clean up nginx config

2021-05-24 14:36:29 +00:00
parent ffd4238cc4
commit ab8e4dbdbd
5 changed files with 26 additions and 41 deletions
--- a/conf/default.conf
+++ b/conf/default.conf
@@ -6,20 +6,11 @@ server {
 # Dieser Server ist der Zugang zur "Nginx config und wird im 2. Openresty Server genutzt"
 server {
    listen 8080;
+    
+    set $host theiaconf;
+    set $port 3000;
    include ldap.conf;
-    resolver 127.0.0.11 valid=30s;    
-    set $theiaconf theiaconf;
-        location / {
-        proxy_set_header Host $host;
-        proxy_set_header Proxy "";
-        proxy_set_header Upgrade $http_upgrade;
-        proxy_set_header Connection "Upgrade";
-        proxy_set_header X-Real-IP $remote_addr;
-        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-        proxy_set_header X-Forwarde-Proto $scheme;
-        proxy_buffering off;
-        proxy_pass http://$theiaconf:3000;
-        }
+    include default_proxy.conf;
 }


@@ -27,24 +18,5 @@ server {
    listen 443 ssl;
    include auto_ssl.conf;
    include ldap.conf;
-    
-    resolver 127.0.0.11 valid=30s;    
-    set $theia theia;
-    location /dev {
-        rewrite_log on;
-        rewrite /dev/(.*) /$1 break;
-        rewrite ^/dev$ /dev/ permanent;
-        proxy_set_header Host $host;
-        proxy_set_header Proxy "";
-        proxy_set_header Upgrade $http_upgrade;
-        proxy_set_header Connection "Upgrade";
-        proxy_set_header X-Real-IP $remote_addr;
-        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-        proxy_set_header X-Forwarde-Proto $scheme;
-        
-        
-        proxy_buffering off;
-        proxy_pass http://$theia:3000;
-    }

 }
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -15,15 +15,6 @@ services:
    image: docker.triton2.fet.at/dev_theia
    volumes:
    - nginxconf:/home/project
-  devnginx:
-    image: docker.triton2.fet.at/dev_nginx
-    ports:
-    - "8082:80"
-  theia:
-    image: docker.triton2.fet.at/dev_theia
-    volumes:
-     - /var/run/docker.sock:/var/run/docker.sock
-     - data_dev:/home

 volumes:
  data_dev:
--- a/nginx.conf
+++ b/nginx.conf
@@ -114,6 +114,7 @@ ldap_server fet {
    url ldap://gagarin:389/ou=user,dc=fet,dc=htu,dc=tuwien,dc=ac,dc=at?uid?sub?(objectClass=person);
    require valid_user;
 }
+    resolver 127.0.0.11 valid=30s;    
    include /etc/nginx/conf.d/*.conf;

    # Don't reveal OpenResty version to clients.
--- a/snippets/default_proxy.conf
+++ b/snippets/default_proxy.conf
@@ -0,0 +1,5 @@
+location / {
+    include proxy.conf;
+    proxy_buffering off;
+    proxy_pass http://$host:$port;
+}
--- a/snippets/proxy.conf
+++ b/snippets/proxy.conf
@@ -0,0 +1,16 @@
+        proxy_set_header Host $host;
+        proxy_set_header Proxy "";
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "Upgrade";
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarde-Proto $scheme;
+        proxy_set_header X_FORWARDED_SSL on;
+        proxy_set_header HTTP_X_FORWARDED_SSL on;
+        proxy_buffering off;
+        
+        add_header Content-Security-Policy "default-src 'self' 'unsafe-inline'";
+        add_header X-Content-Type-Options nosniff;
+        add_header X-XSS-Protection "1; mode=block";
+        add_header Referrer-Policy "strict-origin";
+        add_header Strict-Transport-Security "max-age=31536000" always;