mirror of
https://github.com/ChristianLight/tutor.git
synced 2024-11-18 02:55:17 +00:00
5cb51e0334
This is not a security issue because ports 8000-8001 are not open to the world; it should also drastically simplify the life of many people. See for instance issues #30 and #34. Also, we allow access to nginx on hostnames "localhost" and "studio.localhost" for lms and cms, respectively. Again, this will remove much of the confusion for many users.
88 lines
2.6 KiB
Plaintext
88 lines
2.6 KiB
Plaintext
server {
|
|
listen 80;
|
|
server_name localhost £{LMS_HOST} preview.£{LMS_HOST};
|
|
|
|
# Prevent invalid display courseware in IE 10+ with high privacy settings
|
|
add_header P3P 'CP="Open edX does not have a P3P policy."';
|
|
|
|
# Nginx does not support nested condition or or conditions so
|
|
# there is an unfortunate mix of conditonals here.
|
|
|
|
client_max_body_size 4M;
|
|
|
|
rewrite ^(.*)/favicon.ico$ /static/images/favicon.ico last;
|
|
|
|
# Disables server version feedback on pages and in headers
|
|
server_tokens off;
|
|
|
|
location @proxy_to_lms_app {
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
proxy_set_header X-Forwarded-Port $server_port;
|
|
proxy_set_header X-Forwarded-For $remote_addr;
|
|
proxy_set_header Host $http_host;
|
|
proxy_redirect off;
|
|
|
|
# Docker resolver
|
|
resolver 127.0.0.11 valid=10s;
|
|
set $upstream lms;
|
|
proxy_pass http://$upstream:8000;
|
|
}
|
|
|
|
location / {
|
|
try_files $uri @proxy_to_lms_app;
|
|
}
|
|
|
|
# /login?next=<any image> can be used by 3rd party sites in <img> tags to
|
|
# determine whether a user on their site is logged into edX.
|
|
# The most common image to use is favicon.ico.
|
|
location /login {
|
|
if ( $arg_next ~* "favicon.ico" ) {
|
|
return 403;
|
|
}
|
|
try_files $uri @proxy_to_lms_app;
|
|
}
|
|
|
|
# Need a separate location for the image uploads endpoint to limit upload sizes
|
|
location ~ ^/api/profile_images/[^/]*/[^/]*/upload$ {
|
|
try_files $uri @proxy_to_lms_app;
|
|
client_max_body_size 1049576;
|
|
}
|
|
|
|
location ~ ^/media/(?P<file>.*) {
|
|
root /openedx/data/lms/uploads;
|
|
try_files /$file =404;
|
|
expires 31536000s;
|
|
}
|
|
|
|
location ~ ^/static/(?P<file>.*) {
|
|
root /openedx/data/lms;
|
|
try_files /staticfiles/$file /course_static/$file =404;
|
|
|
|
# return a 403 for static files that shouldn't be
|
|
# in the staticfiles directory
|
|
location ~ ^/static/(?:.*)(?:\.xml|\.json|README.TXT) {
|
|
return 403;
|
|
}
|
|
|
|
# Set django-pipelined files to maximum cache time
|
|
location ~ "/static/(?P<collected>.*\.[0-9a-f]{12}\..*)" {
|
|
expires max;
|
|
# Without this try_files, files that have been run through
|
|
# django-pipeline return 404s
|
|
try_files /staticfiles/$collected /course_static/$collected =404;
|
|
}
|
|
|
|
# Set django-pipelined files for studio to maximum cache time
|
|
location ~ "/static/(?P<collected>[0-9a-f]{7}/.*)" {
|
|
expires max;
|
|
|
|
# Without this try_files, files that have been run through
|
|
# django-pipeline return 404s
|
|
try_files /staticfiles/$collected /course_static/$collected =404;
|
|
}
|
|
|
|
# Expire other static files immediately (there should be very few / none of these)
|
|
expires epoch;
|
|
}
|
|
}
|