Update default.conf.sample to deny dotfile access#135
Update default.conf.sample to deny dotfile access#135
Conversation
Signed-off-by: Eric Nemchik <eric@nemchik.com>
|
I am a bot, here is the pushed image/manifest for this PR:
|
|
I am a bot, here is the pushed image/manifest for this PR:
|
|
I am a bot, here is the pushed image/manifest for this PR:
|
|
This pull request has been automatically marked as stale because it has not had recent activity. This might be due to missing feedback from OP. It will be closed if no further activity occurs. Thank you for your contributions. |
Signed-off-by: Eric Nemchik <eric@nemchik.com>
There was a problem hiding this comment.
Pull request overview
Updates the bundled Nginx site configuration sample to reduce accidental exposure of hidden “dotfiles” from the Mastodon public web root, and documents the change in the project changelog.
Changes:
- Add a dotfile-deny
locationblock while explicitly allowing/.well-known. - Update the server
listendirectives (IPv4/IPv6 + QUIC) in the sample config. - Add a changelog entry describing the dotfile-deny update.
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 3 comments.
| File | Description |
|---|---|
| root/defaults/nginx/site-confs/default.conf.sample | Adds /.well-known allow rule and a general dotfile deny; also changes listen directives including QUIC. |
| readme-vars.yml | Documents the change via a new changelog entry. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| listen 443 quic reuseport default_server; | ||
| listen [::]:443 quic reuseport default_server; |
| # Allow access to the ".well-known" directory | ||
| location ^~ /.well-known { | ||
| allow all; | ||
| } | ||
|
|
| "mastodon:glitch" <- Base Images | ||
| # changelog | ||
| changelogs: | ||
| - {date: "08.02.26:", desc: "Existing users should update: site-confs/default.conf - Deny access to all dotfiles."} |
No description provided.