Mirror
/
zulip
mirror of https://github.com/zulip/zulip.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

nginx: Allow HTTP access to internal endpoints from localhost.

This commit is contained in:
Alex Vandiver 2024-09-16 17:36:28 +00:00 committed by Tim Abbott
parent 9a1ad1047a
commit 02d3fb7666
1 changed files with 13 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
puppet/zulip/templates/nginx/zulip-enterprise.template.erb
View File

@ -4,6 +4,19 @@ server {
listen 80;
listen [::]:80;
location /api/internal/ {
# If coming from localhost, we do allow access to internal
# APIs over HTTP, without an HTTPS redirect. Adding TLS does
# not appreciable security to connections from localhost, and
# the certificate will never validate.
allow 127.0.0.1;
allow ::1;
deny all;
include /etc/nginx/zulip-include/api_headers;
include uwsgi_params;
}
location / {
return 301 https://$host$request_uri;
}