Update ingress.conf

This commit is contained in:
Alexandre
2022-06-30 15:32:14 +02:00
committed by GitHub
parent 251ecf4fb1
commit 624b6b3ed4

View File

@@ -1,72 +1,38 @@
server server {
{
listen %%interface%%:%%port%% default_server; listen %%interface%%:%%port%% default_server;
include /etc/nginx/includes/server_params.conf; include /etc/nginx/includes/server_params.conf;
include /etc/nginx/includes/proxy_params.conf; include /etc/nginx/includes/proxy_params.conf;
client_max_body_size 0; client_max_body_size 0;
proxy_buffering off;
location / location / {
{
# Security
######################
allow 172.30.32.2;
deny all;
# Base
######################
proxy_bind $server_addr;
proxy_pass http://127.0.0.1:8080; proxy_pass http://127.0.0.1:8080;
proxy_buffering off;
proxy_read_timeout 30;
proxy_set_header Connection "Upgrade"; proxy_set_header Connection "Upgrade";
proxy_set_header Upgrade $http_upgrade; proxy_set_header Upgrade $http_upgrade;
proxy_set_header Host $http_host; proxy_set_header Host $http_host; # try $host instead if this doesn't work
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; # http or https
# Allow subpath # Allow ingress subpath
###################### proxy_set_header X-Script-Name %%ingress_entry%%;
proxy_set_header X-Script-Name %%ingress_entry%%/; proxy_cookie_path / %%ingress_entry%%;
proxy_cookie_path / %%ingress_entry%%/;
# Allow iframe
######################
proxy_hide_header X-Frame-Options;
add_header Access-Control-Allow-Origin *;
proxy_set_header Accept-Encoding "";
# Avoid mixed contents
######################
if ($http_referer ~* "^(http[s]?)://([^:]+):(\d*)(/.*)$")
{
set $x_scheme $1;
set $x_host $2;
set $x_port ":$3";
}
if ($http_referer ~* "^(http[s]?)://([^:]+)(/.*)$")
{
set $x_scheme $1;
set $x_host $2;
set $x_port "";
}
proxy_set_header X-Scheme $x_scheme;
proxy_redirect http://$host/ $x_scheme://$x_host$x_port/;
proxy_redirect $x_scheme://$host/ $x_scheme://$x_host$x_port/;
# Rewrite url # Rewrite url
######################
sub_filter_once off; sub_filter_once off;
sub_filter_types *; sub_filter_types *;
sub_filter "%%ingress_entry%%//" "%%ingress_entry%%/";
sub_filter "/static" "%%ingress_entry%%/static"; sub_filter "/static" "%%ingress_entry%%/static";
sub_filter "/media" "%%ingress_entry%%/media"; sub_filter "/media" "%%ingress_entry%%/media";
#sub_filter "/view" "%%ingress_entry%%/view"; sub_filter "/view" "%%ingress_entry%%/view";
#sub_filter "/search" "%%ingress_entry%%/search"; sub_filter "/search" "%%ingress_entry%%/search";
#sub_filter "/edit/" "%%ingress_entry%%/edit/"; sub_filter "/edit" "%%ingress_entry%%/edit";
sub_filter "/api" "%%ingress_entry%%/api";
sub_filter "%%ingress_entry%%/api/hassio" "/api/hassio";
# Tests # Allow frames
###################### proxy_hide_header "Content-Security-Policy";
#proxy_set_header X-Real-IP $remote_addr; add_header X-Frame-Options SAMEORIGIN;
#proxy_set_header X-Forwarded-Host $server_name; add_header Access-Control-Allow-Origin *;
#proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header Accept-Encoding "";
} }
} }