kunsi/bundlewrap
1
0
Fork 0
Code Issues 1 Pull requests 1 Releases Activity

bundles/nginx: do not set X-Forwarded-Proto if https is disabled, do not use http2 without ssl

Browse source
This commit is contained in:
Franzi 2020-09-20 15:46:39 +02:00
parent 6a67b1a4ae
commit 151d8e92c3
Signed by: kunsi
GPG key ID: 12E3D2136B818350
1 changed files with 6 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
bundles/nginx/files/site_template
View file

@ -15,16 +15,16 @@ server {
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains";
% else:
listen 80 http2;
listen [::]:80 http2;
listen 80;
listen [::]:80;
% endif
resolver 8.8.8.8 8.8.4.4 valid=300s;
resolver_timeout 5s;
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains";
% if not do_not_set_content_security_headers:
add_header Referrer-Policy same-origin;
add_header X-Frame-Options "SAMEORIGIN";
@ -42,7 +42,9 @@ server {
proxy_set_header Host ${domain};
proxy_set_header X-Script-Name /;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
% if node.metadata['nginx']['use_ssl_for_all_connections']:
proxy_set_header X-Forwarded-Proto HTTPS;
% endif
proxy_set_header X-Forwarded-Host ${domain};
proxy_buffering off;
}