clean up nginx config

conf/default.conf

@@ -6,20 +6,11 @@ server {
 # Dieser Server ist der Zugang zur "Nginx config und wird im 2. Openresty Server genutzt"
 server {
     listen 8080;
+    
+    set $host theiaconf;
+    set $port 3000;
     include ldap.conf;
-    resolver 127.0.0.11 valid=30s;    
+    include default_proxy.conf;
-    set $theiaconf theiaconf;
-        location / {
-        proxy_set_header Host $host;
-        proxy_set_header Proxy "";
-        proxy_set_header Upgrade $http_upgrade;
-        proxy_set_header Connection "Upgrade";
-        proxy_set_header X-Real-IP $remote_addr;
-        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-        proxy_set_header X-Forwarde-Proto $scheme;
-        proxy_buffering off;
-        proxy_pass http://$theiaconf:3000;
-        }
 }
 
 
@@ -27,24 +18,5 @@ server {
     listen 443 ssl;
     include auto_ssl.conf;
     include ldap.conf;
-    
-    resolver 127.0.0.11 valid=30s;    
-    set $theia theia;
-    location /dev {
-        rewrite_log on;
-        rewrite /dev/(.*) /$1 break;
-        rewrite ^/dev$ /dev/ permanent;
-        proxy_set_header Host $host;
-        proxy_set_header Proxy "";
-        proxy_set_header Upgrade $http_upgrade;
-        proxy_set_header Connection "Upgrade";
-        proxy_set_header X-Real-IP $remote_addr;
-        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-        proxy_set_header X-Forwarde-Proto $scheme;
-        
-        
-        proxy_buffering off;
-        proxy_pass http://$theia:3000;
-    }
 
 }

docker-compose.yml

@@ -15,15 +15,6 @@ services:
     image: docker.triton2.fet.at/dev_theia
     volumes:
     - nginxconf:/home/project
-  devnginx:
-    image: docker.triton2.fet.at/dev_nginx
-    ports:
-    - "8082:80"
-  theia:
-    image: docker.triton2.fet.at/dev_theia
-    volumes:
-     - /var/run/docker.sock:/var/run/docker.sock
-     - data_dev:/home
 
 volumes:
   data_dev:

nginx.conf

@@ -114,6 +114,7 @@ ldap_server fet {
     url ldap://gagarin:389/ou=user,dc=fet,dc=htu,dc=tuwien,dc=ac,dc=at?uid?sub?(objectClass=person);
     require valid_user;
 }
+    resolver 127.0.0.11 valid=30s;    
     include /etc/nginx/conf.d/*.conf;
 
     # Don't reveal OpenResty version to clients.

snippets/default_proxy.conf

@@ -0,0 +1,5 @@
+location / {
+    include proxy.conf;
+    proxy_buffering off;
+    proxy_pass http://$host:$port;
+}

snippets/proxy.conf

@@ -0,0 +1,16 @@
+        proxy_set_header Host $host;
+        proxy_set_header Proxy "";
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "Upgrade";
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarde-Proto $scheme;
+        proxy_set_header X_FORWARDED_SSL on;
+        proxy_set_header HTTP_X_FORWARDED_SSL on;
+        proxy_buffering off;
+        
+        add_header Content-Security-Policy "default-src 'self' 'unsafe-inline'";
+        add_header X-Content-Type-Options nosniff;
+        add_header X-XSS-Protection "1; mode=block";
+        add_header Referrer-Policy "strict-origin";
+        add_header Strict-Transport-Security "max-age=31536000" always;