io;default-src 'self';font-src 'self' data: https://fonts.googleapis.com https://fonts.gstatic.com;frame-src 'self' https://www.youtube.com https://onlyoffice.github.io;img-src 'self' data: https://*;media-src 'self' https://code.responsivevoice.org;script-src 'self' 'wasm-unsafe-eval' 'unsafe-inline' 'unsafe-eval' blob: https://ajax.googleapis.com https://www.youtube.com/ https://*.cloudfront.net https://cdn.rawgit.com https://code.jquery.com https://translate.googleapis.com https://code.responsivevoice.org https://cdn.jsdelivr.net https://onlyoffice.github.io;style-src 'self' 'unsafe-inline' data: https://fonts.googleapis.com https://translate.googleapis.com https://onlyoffice.github.io;",
"traefik.http.routers.onlyoffice.middlewares=onlyoffice-csp,onlyoffice-headers,rate-limit-std@file,inflight-std@file,security-headers@file,hsts@file,compression@file",
"traefik.http.routers.onlyoffice.middlewares=security-headers@file,rate-limit-std@file,forward-proto@file,inflight-std@file,hsts@file,compression@file,onlyoffice-csp",
"traefik.http.middlewares.onlyoffice-headers.headers.customrequestheaders.X-Forwarded-Proto=https",
]
}

1
onlyoffice-docserver.nomad.hcl
View File

@ -39,7 +39,6 @@ job "[[ .instance ]]" {
tags = [
[[ template "common/traefik_tags" $c ]]
"[[ $c.traefik.instance ]].http.middlewares.[[ .instance ]]-headers[[ $c.consul.suffix ]].headers.customrequestheaders.X-Forwarded-Proto=https",
]
}

6
variables.yml
View File

@ -36,12 +36,9 @@ oo:
# Controls how the service will be exposed with Traefik
traefik:
enabled: true
specific_middlewares:
- '[[ .instance ]]-headers[[ .consul.suffix ]]'
# OnlyOffice needs some specific CSP rules
csp:
default-src: "'self'"
img-src: "'self' data: https://*"
script-src: "'self' 'wasm-unsafe-eval' 'unsafe-inline' 'unsafe-eval' blob: https://ajax.googleapis.com https://www.youtube.com/ https://*.cloudfront.net https://cdn.rawgit.com https://code.jquery.com https://translate.googleapis.com https://code.responsivevoice.org https://cdn.jsdelivr.net https://onlyoffice.github.io"
style-src: "'self' 'unsafe-inline' data: https://fonts.googleapis.com https://translate.googleapis.com https://onlyoffice.github.io"
@ -50,9 +47,6 @@ oo:
media-src: "'self' https://code.responsivevoice.org"
frame-src: "'self' https://www.youtube.com https://onlyoffice.github.io"
middlewares:
- compression@file
# Wait for the database server to be ready before starting
wait_for:
- service: 'master.postgres[[ .consul.suffix ]]'