Compare commits

..

1 Commits

Author SHA1 Message Date
18d28c3b7f
Address salt-lint errors/warnings
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
- remove trailing whitespaces
- format octal modes correctly

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-15 23:18:54 +01:00
2 changed files with 1 additions and 2 deletions

View File

@ -78,7 +78,6 @@ nginx:
- X-Forwarded-Proto $scheme
- proxy_ssl_trusted_certificate: /etc/pki/trust/anchors/backend-ca.crt
tls:
# yamllint disable-line rule:line-length
- ssl_ciphers: ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
{#- certificate snippets, to-do: merge snippets/tls include into crtkeypair #}

View File

@ -417,7 +417,7 @@ nginx:
{{ takahe_includes() }}
- server_name: despair.life
{{ takahe_gohome() }}
{#- if someone clicks "Log in" on despair.life, the SAML IDP (Keycloak) would redirect back to despair.life, which breaks the session cookie originating from social.liberta.casa (Django only allows a single "cookie domain" - hence we rewrite the login endpoints to handle sessions exclusively via social.liberta.casa #} # yamllint disable-line rule:line-length
{#- if someone clicks "Log in" on despair.life, the SAML IDP (Keycloak) would redirect back to despair.life, which breaks the session cookie originating from social.liberta.casa (Django only allows a single "cookie domain" - hence we rewrite the login endpoints to handle sessions exclusively via social.liberta.casa #}
{%- for talopath in ['auth', 'saml2'] %}
- location /{{ talopath }}:
- rewrite: ^/(.*) https://social.liberta.casa/$1 redirect