From fc59c642733b899340f0a492cb7fbde281c3e55b Mon Sep 17 00:00:00 2001 From: Kevin Veen-Birkenbach Date: Sat, 27 Sep 2025 14:49:42 +0200 Subject: [PATCH] Nextcloud Talk: fix virtual-background web check by - adding explicit MIME types for .wasm and .tflite in internal Nginx - relaxing CSP (script-src: allow 'unsafe-eval') for WebAssembly - removing obsolete turnserver draft. Details: https://chatgpt.com/share/68d7dd39-50b8-800f-ab59-cfb1d3cf07cb --- roles/web-app-nextcloud/config/main.yml | 52 ++++++++++--------- .../config/turnserver.config.php.j2.draft | 14 ----- .../templates/nginx/docker.conf.j2 | 4 +- 3 files changed, 30 insertions(+), 40 deletions(-) delete mode 100644 roles/web-app-nextcloud/templates/config/turnserver.config.php.j2.draft diff --git a/roles/web-app-nextcloud/config/main.yml b/roles/web-app-nextcloud/config/main.yml index c429db80..0a27cdb9 100644 --- a/roles/web-app-nextcloud/config/main.yml +++ b/roles/web-app-nextcloud/config/main.yml @@ -3,9 +3,11 @@ server: csp: flags: style-src: - unsafe-inline: true + unsafe-inline: true script-src-elem: - unsafe-inline: true + unsafe-inline: true + script-src: + unsafe-eval: true whitelist: font-src: - "data:" @@ -21,44 +23,44 @@ server: aliases: [] docker: volumes: - data: nextcloud_data + data: nextcloud_data services: redis: - enabled: true + enabled: true database: - enabled: true + enabled: true nextcloud: - name: "nextcloud" - image: "nextcloud" - version: "production-fpm-alpine" + name: "nextcloud" + image: "nextcloud" + version: "production-fpm-alpine" backup: - no_stop_required: true - cpus: "2.0" - mem_reservation: "2g" - mem_limit: "3g" - pids_limit: 512 + no_stop_required: true + cpus: "2.0" + mem_reservation: "2g" + mem_limit: "3g" + pids_limit: 512 proxy: - name: "nextcloud-proxy" - image: "nginx" - version: "alpine" + name: "nextcloud-proxy" + image: "nginx" + version: "alpine" backup: - no_stop_required: true + no_stop_required: true cron: - name: "nextcloud-cron" + name: "nextcloud-cron" talk: - name: "nextcloud-talk" - image: "nextcloud/aio-talk" - version: "latest" + name: "nextcloud-talk" + image: "nextcloud/aio-talk" + version: "latest" backup: - no_stop_required: false + no_stop_required: false turn_server: onboard_enabled: true standalone_enabled: true network_mode: host whiteboard: - name: "nextcloud-whiteboard" - image: "ghcr.io/nextcloud-releases/whiteboard" - version: "latest" + name: "nextcloud-whiteboard" + image: "ghcr.io/nextcloud-releases/whiteboard" + version: "latest" backup: no_stop_required: true enabled: "{{ applications | get_app_conf('web-app-nextcloud', 'features.oidc', False) }}" # Activate OIDC for Nextcloud diff --git a/roles/web-app-nextcloud/templates/config/turnserver.config.php.j2.draft b/roles/web-app-nextcloud/templates/config/turnserver.config.php.j2.draft deleted file mode 100644 index 4b555db2..00000000 --- a/roles/web-app-nextcloud/templates/config/turnserver.config.php.j2.draft +++ /dev/null @@ -1,14 +0,0 @@ - [ - [ - 'host' => 'coturn', - 'port' => {{ NEXTCLOUD_TALK_TURN_ONBOARD_PORT }}, - 'secret' => 'my-secret-key', - 'protocols' => 'udp,tcp' - ], - ], -]; \ No newline at end of file diff --git a/roles/web-app-nextcloud/templates/nginx/docker.conf.j2 b/roles/web-app-nextcloud/templates/nginx/docker.conf.j2 index 4bd10531..2241fbfa 100644 --- a/roles/web-app-nextcloud/templates/nginx/docker.conf.j2 +++ b/roles/web-app-nextcloud/templates/nginx/docker.conf.j2 @@ -18,7 +18,9 @@ http { include /etc/nginx/mime.types; default_type application/octet-stream; types { - application/javascript mjs; + application/javascript mjs; + application/wasm wasm; + application/octet-stream tflite; } log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" '