reorganize ssl config ; default proxy config
This commit is contained in:
@@ -1,22 +1,23 @@
|
|||||||
server {
|
server {
|
||||||
listen 80;
|
listen 80;
|
||||||
include get_auto_ssl.conf;
|
include auto_ssl.conf;
|
||||||
}
|
}
|
||||||
|
|
||||||
# Dieser Server ist der Zugang zur "Nginx config und wird im 2. Openresty Server genutzt"
|
# Dieser Server ist der Zugang zur "Nginx config und wird im 2. Openresty Server genutzt"
|
||||||
server {
|
server {
|
||||||
listen 8080;
|
listen 8080;
|
||||||
|
|
||||||
set $host theiaconf;
|
set $proxy_host theiaconf;
|
||||||
set $port 3000;
|
set $proxy_port 3000;
|
||||||
include ldap.conf;
|
include ldap.conf;
|
||||||
|
#include secure.conf;
|
||||||
include default_proxy.conf;
|
include default_proxy.conf;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
server {
|
server {
|
||||||
listen 443 ssl;
|
listen 443 ssl;
|
||||||
include auto_ssl.conf;
|
include ssl.conf;
|
||||||
include ldap.conf;
|
include ldap.conf;
|
||||||
|
|
||||||
}
|
}
|
||||||
@@ -114,7 +114,7 @@ ldap_server fet {
|
|||||||
url ldap://gagarin:389/ou=user,dc=fet,dc=htu,dc=tuwien,dc=ac,dc=at?uid?sub?(objectClass=person);
|
url ldap://gagarin:389/ou=user,dc=fet,dc=htu,dc=tuwien,dc=ac,dc=at?uid?sub?(objectClass=person);
|
||||||
require valid_user;
|
require valid_user;
|
||||||
}
|
}
|
||||||
resolver 127.0.0.11 valid=30s;
|
resolver 127.0.0.11 valid=30s; # use the docker resolver as a default
|
||||||
include /etc/nginx/conf.d/*.conf;
|
include /etc/nginx/conf.d/*.conf;
|
||||||
|
|
||||||
# Don't reveal OpenResty version to clients.
|
# Don't reveal OpenResty version to clients.
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
location / {
|
location / {
|
||||||
include proxy.conf;
|
include proxy.conf;
|
||||||
proxy_buffering off;
|
proxy_buffering off;
|
||||||
proxy_pass http://$host:$port;
|
proxy_pass http://$proxy_host:$proxy_port;
|
||||||
}
|
}
|
||||||
@@ -1 +0,0 @@
|
|||||||
include ldap.conf;
|
|
||||||
@@ -7,7 +7,7 @@
|
|||||||
proxy_set_header X-Forwarde-Proto $scheme;
|
proxy_set_header X-Forwarde-Proto $scheme;
|
||||||
proxy_set_header X_FORWARDED_SSL on;
|
proxy_set_header X_FORWARDED_SSL on;
|
||||||
proxy_set_header HTTP_X_FORWARDED_SSL on;
|
proxy_set_header HTTP_X_FORWARDED_SSL on;
|
||||||
proxy_buffering off;
|
|
||||||
|
|
||||||
add_header Content-Security-Policy "default-src 'self' 'unsafe-inline'";
|
add_header Content-Security-Policy "default-src 'self' 'unsafe-inline'";
|
||||||
add_header X-Content-Type-Options nosniff;
|
add_header X-Content-Type-Options nosniff;
|
||||||
|
|||||||
@@ -1 +1,6 @@
|
|||||||
include add_auto_ssl.conf;
|
include ssl.conf;
|
||||||
|
add_header Content-Security-Policy "default-src 'self' 'unsafe-inline'";
|
||||||
|
add_header X-Content-Type-Options nosniff;
|
||||||
|
add_header X-XSS-Protection "1; mode=block";
|
||||||
|
add_header Referrer-Policy "strict-origin";
|
||||||
|
add_header Strict-Transport-Security "max-age=31536000" always;
|
||||||
Reference in New Issue
Block a user