servo: nginx: dont follow symlinks in the /share directory
This commit is contained in:
parent
747511c6a8
commit
14739af1b9
|
@ -54,6 +54,9 @@ in
|
||||||
services.nginx.recommendedOptimisation = true;
|
services.nginx.recommendedOptimisation = true;
|
||||||
|
|
||||||
# web blog/personal site
|
# web blog/personal site
|
||||||
|
# alternative way to link stuff into the share:
|
||||||
|
# sane.fs."/var/lib/uninsane/root/share/Ubunchu".mount.bind = "/var/lib/uninsane/media/Books/Visual/HiroshiSeo/Ubunchu";
|
||||||
|
# sane.fs."/var/lib/uninsane/media/Books/Visual/HiroshiSeo/Ubunchu".dir = {};
|
||||||
services.nginx.virtualHosts."uninsane.org" = publog {
|
services.nginx.virtualHosts."uninsane.org" = publog {
|
||||||
root = "${pkgs.uninsane-dot-org}/share/uninsane-dot-org";
|
root = "${pkgs.uninsane-dot-org}/share/uninsane-dot-org";
|
||||||
# a lot of places hardcode https://uninsane.org,
|
# a lot of places hardcode https://uninsane.org,
|
||||||
|
@ -72,6 +75,9 @@ in
|
||||||
extraConfig = ''
|
extraConfig = ''
|
||||||
# autoindex => render directory listings
|
# autoindex => render directory listings
|
||||||
autoindex on;
|
autoindex on;
|
||||||
|
# don't follow any symlinks when serving files
|
||||||
|
# otherwise it allows a directory escape
|
||||||
|
disable_symlinks on;
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue
Block a user