mirror of https://github.com/zulip/zulip.git
nginx: Allow HTTP access to internal endpoints from localhost.
This commit is contained in:
parent
9a1ad1047a
commit
02d3fb7666
|
@ -4,6 +4,19 @@ server {
|
||||||
listen 80;
|
listen 80;
|
||||||
listen [::]:80;
|
listen [::]:80;
|
||||||
|
|
||||||
|
location /api/internal/ {
|
||||||
|
# If coming from localhost, we do allow access to internal
|
||||||
|
# APIs over HTTP, without an HTTPS redirect. Adding TLS does
|
||||||
|
# not appreciable security to connections from localhost, and
|
||||||
|
# the certificate will never validate.
|
||||||
|
allow 127.0.0.1;
|
||||||
|
allow ::1;
|
||||||
|
deny all;
|
||||||
|
|
||||||
|
include /etc/nginx/zulip-include/api_headers;
|
||||||
|
include uwsgi_params;
|
||||||
|
}
|
||||||
|
|
||||||
location / {
|
location / {
|
||||||
return 301 https://$host$request_uri;
|
return 301 https://$host$request_uri;
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue