offen/website
2
0
Fork 0
mirror of https://github.com/offen/website.git synced 2024-11-22 09:00:28 +01:00
Code Issues Projects Releases Wiki Activity

leverage reverse proxy setting in offen server

Browse Source
This commit is contained in:
Frederik Ring 2019-10-25 15:48:20 +02:00
parent fefd7cebc7
commit 94743f2f12
5 changed files with 12 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
Dockerrun.aws.json.production
View File

@ -30,10 +30,13 @@
}, },
{ {
"name": "server", "name": "server",
"image": "offen/offen@sha256:fe55ba1c183eb8bb4dd19143e6fe1133d6d3b9115c94cc2150620b27adef18fc", "image": "offen/offen@sha256:4c0d2d5db9bc749d21ad8659008658bf25318074b7c813b0a694e64816df750d",
"essential": true, "essential": true,
"memory": 256, "memory": 256,
"command": ["serve"] "command": ["serve"],
"environment": {
"OFFEN_SERVER_REVERSEPROXY": "1"
}
}, },
{ {
"name": "logspout", "name": "logspout",

7
Dockerrun.aws.json.staging
View File

@ -23,10 +23,13 @@
}, },
{ {
"name": "server", "name": "server",
"image": "offen/offen@sha256:fe55ba1c183eb8bb4dd19143e6fe1133d6d3b9115c94cc2150620b27adef18fc", "image": "offen/offen@sha256:4c0d2d5db9bc749d21ad8659008658bf25318074b7c813b0a694e64816df750d",
"essential": true, "essential": true,
"memory": 256, "memory": 256,
"command": ["serve"] "command": ["serve"],
"environment": {
"OFFEN_SERVER_REVERSEPROXY": "1"
}
} }
] ]
} }

5
build/nginx.conf
View File

@ -28,15 +28,10 @@ http {
autoindex on; autoindex on;
root /www/data; root /www/data;
expires $expires; expires $expires;
proxy_hide_header Content-Security-Policy;
add_header Content-Security-Policy $csp; add_header Content-Security-Policy $csp;
proxy_hide_header Strict-Transport-Security;
add_header Strict-Transport-Security 'max-age=604800; includeSubDomains'; add_header Strict-Transport-Security 'max-age=604800; includeSubDomains';
proxy_hide_header Referrer-Policy;
add_header Referrer-Policy 'origin-when-cross-origin'; add_header Referrer-Policy 'origin-when-cross-origin';
proxy_hide_header X-Content-Type-Options;
add_header X-Content-Type-Options 'nosniff'; add_header X-Content-Type-Options 'nosniff';
proxy_hide_header X-XSS-Protection;
add_header X-XSS-Protection '1; mode=block'; add_header X-XSS-Protection '1; mode=block';
location /api/ { location /api/ {

3
docker-compose.yml
View File

@ -12,7 +12,7 @@ services:
- server - server
server: server:
image: offen/offen@sha256:fe55ba1c183eb8bb4dd19143e6fe1133d6d3b9115c94cc2150620b27adef18fc image: offen/offen@sha256:4c0d2d5db9bc749d21ad8659008658bf25318074b7c813b0a694e64816df750d
command: serve command: serve
volumes: volumes:
- ./bootstrap.yml:/bootstrap.yml - ./bootstrap.yml:/bootstrap.yml
@ -23,6 +23,7 @@ services:
OFFEN_APP_DISABLESECURECOOKIE: '1' OFFEN_APP_DISABLESECURECOOKIE: '1'
OFFEN_DATABASE_CONNECTIONSTRING: /data/offen.db OFFEN_DATABASE_CONNECTIONSTRING: /data/offen.db
OFFEN_SERVER_PORT: 8080 OFFEN_SERVER_PORT: 8080
OFFEN_SERVER_REVERSEPROXY: '1'
OFFEN_SECRETS_COOKIEEXCHANGE: 8jeKYbbnywoYIZznu4HffQ== OFFEN_SECRETS_COOKIEEXCHANGE: 8jeKYbbnywoYIZznu4HffQ==
OFFEN_SECRETS_EMAILSALT: eypctS7SVKM1Ureb61db5Q== OFFEN_SECRETS_EMAILSALT: eypctS7SVKM1Ureb61db5Q==
depends_on: depends_on:

6
nginx.conf
View File

@ -25,18 +25,12 @@ http {
server { server {
listen 80; listen 80;
expires $expires; expires $expires;
proxy_hide_header Content-Security-Policy;
add_header Content-Security-Policy $csp; add_header Content-Security-Policy $csp;
proxy_hide_header Strict-Transport-Security;
add_header Strict-Transport-Security 'max-age=604800; includeSubDomains'; add_header Strict-Transport-Security 'max-age=604800; includeSubDomains';
proxy_hide_header Referrer-Policy;
add_header Referrer-Policy 'origin-when-cross-origin'; add_header Referrer-Policy 'origin-when-cross-origin';
proxy_hide_header X-Content-Type-Options;
add_header X-Content-Type-Options 'nosniff'; add_header X-Content-Type-Options 'nosniff';
proxy_hide_header X-XSS-Protection;
add_header X-XSS-Protection '1; mode=block'; add_header X-XSS-Protection '1; mode=block';
location /api/ { location /api/ {
proxy_pass http://server; proxy_pass http://server;
proxy_redirect off; proxy_redirect off;