From 20bafd66c56efbc18424be139bfd39ff6d6eaa91 Mon Sep 17 00:00:00 2001
From: stuebinm <stuebinm@disroot.org>
Date: Sun, 18 Jul 2021 21:24:25 +0200
Subject: [PATCH] mattermost: add recommended proxy settings

This unbreaks the keycloak login
---
 hosts/hainich/services/mattermost.nix | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/hosts/hainich/services/mattermost.nix b/hosts/hainich/services/mattermost.nix
index 9271836..68e2c14 100644
--- a/hosts/hainich/services/mattermost.nix
+++ b/hosts/hainich/services/mattermost.nix
@@ -204,6 +204,19 @@
     locations."/" = {
       proxyPass = "http://${config.containers.mattermost.localAddress}:3000";
       proxyWebsockets = true;
+      extraConfig = ''
+        proxy_set_header        Host $host;
+        proxy_set_header        X-Real-IP $remote_addr;
+        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header        X-Forwarded-Proto $scheme;
+        proxy_set_header        X-Forwarded-Host $host;
+        proxy_set_header        X-Forwarded-Server $host;
+
+        # Mattermost CSR Patch
+        proxy_hide_header Content-Security-Policy;
+        proxy_hide_header X-Frame-Options;
+        proxy_redirect off;
+      '';
     };
     forceSSL = true;
     enableACME = true;