jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity
4,890 Commits 33 Branches 583 Tags
fce2cdce7f8d80bd29f3501e0f51beb2d56906fa
Commit Graph

33 Commits

Author SHA1 Message Date
mehdi
fce2cdce7f Adding proxy_max_temp_file_size 0 to nginx config. 
Explanation:
When proxying an HTTP request, nginx first fills up the memory buffers (set by proxy_buffer_size and proxy_buffers).
When these are full, it then writes them to a temporary file in batches of proxy_temp_file_write_size until it reaches proxy_max_temp_file_size.
When proxy_max_temp_file_size is not set, and a very large file is being served, it reaches the maximum of 1GB, and nginx begins to behave weirdly.
 2017-04-10 22:47:19 +02:00
Girish Ramakrishnan
8f912d8a1b add note on how to view graphite browser 2017-04-04 12:35:29 -07:00
Girish Ramakrishnan
2c871705c7 Add a referrer policy 2017-03-31 16:11:54 -07:00
Girish Ramakrishnan
18e59c4754 Rate limit nginx routes that verify the password 
Also remove rate-limit middleware

Test using something like:

    ab -v 1 -n 1000 -c 10 -s 5 -m POST https://my.<doamain>/api/v1/developer/login

Part of #187
 2017-03-27 00:06:42 -07:00
Johannes Zellner
103cb10cad Ignore upstream headers for security headers we set in nginx 
Apps like nextcloud set their own security headers ending up with having
them set twice. I am not 100% sure if our headers should win or if we
should not inject headers with nginx if the upstream app sets them already.
This looks like the more permissive case where we simply enforce our
values, regardless what the apps sets.

This also fixes the nextcloud/owncloud security checks which were
failing because the header values were duplicated, which results in
string concatenation of values from same headers.
 2017-03-21 14:18:39 +01:00
Girish Ramakrishnan
6a523606ca Revert "Bump version to Nginx IPv6 support." 
This reverts commit 5555321cf5.
This reverts commit f087ebbee0.
This reverts commit d04f64d3d4.

Part of #264
 2017-03-19 14:25:30 -07:00
Jonah Aragon
d04f64d3d4 Add IPv6 listen directives 2017-03-17 19:12:25 +00:00
Girish Ramakrishnan
4b3ef33989 Add some basic secure headers 
Part of #249
 2017-03-08 22:14:44 -08:00
Girish Ramakrishnan
7f4f525551 dhparams.pem must be part of backup 2017-02-14 14:12:03 -08:00
Johannes Zellner
1d5465f21e Update the ssl ciphers and add dhparams.pem 
Fixes #218
 2017-02-13 00:28:22 +01:00
Girish Ramakrishnan
cd31e12bec Do not includeSubdomains in HSTS 
This prevents one from redirecting to some http-only subdomain.
For example, surfer in naked domain redirects to www subdomain
(which is on github pages...)
 2017-02-02 00:05:56 -08:00
Johannes Zellner
fd479d04a0 Fix nginx config to make non vhost configs default_server 
Nginx does not match on the ip as a vhost. This no basically replaces
the commented out section in the nginx.conf
 2017-01-06 22:09:10 +01:00
Johannes
d39a84ea53 Do not redirect on app upstream error but show static error page 
Fixes #4
 2016-11-21 16:25:23 +01:00
Girish Ramakrishnan
94037e5266 remove oauth proxy backend logic 2016-11-19 17:13:08 +05:30
Girish Ramakrishnan
b932a9be10 Set X-Forwarded-Ssl to on 
https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/doc/settings/nginx.md#supporting-proxied-ssl
http://stackoverflow.com/questions/16042647/whats-the-de-facto-standard-for-a-reverse-proxy-to-tell-the-backend-ssl-is-used
 2016-08-17 17:46:36 -07:00
Johannes Zellner
867e875707 Revert "Add basic 404 page" 
This reverts commit 3793220dd48356d5fe421312915a8392fcccca0e.
 2016-07-27 19:09:43 +02:00
Johannes Zellner
dcdca52dbd Add basic 404 page 2016-07-27 17:52:54 +02:00
Johannes Zellner
3331d1aa13 Ensure the X-Frame-Options header has a single string argument 2016-07-15 11:26:05 +02:00
Johannes Zellner
66049a9e2d Support x-frame-options in appconfig.ejs template 2016-07-14 16:28:59 +02:00
Johannes Zellner
ce116e56bf Remove webdav specific headers 
This is not actually doing anything in that directive
 2016-06-22 16:06:11 +02:00
Johannes Zellner
a37f87511b Prevent clickjacking by sending X-Frame-Options 2016-06-15 13:10:26 +02:00
Girish Ramakrishnan
dc31946e50 move webdav block outside location 
when inside location, nginx is redirecting to 127.0.0.1 (no clue why)
 2016-06-11 12:05:16 -07:00
Johannes Zellner
d06398dbfd Move webdav nginx fixes into app endpoint 
Not sure if this will now still work with oauth proxy though.
 2016-06-02 09:49:01 +02:00
Johannes Zellner
47978436c2 Set Destination header for webdav in nginx proxy 2016-06-01 18:49:50 +02:00
Girish Ramakrishnan
27d2daae93 leave a note in nginx config 2016-05-19 12:27:54 -07:00
Girish Ramakrishnan
4a04e0b52f use recommendation from raymii.org 2016-04-28 09:59:03 -07:00
girish@cloudron.io
ce0a24a95d comment out public graphite paths 2016-01-25 12:51:37 -08:00
girish@cloudron.io
6dc11edafe make exec route more debugging friedly 
allow upto 30 minutes of idle connection
 2016-01-18 12:49:06 -08:00
Johannes Zellner
8bd9a6c109 Do not serve up the status page for 500 upstream errors 2015-11-13 09:39:33 +01:00
Johannes Zellner
e81db9728a Set the cert and key dynamically when rendering nginx appconfig 2015-10-28 12:42:04 +01:00
Girish Ramakrishnan
2719c4240f Get oauth proxy port from the configs 2015-09-16 10:06:34 -07:00
Johannes Zellner
3d8b90f5c8 Redirect on app error to webadmin appstatus page 
Part of #436
 2015-07-28 13:46:58 +02:00
Girish Ramakrishnan
df9d321ac3 app.portBindings and newManifest.tcpPorts may be null 2015-07-20 00:10:36 -07:00