From b54cb201b4bb29deaa0797fc0a830a99edc2fd14 Mon Sep 17 00:00:00 2001 From: Alexandre <44178713+alexbelgium@users.noreply.github.com> Date: Thu, 30 Jun 2022 12:11:22 +0200 Subject: [PATCH] Update ingress.conf --- .../rootfs/etc/nginx/servers/ingress.conf | 86 ++++++++++--------- 1 file changed, 46 insertions(+), 40 deletions(-) diff --git a/tandoor_recipes/rootfs/etc/nginx/servers/ingress.conf b/tandoor_recipes/rootfs/etc/nginx/servers/ingress.conf index 32dc1d26b..11ae2dbe7 100644 --- a/tandoor_recipes/rootfs/etc/nginx/servers/ingress.conf +++ b/tandoor_recipes/rootfs/etc/nginx/servers/ingress.conf @@ -9,57 +9,63 @@ server location / { # Security - allow 172.30.32.2; - deny all; + ###################### + allow 172.30.32.2; + deny all; # Base - proxy_bind $server_addr; - proxy_pass http://127.0.0.1:8080; - proxy_set_header Connection "Upgrade"; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Host $http_host; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + ###################### + proxy_bind $server_addr; + proxy_pass http://127.0.0.1:8080; + proxy_set_header Connection "Upgrade"; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Host $http_host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - # Allow ingress subpath - proxy_set_header X-Script-Name %%ingress_entry%%; # IMPORTANT: path has NO trailing slash - proxy_cookie_path / %%ingress_entry%%/; + # Allow subpath + ###################### + proxy_set_header X-Script-Name %%ingress_entry%%; # IMPORTANT: path has NO trailing slash + proxy_cookie_path / %%ingress_entry%%/; # Allow iframe - proxy_hide_header X-Frame-Options; - add_header Access-Control-Allow-Origin *; - proxy_set_header Accept-Encoding ""; + ###################### + proxy_hide_header X-Frame-Options; + add_header Access-Control-Allow-Origin *; + proxy_set_header Accept-Encoding ""; # Avoid mixed contents - if ($http_referer ~* "^(http[s]?)://([^:]+):(\d*)(/.*)$") - { - set $x_scheme $1; - set $x_host $2; - set $x_port ":$3"; - } - if ($http_referer ~* "^(http[s]?)://([^:]+)(/.*)$") - { - set $x_scheme $1; - set $x_host $2; - set $x_port ""; - } - proxy_set_header X-Scheme $x_scheme; - proxy_redirect http://$host/ $x_scheme://$x_host$x_port/; - proxy_redirect $x_scheme://$host/ $x_scheme://$x_host$x_port/; + ###################### + if ($http_referer ~* "^(http[s]?)://([^:]+):(\d*)(/.*)$") + { + set $x_scheme $1; + set $x_host $2; + set $x_port ":$3"; + } + if ($http_referer ~* "^(http[s]?)://([^:]+)(/.*)$") + { + set $x_scheme $1; + set $x_host $2; + set $x_port ""; + } + proxy_set_header X-Scheme $x_scheme; + proxy_redirect http://$host/ $x_scheme://$x_host$x_port/; + proxy_redirect $x_scheme://$host/ $x_scheme://$x_host$x_port/; # Rewrite url - sub_filter_once off; - sub_filter_types *; - sub_filter "/static" "%%ingress_entry%%/static"; - sub_filter "/media" "%%ingress_entry%%/media"; - #sub_filter "/view" "%%ingress_entry%%/view"; - #sub_filter "/search" "%%ingress_entry%%/search"; - #sub_filter "/edit/" "%%ingress_entry%%/edit/"; + ###################### + sub_filter_once off; + sub_filter_types *; + sub_filter "/static" "%%ingress_entry%%/static"; + sub_filter "/media" "%%ingress_entry%%/media"; + #sub_filter "/view" "%%ingress_entry%%/view"; + #sub_filter "/search" "%%ingress_entry%%/search"; + #sub_filter "/edit/" "%%ingress_entry%%/edit/"; # Tests - #proxy_set_header X-Real-IP $remote_addr; - #proxy_set_header X-Forwarded-Host $server_name; - #proxy_set_header X-Forwarded-Proto $scheme; - + ###################### + #proxy_set_header X-Real-IP $remote_addr; + #proxy_set_header X-Forwarded-Host $server_name; + #proxy_set_header X-Forwarded-Proto $scheme; } }