From ab8e4dbdbd38f53804fea267f6877c5dec3fb1f4 Mon Sep 17 00:00:00 2001 From: Andreas Stephanides Date: Mon, 24 May 2021 14:36:29 +0000 Subject: [PATCH] clean up nginx config --- conf/default.conf | 36 ++++-------------------------------- docker-compose.yml | 9 --------- nginx.conf | 1 + snippets/default_proxy.conf | 5 +++++ snippets/proxy.conf | 16 ++++++++++++++++ 5 files changed, 26 insertions(+), 41 deletions(-) create mode 100644 snippets/default_proxy.conf create mode 100644 snippets/proxy.conf diff --git a/conf/default.conf b/conf/default.conf index 22916d9..51a443b 100644 --- a/conf/default.conf +++ b/conf/default.conf @@ -6,20 +6,11 @@ server { # Dieser Server ist der Zugang zur "Nginx config und wird im 2. Openresty Server genutzt" server { listen 8080; + + set $host theiaconf; + set $port 3000; include ldap.conf; - resolver 127.0.0.11 valid=30s; - set $theiaconf theiaconf; - location / { - proxy_set_header Host $host; - proxy_set_header Proxy ""; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "Upgrade"; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarde-Proto $scheme; - proxy_buffering off; - proxy_pass http://$theiaconf:3000; - } + include default_proxy.conf; } @@ -27,24 +18,5 @@ server { listen 443 ssl; include auto_ssl.conf; include ldap.conf; - - resolver 127.0.0.11 valid=30s; - set $theia theia; - location /dev { - rewrite_log on; - rewrite /dev/(.*) /$1 break; - rewrite ^/dev$ /dev/ permanent; - proxy_set_header Host $host; - proxy_set_header Proxy ""; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "Upgrade"; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarde-Proto $scheme; - - - proxy_buffering off; - proxy_pass http://$theia:3000; - } } \ No newline at end of file diff --git a/docker-compose.yml b/docker-compose.yml index c076920..d5d4d22 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -15,15 +15,6 @@ services: image: docker.triton2.fet.at/dev_theia volumes: - nginxconf:/home/project - devnginx: - image: docker.triton2.fet.at/dev_nginx - ports: - - "8082:80" - theia: - image: docker.triton2.fet.at/dev_theia - volumes: - - /var/run/docker.sock:/var/run/docker.sock - - data_dev:/home volumes: data_dev: diff --git a/nginx.conf b/nginx.conf index 22f5edb..a05f691 100644 --- a/nginx.conf +++ b/nginx.conf @@ -114,6 +114,7 @@ ldap_server fet { url ldap://gagarin:389/ou=user,dc=fet,dc=htu,dc=tuwien,dc=ac,dc=at?uid?sub?(objectClass=person); require valid_user; } + resolver 127.0.0.11 valid=30s; include /etc/nginx/conf.d/*.conf; # Don't reveal OpenResty version to clients. diff --git a/snippets/default_proxy.conf b/snippets/default_proxy.conf new file mode 100644 index 0000000..7112eca --- /dev/null +++ b/snippets/default_proxy.conf @@ -0,0 +1,5 @@ +location / { + include proxy.conf; + proxy_buffering off; + proxy_pass http://$host:$port; +} \ No newline at end of file diff --git a/snippets/proxy.conf b/snippets/proxy.conf new file mode 100644 index 0000000..24d0510 --- /dev/null +++ b/snippets/proxy.conf @@ -0,0 +1,16 @@ + proxy_set_header Host $host; + proxy_set_header Proxy ""; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarde-Proto $scheme; + proxy_set_header X_FORWARDED_SSL on; + proxy_set_header HTTP_X_FORWARDED_SSL on; + proxy_buffering off; + + add_header Content-Security-Policy "default-src 'self' 'unsafe-inline'"; + add_header X-Content-Type-Options nosniff; + add_header X-XSS-Protection "1; mode=block"; + add_header Referrer-Policy "strict-origin"; + add_header Strict-Transport-Security "max-age=31536000" always; \ No newline at end of file