i'm a bit unsure how to approach this one..

I have a site hosted on BOA with some embedded webfonts that work fine on that domain, there's a central "webfont.css" file that has @font-face rules referencing other fonts on the same domain.

When I try to reference the same files from a different server (Amazon Cloud), with a different subdomain but on the same domain, Firebug reports "200 OK" responses from the site hosted by BOA but the file sent is empty.

everything is using https, with a valid wildcard certificate installed on both servers.

I assume that this is some security configuration set by BOA in nginx that I'm unaware of, which is why i'm posting here first.

Comments

thedavidmeister’s picture

thedavidmeister CreditAttribution: thedavidmeister commented

I managed to work around this by dropping the fonts on an Apache server with a valid SSL cert and drop the following into a .htaccess file:

<FilesMatch "\.(ttf|otf|eot)$">
<IfModule mod_headers.c>
Header set Access-Control-Allow-Origin "*"
</IfModule>
</FilesMatch>

how would i set up the equivalent in nginx so that site managed with Aegir will happily send out webfont files?

omega8cc’s picture

omega8cc CreditAttribution: omega8cc commented
Project: Barracuda » Octopus

This is because we use $host in the rewrite to protect files from being requested from other (sub)domains, not defined as aliases.

See the line http://drupalcode.org/project/barracuda.git/blob/HEAD:/aegir/conf/nginx_...

To override this, you need to use the extra config:

###
### Serve & no-log static files & images directly,
### without all standard drupal rewrites, php-fpm etc.
###
location ~* ^.+\.(?:jpe?g|gif|png|ico|bmp|svg|swf|pdf|docx?|xlsx?|pptx?|tiff?|txt|rtf|cgi|bat|pl|dll|aspx?|exe|class|otf|ttf|woff)$ {
  access_log  off;
  tcp_nodelay off;
  expires     30d;
  rewrite     ^/.+/sites/(.+)/files/(.*)$  /sites/$1/files/$2 last;
  try_files   $uri =404;
}

In the included config file, as explained in the how-to: http://drupalcode.org/project/barracuda.git/blob/HEAD:/docs/HINTS.txt#l16

Note: it will work only in Octopus instance. If you are using Barracuda instance, you need to figure out how to add this.

thedavidmeister’s picture

thedavidmeister CreditAttribution: thedavidmeister commented

will running the octopus automated update script kill this if i overwrite it?

omega8cc’s picture

omega8cc CreditAttribution: omega8cc commented

No, Octopus will not touch this extra config file, it will just include it as-is.

Upgrade overwrites only standard config files, by default installed and included in every vhost.

thedavidmeister’s picture

thedavidmeister CreditAttribution: thedavidmeister commented

awesome! thanks for that :) i'll try it out next week.

omega8cc’s picture

omega8cc CreditAttribution: omega8cc commented
Component: Miscellaneous » Documentation
Status: Active » Fixed

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.