jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity
4,860 Commits 33 Branches 583 Tags
39ff21bdf4d68bcae8d4a6d6af41a5233fd32d9a
Commit Graph

46 Commits

Author SHA1 Message Date
Johannes Zellner
602f8bcd04 Split platform and app data folders and get rid of btrfs volumes 2017-04-04 12:34:55 +02:00
Girish Ramakrishnan
2c871705c7 Add a referrer policy 2017-03-31 16:11:54 -07:00
Girish Ramakrishnan
ffbda22145 Fine tune rate limits a bit more 2017-03-29 16:03:08 -07:00
Girish Ramakrishnan
18e59c4754 Rate limit nginx routes that verify the password 
Also remove rate-limit middleware

Test using something like:

    ab -v 1 -n 1000 -c 10 -s 5 -m POST https://my.<doamain>/api/v1/developer/login

Part of #187
 2017-03-27 00:06:42 -07:00
Johannes Zellner
103cb10cad Ignore upstream headers for security headers we set in nginx 
Apps like nextcloud set their own security headers ending up with having
them set twice. I am not 100% sure if our headers should win or if we
should not inject headers with nginx if the upstream app sets them already.
This looks like the more permissive case where we simply enforce our
values, regardless what the apps sets.

This also fixes the nextcloud/owncloud security checks which were
failing because the header values were duplicated, which results in
string concatenation of values from same headers.
 2017-03-21 14:18:39 +01:00
Girish Ramakrishnan
6a523606ca Revert "Bump version to Nginx IPv6 support." 
This reverts commit 5555321cf5.
This reverts commit f087ebbee0.
This reverts commit d04f64d3d4.

Part of #264
 2017-03-19 14:25:30 -07:00
Jonah Aragon
f087ebbee0 Add listen [::]:80; for IPv6 redirects. 2017-03-17 19:13:18 +00:00
Jonah Aragon
d04f64d3d4 Add IPv6 listen directives 2017-03-17 19:12:25 +00:00
Girish Ramakrishnan
4b3ef33989 Add some basic secure headers 
Part of #249
 2017-03-08 22:14:44 -08:00
Girish Ramakrishnan
7f4f525551 dhparams.pem must be part of backup 2017-02-14 14:12:03 -08:00
Johannes Zellner
1d5465f21e Update the ssl ciphers and add dhparams.pem 
Fixes #218
 2017-02-13 00:28:22 +01:00
Girish Ramakrishnan
cd31e12bec Do not includeSubdomains in HSTS 
This prevents one from redirecting to some http-only subdomain.
For example, surfer in naked domain redirects to www subdomain
(which is on github pages...)
 2017-02-02 00:05:56 -08:00
Johannes Zellner
9b9d30c092 Remove commented out section of the nginx.conf 2017-01-11 00:09:51 +01:00
Johannes Zellner
fd479d04a0 Fix nginx config to make non vhost configs default_server 
Nginx does not match on the ip as a vhost. This no basically replaces
the commented out section in the nginx.conf
 2017-01-06 22:09:10 +01:00
Johannes Zellner
801c40420c Create setup nginx config and cert for ip setup 2017-01-05 16:02:03 +01:00
Johannes
d39a84ea53 Do not redirect on app upstream error but show static error page 
Fixes #4
 2016-11-21 16:25:23 +01:00
Girish Ramakrishnan
94037e5266 remove oauth proxy backend logic 2016-11-19 17:13:08 +05:30
Girish Ramakrishnan
b932a9be10 Set X-Forwarded-Ssl to on 
https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/doc/settings/nginx.md#supporting-proxied-ssl
http://stackoverflow.com/questions/16042647/whats-the-de-facto-standard-for-a-reverse-proxy-to-tell-the-backend-ssl-is-used
 2016-08-17 17:46:36 -07:00
Johannes Zellner
867e875707 Revert "Add basic 404 page" 
This reverts commit 3793220dd48356d5fe421312915a8392fcccca0e.
 2016-07-27 19:09:43 +02:00
Johannes Zellner
dcdca52dbd Add basic 404 page 2016-07-27 17:52:54 +02:00
Johannes Zellner
3331d1aa13 Ensure the X-Frame-Options header has a single string argument 2016-07-15 11:26:05 +02:00
Johannes Zellner
66049a9e2d Support x-frame-options in appconfig.ejs template 2016-07-14 16:28:59 +02:00
Johannes Zellner
ce116e56bf Remove webdav specific headers 
This is not actually doing anything in that directive
 2016-06-22 16:06:11 +02:00
Johannes Zellner
a37f87511b Prevent clickjacking by sending X-Frame-Options 2016-06-15 13:10:26 +02:00
Girish Ramakrishnan
dc31946e50 move webdav block outside location 
when inside location, nginx is redirecting to 127.0.0.1 (no clue why)
 2016-06-11 12:05:16 -07:00
Johannes Zellner
d06398dbfd Move webdav nginx fixes into app endpoint 
Not sure if this will now still work with oauth proxy though.
 2016-06-02 09:49:01 +02:00
Girish Ramakrishnan
dfa08469d6 set timeouts explicitly 2016-06-01 17:33:28 -07:00
Girish Ramakrishnan
d798073d95 fix comment of default_server 2016-06-01 17:28:15 -07:00
Girish Ramakrishnan
41632b8c11 fix favicon of naked domain 2016-06-01 17:27:39 -07:00
Girish Ramakrishnan
eb29bdd575 document keepalive_timeout 2016-06-01 16:51:52 -07:00
Johannes Zellner
47978436c2 Set Destination header for webdav in nginx proxy 2016-06-01 18:49:50 +02:00
Girish Ramakrishnan
27d2daae93 leave a note in nginx config 2016-05-19 12:27:54 -07:00
Girish Ramakrishnan
4a04e0b52f use recommendation from raymii.org 2016-04-28 09:59:03 -07:00
girish@cloudron.io
ce0a24a95d comment out public graphite paths 2016-01-25 12:51:37 -08:00
Johannes Zellner
63c06a508e Make /api available on just the IP 
We might want to also show something else than
the naked domain placeholder page when just
accessing the ip
 2016-01-24 12:08:10 +01:00
girish@cloudron.io
6dc11edafe make exec route more debugging friedly 
allow upto 30 minutes of idle connection
 2016-01-18 12:49:06 -08:00
Girish Ramakrishnan
1874c93c5c no need to template main nginx config 2015-12-10 13:54:53 -08:00
Girish Ramakrishnan
6fc972d160 set default response type to text/plain 2015-12-09 18:34:13 -08:00
Girish Ramakrishnan
88f0240757 serve acme directory from nginx 2015-12-08 19:04:48 -08:00
Johannes Zellner
8bd9a6c109 Do not serve up the status page for 500 upstream errors 2015-11-13 09:39:33 +01:00
Johannes Zellner
e81db9728a Set the cert and key dynamically when rendering nginx appconfig 2015-10-28 12:42:04 +01:00
Girish Ramakrishnan
2719c4240f Get oauth proxy port from the configs 2015-09-16 10:06:34 -07:00
Johannes Zellner
3d8b90f5c8 Redirect on app error to webadmin appstatus page 
Part of #436
 2015-07-28 13:46:58 +02:00
Girish Ramakrishnan
6839f47f99 Fix typo 2015-07-23 14:30:15 -07:00
Girish Ramakrishnan
d32990d0e5 Set server_names_hash_bucket_size 
e2e tests fail like so when the hostnames are long

Thu, 23 Jul 2015 20:40:23 GMT box:apptask test8629 writing config to /home/yellowtent/data/nginx/applications/a3822f18-2f95-4b73-b8e9-2983dfcaae31.conf
Thu, 23 Jul 2015 20:40:23 GMT box:shell.js reloadNginx execFile: /usr/bin/sudo -S /home/yellowtent/box/src/scripts/reloadnginx.sh
Thu, 23 Jul 2015 20:40:24 GMT box:shell.js reloadNginx (stderr): nginx: [emerg] could not build the server_names_hash, you should increase server_names_hash_bucket_size: 64

Thu, 23 Jul 2015 20:40:24 GMT box:shell.js reloadNginx code: 1, signal: null
Thu, 23 Jul 2015 20:40:24 GMT box:apptask test8629 error installing app: Error: Exited with error 1 signal null
Thu, 23 Jul 2015 20:40:24 GMT box:apptask test8629 installationState: pending_install progress: 15, Configure nginx
^[[1m^[[31mERROR^[[39m^[[22m Exited with error 1 signal null ^[[1m[ /home/yellowtent/box/src/apptask.js:909:32 ]^[[22m
^[[32mstack: ^[[39m
  """
    Error: Exited with error 1 signal null
        at ChildProcess.<anonymous> (/home/yellowtent/box/src/shell.js:38:53)
        at ChildProcess.emit (events.js:110:17)
        at Process.ChildProcess._handle.onexit (child_process.js:1074:12)
  """
^[[32mmessage: ^[[39mExited with error 1 signal null
 2015-07-23 13:55:46 -07:00
Girish Ramakrishnan
df9d321ac3 app.portBindings and newManifest.tcpPorts may be null 2015-07-20 00:10:36 -07:00