aheh/PrivyDrop
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(cross-origin bug): Fix the cross-origin issue bug when accessing through privydrop.app

Browse Source 
Add bare domain redirect, use sed for precise matching in nginx configuration replacement script
This commit is contained in:
david_bai
2025-07-31 22:54:16 +08:00
parent 6c91889887
commit a6d298b7a2
2 changed files with 15 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files
backend/docker/Nginx/configure.sh
+6 -15
View File
@@ -65,21 +65,12 @@ configure_nginx() {
echo "reading $NGINX_TEMPLATE ..."
TEMP_NGINX=$(mktemp)
# Read the template and replace variables
while IFS= read -r line || [ -n "$line" ]; do
# Replace server_name only if it contains YourDomain placeholder
if [[ $line =~ ^[[:space:]]*server_name[[:space:]]+.*YourDomain ]]; then
echo " server_name $NGINX_SERVER_NAME www.$NGINX_SERVER_NAME;"
# Exactly match the frontend build path setting line
elif [[ $line =~ ^[[:space:]]*set[[:space:]]+\$frontend_build_root[[:space:]]+ ]]; then
echo " set \$frontend_build_root $NGINX_FRONTEND_ROOT;"
# Simple port number replacement
elif [[ $line =~ localhost:3001 ]]; then
echo "${line/localhost:3001/localhost:$BACKEND_PORT}"
else
echo "$line"
fi
done < "$NGINX_TEMPLATE" > "$TEMP_NGINX"
# Use sed for more robust replacement
sed -e "s/www\.YourDomain/www.$NGINX_SERVER_NAME/g" \
-e "s/YourDomain/$NGINX_SERVER_NAME/g" \
-e "s|path/to/PrivyDrop/frontend|$NGINX_FRONTEND_ROOT|g" \
-e "s/localhost:3001/localhost:$BACKEND_PORT/g" \
"$NGINX_TEMPLATE" > "$TEMP_NGINX"
# Copy the configuration file to the target location
cp "$TEMP_NGINX" /etc/nginx/sites-enabled/default
backend/docker/Nginx/default
+9
View File
@@ -5,9 +5,13 @@ return 301 https://$server_name$request_uri;
}
server {
# No longer listening on public 443/TCP, change to listening on internal port
listen 127.0.0.1:4443 ssl http2; # Listen on TCP port 443, supporting HTTP/2 and SSL
# QUIC/HTTP3 continues to listen on public UDP 443
listen 443 quic reuseport; # Listen on UDP port 443 for QUIC and HTTP/3 # 'reuseport' allows multiple worker processes to share the same port, recommended for QUIC
# Ensure that the SSL protocol includes at least TLSv1.3, as HTTP/3 requires TLSv1.3
@@ -25,6 +29,11 @@ listen 443 quic reuseport; # Listen on UDP port 443 for QUIC and HTTP/3 # 'reuse
server_name YourDomain www.YourDomain;
# Redirect bare domain to www
if ($host = 'YourDomain') {
return 301 https://www.YourDomain$request_uri;
}
# SSL Configuration (using placeholder certs for Certbot)
# Certbot will find this block and replace these with the real certificates.
ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem;