simplify conf add ssl hook server

2021-05-24 15:53:49 +00:00
parent 04211ed730
commit e9ce546b85
4 changed files with 18 additions and 9 deletions
--- a/conf/default.conf
+++ b/conf/default.conf
@@ -10,7 +10,7 @@ server {
    set $proxy_host theiaconf;
    set $proxy_port 3000;
    include ldap.conf;
-    #include secure.conf;
+    include secure.conf;
    include default_proxy.conf;
 }

@@ -18,6 +18,7 @@ server {
 server {
    listen 443 ssl;
    include ssl.conf;
+    include secure.conf;
    include ldap.conf;

 }
--- a/nginx.conf
+++ b/nginx.conf
@@ -115,6 +115,21 @@ ldap_server fet {
    require valid_user;
 }
    resolver 127.0.0.11 valid=30s;   # use the docker resolver as a default
+
+    server {
+    listen 127.0.0.1:8999;
+
+    # Increase the body buffer size, to ensure the internal POSTs can always
+    # parse the full POST contents into memory.
+    client_body_buffer_size 128k;
+    client_max_body_size 128k;
+
+    location / {
+      content_by_lua_block {
+        auto_ssl:hook_server()
+      }
+    }
+  }
    include /etc/nginx/conf.d/*.conf;

    # Don't reveal OpenResty version to clients.
--- a/snippets/proxy.conf
+++ b/snippets/proxy.conf
@@ -7,10 +7,3 @@
        proxy_set_header X-Forwarde-Proto $scheme;
        proxy_set_header X_FORWARDED_SSL on;
        proxy_set_header HTTP_X_FORWARDED_SSL on;
-        
-        
-        add_header Content-Security-Policy "default-src 'self' 'unsafe-inline'";
-        add_header X-Content-Type-Options nosniff;
-        add_header X-XSS-Protection "1; mode=block";
-        add_header Referrer-Policy "strict-origin";
-        add_header Strict-Transport-Security "max-age=31536000" always;
--- a/snippets/secure.conf
+++ b/snippets/secure.conf
@@ -1,4 +1,4 @@
-include ssl.conf;
+
        add_header Content-Security-Policy "default-src 'self' 'unsafe-inline'";
        add_header X-Content-Type-Options nosniff;
        add_header X-XSS-Protection "1; mode=block";