nixos/lemmy: fix nginx backend to proxy needed headers
the nix `recommendedProxySettings` optiononly takes effect if `proxyPass` is set, but since we manually invoke `proxy_pass` inside nginx we need to also manually specify proxy settings. failing to do so leads to symptoms such as "Incoming activity has invalid signature". see: <https://github.com/LemmyNet/lemmy/issues/3273>
This commit is contained in:
parent
b00f19626a
commit
bd87a38b86
|
@ -204,7 +204,6 @@ in
|
|||
};
|
||||
"/" = {
|
||||
# mixed frontend and backend requests, based on the request headers
|
||||
recommendedProxySettings = true;
|
||||
extraConfig = ''
|
||||
set $proxpass "${ui}";
|
||||
if ($http_accept = "application/activity+json") {
|
||||
|
@ -221,6 +220,11 @@ in
|
|||
rewrite ^(.+)/+$ $1 permanent;
|
||||
|
||||
proxy_pass $proxpass;
|
||||
# Proxied `Host` header is required to validate ActivityPub HTTP signatures for incoming events.
|
||||
# The other headers are optional, for the sake of better log data.
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
|
Loading…
Reference in New Issue