diff options
| -rw-r--r-- | config/config.exs | 4 | ||||
| -rw-r--r-- | installation/caddyfile-pleroma.example | 38 | ||||
| -rw-r--r-- | lib/pleroma/web/twitter_api/controllers/util_controller.ex | 3 |
3 files changed, 33 insertions, 12 deletions
diff --git a/config/config.exs b/config/config.exs index 08d2381b2..6b1e31398 100644 --- a/config/config.exs +++ b/config/config.exs @@ -72,10 +72,6 @@ config :pleroma, :fe, redirect_root_no_login: "/main/all", redirect_root_login: "/main/friends", show_instance_panel: true, - show_who_to_follow_panel: false, - who_to_follow_provider: - "https://vinayaka.distsn.org/cgi-bin/vinayaka-user-match-osa-api.cgi?{{host}}+{{user}}", - who_to_follow_link: "https://vinayaka.distsn.org/?{{host}}+{{user}}", scope_options_enabled: false, collapse_message_with_subject: false diff --git a/installation/caddyfile-pleroma.example b/installation/caddyfile-pleroma.example index e0f9dc917..ed24fc16c 100644 --- a/installation/caddyfile-pleroma.example +++ b/installation/caddyfile-pleroma.example @@ -1,8 +1,32 @@ social.domain.tld { - tls user@domain.tld + log /var/log/caddy/pleroma_access.log + errors /var/log/caddy/pleroma_error.log - log /var/log/caddy/pleroma.log + gzip + proxy / localhost:4000 { + websocket + transparent + } + + tls user@domain.tld { + # Remove the rest of the lines in here, if you want to support older devices + key_type p256 + ciphers ECDHE-ECDSA-WITH-CHACHA20-POLY1305 ECDHE-RSA-WITH-CHACHA20-POLY1305 ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-GCM-SHA256 + } + + header / { + X-XSS-Protection "1; mode=block" + X-Frame-Options "DENY" + X-Content-Type-Options "nosniff" + Referrer-Policy "same-origin" + Strict-Transport-Security "max-age=31536000; includeSubDomains;" + Expect-CT "enforce, max-age=2592000" + } + + # If you do not want remote frontends to be able to access your Pleroma backend server, remove these lines. + # If you want to allow all origins access, remove the origin lines. + # To use this directive, you need the http.cors plugin for Caddy. cors / { origin https://halcyon.domain.tld origin https://pinafore.domain.tld @@ -10,9 +34,13 @@ social.domain.tld { allowed_headers Authorization,Content-Type,Idempotency-Key exposed_headers Link,X-RateLimit-Reset,X-RateLimit-Limit,X-RateLimit-Remaining,X-Request-Id } + # Stop removing lines here. - proxy / localhost:4000 { - websocket - transparent + # If you do not want to use the mediaproxy function, remove these lines. + # To use this directive, you need the http.cache plugin for Caddy. + cache { + match_path /proxy + default_max_age 720m } + # Stop removing lines here. } diff --git a/lib/pleroma/web/twitter_api/controllers/util_controller.ex b/lib/pleroma/web/twitter_api/controllers/util_controller.ex index 7dbac620e..d1ecebf61 100644 --- a/lib/pleroma/web/twitter_api/controllers/util_controller.ex +++ b/lib/pleroma/web/twitter_api/controllers/util_controller.ex @@ -172,10 +172,7 @@ defmodule Pleroma.Web.TwitterAPI.UtilController do redirectRootLogin: Keyword.get(@instance_fe, :redirect_root_login), chatDisabled: !Keyword.get(@instance_chat, :enabled), showInstanceSpecificPanel: Keyword.get(@instance_fe, :show_instance_panel), - showWhoToFollowPanel: Keyword.get(@instance_fe, :show_who_to_follow_panel), scopeOptionsEnabled: Keyword.get(@instance_fe, :scope_options_enabled), - whoToFollowProvider: Keyword.get(@instance_fe, :who_to_follow_provider), - whoToFollowLink: Keyword.get(@instance_fe, :who_to_follow_link), collapseMessageWithSubject: Keyword.get(@instance_fe, :collapse_message_with_subject) } |