kopia lustrzana https://github.com/piku/piku
Block access to .git folders (allow if NGINX_ALLOW_GIT_FOLDERS is set) (#78)
* Refactor common config out of nginx templates. * Block access to .git folders with ENV to allow. See #76pull/79/head^2
rodzic
afac14862f
commit
dca9342b2e
|
@ -36,3 +36,4 @@ You can configure deployment settings by placing special variables in an `ENV` f
|
|||
* `NGINX_CLOUDFLARE_ACL` (boolean): activate an ACL allowing access only from Cloudflare IPs
|
||||
* `NGINX_STATIC_PATHS`: set an array of `/url:path` values
|
||||
* `NGINX_HTTPS_ONLY`: tell nginx to auto-redirect non-SSL traffic to SSL site
|
||||
* `NGINX_ALLOW_GIT_FOLDERS`: (boolean) allow access to `.git` folders (default: false, blocked)
|
||||
|
|
6
piku.py
6
piku.py
|
@ -119,6 +119,8 @@ NGINX_COMMON_FRAGMENT = """
|
|||
|
||||
$INTERNAL_NGINX_STATIC_MAPPINGS
|
||||
|
||||
$NGINX_BLOCK_GIT
|
||||
|
||||
location / {
|
||||
$INTERNAL_NGINX_UWSGI_SETTINGS
|
||||
proxy_http_version 1.1;
|
||||
|
@ -506,7 +508,7 @@ def spawn_app(app, deltas={}):
|
|||
# Load environment variables shipped with repo (if any)
|
||||
if exists(env_file):
|
||||
env.update(parse_settings(env_file, env))
|
||||
|
||||
|
||||
# Override with custom settings (if any)
|
||||
if exists(settings):
|
||||
env.update(parse_settings(settings, env))
|
||||
|
@ -599,6 +601,8 @@ def spawn_app(app, deltas={}):
|
|||
echo("-----> Could not retrieve CloudFlare IP ranges: {}".format(format_exc()), fg="red")
|
||||
env['NGINX_ACL'] = " ".join(acl)
|
||||
|
||||
env['NGINX_BLOCK_GIT'] = "" if env.get('NGINX_ALLOW_GIT_FOLDERS') else "location ~ /\.git { deny all; }"
|
||||
|
||||
env['INTERNAL_NGINX_STATIC_MAPPINGS'] = ''
|
||||
|
||||
# Get a mapping of /url:path1,/url2:path2
|
||||
|
|
Ładowanie…
Reference in New Issue