Compare commits
1 Commits
c4728bc96d
...
18d28c3b7f
Author | SHA1 | Date | |
---|---|---|---|
18d28c3b7f |
@ -78,7 +78,6 @@ nginx:
|
||||
- X-Forwarded-Proto $scheme
|
||||
- proxy_ssl_trusted_certificate: /etc/pki/trust/anchors/backend-ca.crt
|
||||
tls:
|
||||
# yamllint disable-line rule:line-length
|
||||
- ssl_ciphers: ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
|
||||
|
||||
{#- certificate snippets, to-do: merge snippets/tls include into crtkeypair #}
|
||||
|
@ -417,7 +417,7 @@ nginx:
|
||||
{{ takahe_includes() }}
|
||||
- server_name: despair.life
|
||||
{{ takahe_gohome() }}
|
||||
{#- if someone clicks "Log in" on despair.life, the SAML IDP (Keycloak) would redirect back to despair.life, which breaks the session cookie originating from social.liberta.casa (Django only allows a single "cookie domain" - hence we rewrite the login endpoints to handle sessions exclusively via social.liberta.casa #} # yamllint disable-line rule:line-length
|
||||
{#- if someone clicks "Log in" on despair.life, the SAML IDP (Keycloak) would redirect back to despair.life, which breaks the session cookie originating from social.liberta.casa (Django only allows a single "cookie domain" - hence we rewrite the login endpoints to handle sessions exclusively via social.liberta.casa #}
|
||||
{%- for talopath in ['auth', 'saml2'] %}
|
||||
- location /{{ talopath }}:
|
||||
- rewrite: ^/(.*) https://social.liberta.casa/$1 redirect
|
||||
|
Loading…
x
Reference in New Issue
Block a user