forked from hacc/haccfiles
mattermost: add recommended proxy settings
This unbreaks the keycloak login
This commit is contained in:
parent
32e13edee1
commit
20bafd66c5
1 changed files with 13 additions and 0 deletions
|
@ -204,6 +204,19 @@
|
||||||
locations."/" = {
|
locations."/" = {
|
||||||
proxyPass = "http://${config.containers.mattermost.localAddress}:3000";
|
proxyPass = "http://${config.containers.mattermost.localAddress}:3000";
|
||||||
proxyWebsockets = true;
|
proxyWebsockets = true;
|
||||||
|
extraConfig = ''
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
|
proxy_set_header X-Forwarded-Host $host;
|
||||||
|
proxy_set_header X-Forwarded-Server $host;
|
||||||
|
|
||||||
|
# Mattermost CSR Patch
|
||||||
|
proxy_hide_header Content-Security-Policy;
|
||||||
|
proxy_hide_header X-Frame-Options;
|
||||||
|
proxy_redirect off;
|
||||||
|
'';
|
||||||
};
|
};
|
||||||
forceSSL = true;
|
forceSSL = true;
|
||||||
enableACME = true;
|
enableACME = true;
|
||||||
|
|
Loading…
Reference in a new issue