rt: fix API security problem

2021-08-11 10:54:12 +08:00 · 2021-08-11 10:54:12 +08:00 · d9536ff5db
parent a385c2db4b
commit d9536ff5db
1 changed files with 14 additions and 4 deletions
--- a/nixbld-etc-nixos/configuration.nix
+++ b/nixbld-etc-nixos/configuration.nix
@ -689,10 +689,20 @@ in
      "rt.m-labs.hk" = {
        forceSSL = true;
        useACMEHost = "nixbld.m-labs.hk";
-        locations."/".proxyPass = "http://127.0.0.1:4201";
-        extraConfig = ''
-          client_max_body_size 100M;
-        '';
+        locations."/" = {
+          proxyPass = "http://127.0.0.1:4201";
+          extraConfig = ''
+            client_max_body_size 100M;
+          '';
+        };
+        locations."/REST/1.0/NoAuth" = {
+          proxyPass = "http://127.0.0.1:4201";
+          extraConfig = ''
+            client_max_body_size 100M;
+            allow 127.0.0.1;
+            deny all;
+          '';
+        };
      };
      "nmigen.org" = {
        addSSL = true;