unboundedpress/nginx/vhost.d/unboundedpress.org

# CSP headers for Nextcloud - scoped to /cloud/ only
location ^~ /cloud {
    proxy_pass http://nextcloud:80;
    proxy_hide_header Content-Security-Policy;
    proxy_hide_header X-Content-Security-Policy;
    proxy_hide_header X-WebKit-CSP;
    add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; frame-src 'self' https://unboundedpress.org https://unboundedpress.org/collab; img-src 'self' data: blob:; font-src 'self' data:; connect-src 'self' https://unboundedpress.org wss://unboundedpress.org; form-action 'self'; object-src 'none'; base-uri 'self'" always;
}

# Collabora routing for unboundedpress.org

# Redirect /collab to Collabora
location ^~ /collab {
    proxy_pass http://collabora:9980;
    proxy_set_header Host $http_host;
}

# static files
location ^~ /browser {
  proxy_pass http://collabora:9980;
  proxy_set_header Host $http_host;
}

# WOPI discovery URL
location ^~ /hosting/discovery {
  proxy_pass http://collabora:9980;
  proxy_set_header Host $http_host;
}

# Capabilities
location ^~ /hosting/capabilities {
  proxy_pass http://collabora:9980;
  proxy_set_header Host $http_host;
}

# main websocket
location ~ ^/cool/(.*)/ws$ {
  proxy_pass http://collabora:9980;
  proxy_set_header Upgrade $http_upgrade;
  proxy_set_header Connection "Upgrade";
  proxy_set_header Host $http_host;
  proxy_read_timeout 36000s;
}

# download, presentation and image upload
location ~ ^/(c|l)ool {
  proxy_pass http://collabora:9980;
  proxy_set_header Host $http_host;
}

# Admin Console websocket
location ^~ /cool/adminws {
  proxy_pass http://collabora:9980;
  proxy_set_header Upgrade $http_upgrade;
  proxy_set_header Connection "Upgrade";
  proxy_set_header Host $http_host;
  proxy_read_timeout 36000s;
}
chore: Update Collabora config, add static IP, CSP scoped to /cloud, update remote URLs 2026-02-27 09:16:37 +01:00			`# CSP headers for Nextcloud - scoped to /cloud/ only`
			`location ^~ /cloud {`
			`proxy_pass http://nextcloud:80;`
			`proxy_hide_header Content-Security-Policy;`
			`proxy_hide_header X-Content-Security-Policy;`
			`proxy_hide_header X-WebKit-CSP;`
			`add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; frame-src 'self' https://unboundedpress.org https://unboundedpress.org/collab; img-src 'self' data: blob:; font-src 'self' data:; connect-src 'self' https://unboundedpress.org wss://unboundedpress.org; form-action 'self'; object-src 'none'; base-uri 'self'" always;`
			`}`
nginx change header for pdfs should now be working 2023-06-29 00:06:52 +02:00
chore: Update Collabora config, add static IP, CSP scoped to /cloud, update remote URLs 2026-02-27 09:16:37 +01:00			`# Collabora routing for unboundedpress.org`
nginx change header for pdfs should now be working 2023-06-29 00:06:52 +02:00
chore: Update Collabora config, add static IP, CSP scoped to /cloud, update remote URLs 2026-02-27 09:16:37 +01:00			`# Redirect /collab to Collabora`
			`location ^~ /collab {`
			`proxy_pass http://collabora:9980;`
			`proxy_set_header Host $http_host;`
			`}`
production working container of collabora 2023-06-03 16:02:54 +02:00
			`# static files`
			`location ^~ /browser {`
chore: Update Collabora config, add static IP, CSP scoped to /cloud, update remote URLs 2026-02-27 09:16:37 +01:00			`proxy_pass http://collabora:9980;`
production working container of collabora 2023-06-03 16:02:54 +02:00			`proxy_set_header Host $http_host;`
			`}`

			`# WOPI discovery URL`
			`location ^~ /hosting/discovery {`
chore: Update Collabora config, add static IP, CSP scoped to /cloud, update remote URLs 2026-02-27 09:16:37 +01:00			`proxy_pass http://collabora:9980;`
production working container of collabora 2023-06-03 16:02:54 +02:00			`proxy_set_header Host $http_host;`
			`}`

			`# Capabilities`
			`location ^~ /hosting/capabilities {`
chore: Update Collabora config, add static IP, CSP scoped to /cloud, update remote URLs 2026-02-27 09:16:37 +01:00			`proxy_pass http://collabora:9980;`
production working container of collabora 2023-06-03 16:02:54 +02:00			`proxy_set_header Host $http_host;`
			`}`

			`# main websocket`
			`location ~ ^/cool/(.*)/ws$ {`
chore: Update Collabora config, add static IP, CSP scoped to /cloud, update remote URLs 2026-02-27 09:16:37 +01:00			`proxy_pass http://collabora:9980;`
production working container of collabora 2023-06-03 16:02:54 +02:00			`proxy_set_header Upgrade $http_upgrade;`
			`proxy_set_header Connection "Upgrade";`
chore: Update Collabora config, add static IP, CSP scoped to /cloud, update remote URLs 2026-02-27 09:16:37 +01:00			`proxy_set_header Host $http_host;`
production working container of collabora 2023-06-03 16:02:54 +02:00			`proxy_read_timeout 36000s;`
			`}`

			`# download, presentation and image upload`
			`location ~ ^/(c\|l)ool {`
chore: Update Collabora config, add static IP, CSP scoped to /cloud, update remote URLs 2026-02-27 09:16:37 +01:00			`proxy_pass http://collabora:9980;`
production working container of collabora 2023-06-03 16:02:54 +02:00			`proxy_set_header Host $http_host;`
			`}`

			`# Admin Console websocket`
			`location ^~ /cool/adminws {`
chore: Update Collabora config, add static IP, CSP scoped to /cloud, update remote URLs 2026-02-27 09:16:37 +01:00			`proxy_pass http://collabora:9980;`
production working container of collabora 2023-06-03 16:02:54 +02:00			`proxy_set_header Upgrade $http_upgrade;`
			`proxy_set_header Connection "Upgrade";`
			`proxy_set_header Host $http_host;`
			`proxy_read_timeout 36000s;`
			`}`