olek/AI_template
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: nginx headers at server block level; add Webuzo detection to deploy

Browse Source 
deploy.sh:
- add step 3: nginx config apply with Webuzo/standard detection
- configurable via NGINX_CONF_SRC and NGINX_DOMAIN variables

setup-project.sh:
- move add_header to server block level (inside location / they are
  overridden by Webuzo's regex location and never sent)
- detect Webuzo nginx binary (/usr/local/apps/nginx/sbin/nginx)
  instead of hardcoded systemctl reload nginx

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
olekhondera
2026-02-21 01:21:39 +02:00
parent 425227c6b8
commit 99773cdbda
2 changed files with 37 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
scripts/setup-project.sh
View File

@@ -198,16 +198,21 @@ else
fi
cat > "${NGINX_CONF}" << 'NGINX'
# Security headers — at server block level so they are inherited by all
# location blocks (including Webuzo's own regex location).
# Do NOT move into location blocks: on Webuzo the regex location
# location ~ (\.php|shtml|/)$ takes priority and blocks inheritance.
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-Frame-Options "DENY" always;
add_header Referrer-Policy "no-referrer" always;
add_header Permissions-Policy "camera=(), microphone=(), geolocation=()" always;
# Static files
location / {
root __INSTALL_DIR__/public;
index index.html;
try_files $uri $uri/ /index.html;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-Frame-Options "DENY" always;
add_header Referrer-Policy "no-referrer" always;
}
# API proxy
@@ -243,8 +248,12 @@ NGINX
sed -i "s|__INSTALL_DIR__|${INSTALL_DIR}|g" "${NGINX_CONF}"
sed -i "s|__PORT__|${PORT}|g" "${NGINX_CONF}"
if nginx -t 2>/dev/null; then
systemctl reload nginx
NGINX_BIN="/usr/local/apps/nginx/sbin/nginx"
if [[ ! -x "${NGINX_BIN}" ]]; then
NGINX_BIN="nginx"
fi
if "${NGINX_BIN}" -t 2>/dev/null; then
"${NGINX_BIN}" -s reload
echo " ${NGINX_CONF} — nginx reloaded"
else
echo " Warning: nginx config test failed. Check ${NGINX_CONF} manually."