diff --git a/bundles/nginx/files/site_template b/bundles/nginx/files/site_template index eef9968..936c07b 100644 --- a/bundles/nginx/files/site_template +++ b/bundles/nginx/files/site_template @@ -17,12 +17,27 @@ server { ssl_stapling_verify on; add_header Strict-Transport-Security "max-age=31104000; preload"; + add_header Referrer-Policy same-origin; add_header X-Frame-Options "DENY"; + add_header X-Content-Type-Options nosniff; location /.well-known/acme-challenge/ { alias /var/lib/dehydrated/acme-challenges/; } +% if proxy: +% for location, proxy_pass in proxy.items(): + location ${location} { + proxy_pass ${proxy_pass}; + proxy_set_header X-Script-Name /; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto HTTPS; + proxy_set_header X-Forwarded-Host ${domain}; + proxy_buffering off; + } +% endfor +% endif + % if extras: <%include file="extras/${node.name}/${domain}" /> % endif diff --git a/data/nginx/files/extras/htz.ex42-1048908/chat.franzi.business b/data/nginx/files/extras/htz.ex42-1048908/chat.franzi.business index bf0987f..a600cd0 100644 --- a/data/nginx/files/extras/htz.ex42-1048908/chat.franzi.business +++ b/data/nginx/files/extras/htz.ex42-1048908/chat.franzi.business @@ -2,7 +2,3 @@ alias /etc/matrix-synapse/wellknown/; add_header Access-Control-Allow-Origin *; } - - location /.well-known/acme-challenge/ { - alias /var/run/acme/acme-challenge/; - } diff --git a/nodes/htz/ex42-1048908.py b/nodes/htz/ex42-1048908.py index 7734075..c02bb74 100644 --- a/nodes/htz/ex42-1048908.py +++ b/nodes/htz/ex42-1048908.py @@ -62,6 +62,15 @@ nodes['htz.ex42-1048908'] = { '@.*:franzi\\\\.business', }, }, + 'nginx': { + 'vhosts': { + 'jenkins.kunsmann.eu': { + 'proxy': { + '/': 'http://localhost:9000/', + }, + }, + }, + }, 'riot-web': { 'url': 'chat.franzi.business', 'config': {