From b5e85e2182c2cd063d582b6b557702d92f180277 Mon Sep 17 00:00:00 2001 From: Alexandre <44178713+alexbelgium@users.noreply.github.com> Date: Thu, 30 Jun 2022 12:06:50 +0200 Subject: [PATCH] Update ingress.conf --- .../rootfs/etc/nginx/servers/ingress.conf | 92 ++++++++++++------- 1 file changed, 60 insertions(+), 32 deletions(-) diff --git a/tandoor_recipes/rootfs/etc/nginx/servers/ingress.conf b/tandoor_recipes/rootfs/etc/nginx/servers/ingress.conf index 370f5a221..75c319048 100644 --- a/tandoor_recipes/rootfs/etc/nginx/servers/ingress.conf +++ b/tandoor_recipes/rootfs/etc/nginx/servers/ingress.conf @@ -1,37 +1,65 @@ -server { - listen %%interface%%:%%port%% default_server; - include /etc/nginx/includes/server_params.conf; - include /etc/nginx/includes/proxy_params.conf; - client_max_body_size 0; - proxy_buffering off; +server +{ + listen %%interface%%:%%port%% default_server; + include /etc/nginx/includes/server_params.conf; + include /etc/nginx/includes/proxy_params.conf; + client_max_body_size 0; + proxy_buffering off; - location / { - proxy_pass http://127.0.0.1:8080; - proxy_set_header Connection "Upgrade"; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Host $http_host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Host $server_name; - proxy_set_header X-Forwarded-Proto $scheme; + location / + { + # General + allow 172.30.32.2; + deny all; + + # Base + proxy_bind $server_addr; + proxy_pass http://127.0.0.1:8080; + proxy_set_header Connection "Upgrade"; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Host $http_host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + + # Allow ingress subpath + proxy_set_header X-Script-Name %%ingress_entry%%; # IMPORTANT: path has NO trailing slash + proxy_cookie_path / %%ingress_entry%%/; + + # Avoid mixed contents + if ($http_referer ~* "^(http[s]?)://([^:]+):(\d*)(/.*)$") + { + set $x_scheme $1; + set $x_host $2; + set $x_port ":$3"; + } + if ($http_referer ~* "^(http[s]?)://([^:]+)(/.*)$") + { + set $x_scheme $1; + set $x_host $2; + set $x_port ""; + } + proxy_set_header X-Scheme $x_scheme; + proxy_redirect http://$host/ $x_scheme://$x_host$x_port/; + proxy_redirect $x_scheme://$host/ $x_scheme://$x_host$x_port/; + + # Rewrite url + sub_filter_once off; + sub_filter_types *; + sub_filter "/static" "%%ingress_entry%%/static"; + sub_filter "/media" "%%ingress_entry%%/media"; + #sub_filter "/view" "%%ingress_entry%%/view"; + #sub_filter "/search" "%%ingress_entry%%/search"; + #sub_filter "/edit/" "%%ingress_entry%%/edit/"; - # Allow ingress subpath - proxy_set_header X-Script-Name %%ingress_entry%%; - proxy_cookie_path / %%ingress_entry%%; + # Allow iframe + proxy_hide_header X-Frame-Options; + add_header Access-Control-Allow-Origin *; + proxy_set_header Accept-Encoding ""; - # Rewrite url - sub_filter_once off; - sub_filter_types *; - sub_filter "/static" "%%ingress_entry%%/static"; - sub_filter "/media" "%%ingress_entry%%/media"; - #sub_filter "/view" "%%ingress_entry%%/view"; - #sub_filter "/search" "%%ingress_entry%%/search"; - #sub_filter "/edit/" "%%ingress_entry%%/edit/"; + # Tests + #proxy_set_header X-Real-IP $remote_addr; + #proxy_set_header X-Forwarded-Host $server_name; + #proxy_set_header X-Forwarded-Proto $scheme; + + } - # Allow frames - proxy_hide_header X-Frame-Options; - add_header Access-Control-Allow-Origin *; - proxy_set_header Accept-Encoding ""; - } - }