From 94743f2f12a90ed720154bc2e5d067f71de6ef07 Mon Sep 17 00:00:00 2001 From: Frederik Ring Date: Fri, 25 Oct 2019 15:48:20 +0200 Subject: [PATCH] leverage reverse proxy setting in offen server --- Dockerrun.aws.json.production | 7 +++++-- Dockerrun.aws.json.staging | 7 +++++-- build/nginx.conf | 5 ----- docker-compose.yml | 3 ++- nginx.conf | 6 ------ 5 files changed, 12 insertions(+), 16 deletions(-) diff --git a/Dockerrun.aws.json.production b/Dockerrun.aws.json.production index 656ab55..2875c05 100644 --- a/Dockerrun.aws.json.production +++ b/Dockerrun.aws.json.production @@ -30,10 +30,13 @@ }, { "name": "server", - "image": "offen/offen@sha256:fe55ba1c183eb8bb4dd19143e6fe1133d6d3b9115c94cc2150620b27adef18fc", + "image": "offen/offen@sha256:4c0d2d5db9bc749d21ad8659008658bf25318074b7c813b0a694e64816df750d", "essential": true, "memory": 256, - "command": ["serve"] + "command": ["serve"], + "environment": { + "OFFEN_SERVER_REVERSEPROXY": "1" + } }, { "name": "logspout", diff --git a/Dockerrun.aws.json.staging b/Dockerrun.aws.json.staging index eca188f..0583689 100644 --- a/Dockerrun.aws.json.staging +++ b/Dockerrun.aws.json.staging @@ -23,10 +23,13 @@ }, { "name": "server", - "image": "offen/offen@sha256:fe55ba1c183eb8bb4dd19143e6fe1133d6d3b9115c94cc2150620b27adef18fc", + "image": "offen/offen@sha256:4c0d2d5db9bc749d21ad8659008658bf25318074b7c813b0a694e64816df750d", "essential": true, "memory": 256, - "command": ["serve"] + "command": ["serve"], + "environment": { + "OFFEN_SERVER_REVERSEPROXY": "1" + } } ] } diff --git a/build/nginx.conf b/build/nginx.conf index 63cf5fb..10b7d0e 100644 --- a/build/nginx.conf +++ b/build/nginx.conf @@ -28,15 +28,10 @@ http { autoindex on; root /www/data; expires $expires; - proxy_hide_header Content-Security-Policy; add_header Content-Security-Policy $csp; - proxy_hide_header Strict-Transport-Security; add_header Strict-Transport-Security 'max-age=604800; includeSubDomains'; - proxy_hide_header Referrer-Policy; add_header Referrer-Policy 'origin-when-cross-origin'; - proxy_hide_header X-Content-Type-Options; add_header X-Content-Type-Options 'nosniff'; - proxy_hide_header X-XSS-Protection; add_header X-XSS-Protection '1; mode=block'; location /api/ { diff --git a/docker-compose.yml b/docker-compose.yml index 8939bc8..269b060 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -12,7 +12,7 @@ services: - server server: - image: offen/offen@sha256:fe55ba1c183eb8bb4dd19143e6fe1133d6d3b9115c94cc2150620b27adef18fc + image: offen/offen@sha256:4c0d2d5db9bc749d21ad8659008658bf25318074b7c813b0a694e64816df750d command: serve volumes: - ./bootstrap.yml:/bootstrap.yml @@ -23,6 +23,7 @@ services: OFFEN_APP_DISABLESECURECOOKIE: '1' OFFEN_DATABASE_CONNECTIONSTRING: /data/offen.db OFFEN_SERVER_PORT: 8080 + OFFEN_SERVER_REVERSEPROXY: '1' OFFEN_SECRETS_COOKIEEXCHANGE: 8jeKYbbnywoYIZznu4HffQ== OFFEN_SECRETS_EMAILSALT: eypctS7SVKM1Ureb61db5Q== depends_on: diff --git a/nginx.conf b/nginx.conf index 15e78b3..c8f0b3f 100644 --- a/nginx.conf +++ b/nginx.conf @@ -25,18 +25,12 @@ http { server { listen 80; expires $expires; - proxy_hide_header Content-Security-Policy; add_header Content-Security-Policy $csp; - proxy_hide_header Strict-Transport-Security; add_header Strict-Transport-Security 'max-age=604800; includeSubDomains'; - proxy_hide_header Referrer-Policy; add_header Referrer-Policy 'origin-when-cross-origin'; - proxy_hide_header X-Content-Type-Options; add_header X-Content-Type-Options 'nosniff'; - proxy_hide_header X-XSS-Protection; add_header X-XSS-Protection '1; mode=block'; - location /api/ { proxy_pass http://server; proxy_redirect off;