From f647f2ae6cb187be08c6fd0f7daeb51e4093145a Mon Sep 17 00:00:00 2001
From: Dessalines <tyhou13@gmx.com>
Date: Fri, 12 Jun 2020 17:05:19 -0400
Subject: [PATCH] Blocking pict-rs import location

---
 ansible/templates/nginx.conf | 11 +++++++---
 docker/dev/nginx.conf        | 40 ------------------------------------
 2 files changed, 8 insertions(+), 43 deletions(-)
 delete mode 100644 docker/dev/nginx.conf

diff --git a/ansible/templates/nginx.conf b/ansible/templates/nginx.conf
index 68fa64fc5..6a5990a70 100644
--- a/ansible/templates/nginx.conf
+++ b/ansible/templates/nginx.conf
@@ -48,8 +48,8 @@ server {
     add_header X-Frame-Options "DENY";
     add_header X-XSS-Protection "1; mode=block";
 
-    # Upload limit for pictshare
-    client_max_body_size 50M;
+    # Upload limit for pictrs
+    client_max_body_size 20M;
 
     location / {
         proxy_pass http://0.0.0.0:8536;
@@ -70,12 +70,17 @@ server {
         proxy_cache_min_uses    5;
     }    
 
-    location /pictrs/ {
+    location /pictrs/image/ {
       proxy_pass http://0.0.0.0:8537/;
       proxy_set_header X-Real-IP $remote_addr;
       proxy_set_header Host $host;
       proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
 
+      # Block the import
+      location /pictrs/import {
+        return 403;
+      }
+
       if ($request_uri ~ \.(?:ico|gif|jpe?g|png|webp|bmp|mp4)$) {
         add_header Cache-Control "public, max-age=31536000, immutable";
       }   
diff --git a/docker/dev/nginx.conf b/docker/dev/nginx.conf
deleted file mode 100644
index 3e4ff510e..000000000
--- a/docker/dev/nginx.conf
+++ /dev/null
@@ -1,40 +0,0 @@
-events {
-    worker_connections 1024;
-}
-
-http {
-    server {
-        listen 8536;
-        server_name 127.0.0.1;
-        #access_log  off;
-
-        # Upload limit for pictshare
-        client_max_body_size 50M;
-
-        location / {
-            proxy_pass http://lemmy:8536;
-            proxy_set_header X-Real-IP $remote_addr;
-            proxy_set_header Host $host;
-            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-
-            # WebSocket support
-            proxy_http_version 1.1;
-            proxy_set_header Upgrade $http_upgrade;
-            proxy_set_header Connection "upgrade";
-        }
-
-        location /pictrs/ {
-            proxy_pass http://pictrs:8080/;
-            proxy_set_header X-Real-IP $remote_addr;
-            proxy_set_header Host $host;
-            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-        }
-
-        location /iframely/ {
-            proxy_pass http://iframely:80/;
-            proxy_set_header X-Real-IP $remote_addr;
-            proxy_set_header Host $host;
-            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-        }
-    }
-}