andis/triton2_config
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

snippets added

Browse Source
This commit is contained in:
Andreas Stephanides
2021-12-04 11:05:01 +01:00
parent 811bcea64e
commit c46ca01a55
9 changed files with 56 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
Dockerfile
View File

@@ -1,3 +1,4 @@
FROM docker.triton2.fet.at/openrestyfet FROM docker.triton2.fet.at/openrestyfet
COPY ./conf.d/* /etc/nginx/conf.d/ COPY ./conf.d/* /etc/nginx/conf.d/
copy ./snippets/* /usr/local/openresty/nginx/conf/
ENV PATH "$PATH:/usr/local/openresty/bin" ENV PATH "$PATH:/usr/local/openresty/bin"

2
README.md
View File

@@ -1,5 +1,5 @@
# Anleitung für Proxy Server in der FET # Anleitung für Proxy Server in der FET
## Installation
location / { location / {
include proxy.conf; include proxy.conf;

5
snippets/auto_ssl.conf Normal file
View File

@@ -0,0 +1,5 @@
location /.well-known/acme-challenge/ {
content_by_lua_block {
auto_ssl:challenge_server()
}
}

6
snippets/default_proxy.conf Normal file
View File

@@ -0,0 +1,6 @@
location / {
include proxy.conf;
include secure.conf;
proxy_buffering off;
proxy_pass http://$proxy_host:$proxy_port;
}

6
snippets/internal_proxy.conf Normal file
View File

@@ -0,0 +1,6 @@
location / {
include proxy.conf;
include ldap.conf;
proxy_buffering off;
proxy_pass http://$proxy_host:$proxy_port;
}

9
snippets/internal_sub_proxy.conf Normal file
View File

@@ -0,0 +1,9 @@
location /$proxy_location {
include ldap.conf;
rewrite_log on;
rewrite /$proxy_location/(.*) /$1 break;
rewrite ^/$proxy_location$ /$proxy_location/ permanent;
include proxy.conf;
proxy_buffering off;
proxy_pass http://$proxy_host:$proxy_port;
}

2
snippets/ldap.conf Normal file
View File

@@ -0,0 +1,2 @@
auth_ldap "FET Login";
auth_ldap_servers fet;

10
snippets/secure.conf Normal file
View File

@@ -0,0 +1,10 @@
add_header Content-Security-Policy "default-src 'none'; img-src 'self'; \
script-src 'self'; style-src 'self' 'unsafe-inline'; \
font-src 'self'; base-uri 'self'; form-action 'self';\
connect-src 'self'; frame-ancestors 'none'";
add_header X-Content-Type-Options nosniff;
add_header X-Frame-Options DENY;
add_header X-XSS-Protection "1; mode=block" always;
add_header Referrer-Policy "strict-origin";
add_header Strict-Transport-Security "max-age=31536000" always;

16
snippets/ssl.conf Normal file
View File

@@ -0,0 +1,16 @@
ssl_certificate_by_lua_block {
auto_ssl:ssl_certificate()
}
# You must still define a static ssl_certificate file for nginx to start.
#
# You may generate a self-signed fallback with:
#
# openssl req -new -newkey rsa:2048 -days 3650 -nodes -x509 \
# -subj '/CN=sni-support-required-for-valid-ssl' \
# -keyout /etc/ssl/resty-auto-ssl-fallback.key \
# -out /etc/ssl/resty-auto-ssl-fallback.crt
ssl_certificate /etc/ssl/resty-auto-ssl-fallback.crt;
ssl_certificate_key /etc/ssl/resty-auto-ssl-fallback.key;
ssl_protocols TLSv1.2 TLSv1.3;
add_header Strict-Transport-Security "max-age=31536000" always;