simplify conf add ssl hook server

2021-05-24 15:53:49 +00:00
parent 04211ed730
commit e9ce546b85
4 changed files with 18 additions and 9 deletions
--- a/conf/default.conf
+++ b/conf/default.conf
@@ -10,7 +10,7 @@ server {
    set $proxy_host theiaconf;
    set $proxy_port 3000;
    include ldap.conf;
-    #include secure.conf;
+    include secure.conf;
    include default_proxy.conf;
 }
@@ -18,6 +18,7 @@ server {
 server {
    listen 443 ssl;
    include ssl.conf;
    include secure.conf;
    include ldap.conf;
 }
--- a/nginx.conf
+++ b/nginx.conf
@@ -115,6 +115,21 @@ ldap_server fet {
    require valid_user;
 }
    resolver 127.0.0.11 valid=30s;   # use the docker resolver as a default
    server {
    listen 127.0.0.1:8999;
    # Increase the body buffer size, to ensure the internal POSTs can always
    # parse the full POST contents into memory.
    client_body_buffer_size 128k;
    client_max_body_size 128k;
    location / {
      content_by_lua_block {
        auto_ssl:hook_server()
      }
    }
  }
    include /etc/nginx/conf.d/*.conf;
    # Don't reveal OpenResty version to clients.
--- a/snippets/proxy.conf
+++ b/snippets/proxy.conf
@@ -7,10 +7,3 @@
        proxy_set_header X-Forwarde-Proto $scheme;
        proxy_set_header X_FORWARDED_SSL on;
        proxy_set_header HTTP_X_FORWARDED_SSL on;
        add_header Content-Security-Policy "default-src 'self' 'unsafe-inline'";
        add_header X-Content-Type-Options nosniff;
        add_header X-XSS-Protection "1; mode=block";
        add_header Referrer-Policy "strict-origin";
        add_header Strict-Transport-Security "max-age=31536000" always;
--- a/snippets/secure.conf
+++ b/snippets/secure.conf
@@ -1,4 +1,4 @@
-include ssl.conf;
+
        add_header Content-Security-Policy "default-src 'self' 'unsafe-inline'";
        add_header X-Content-Type-Options nosniff;
        add_header X-XSS-Protection "1; mode=block";