bundles/nginx: add configuration option for client_max_body_size

2021-03-30 21:26:25 +02:00 · 2021-03-30 21:26:25 +02:00 · b52a196c73
commit b52a196c73
parent b7583bc8cc
13 changed files with 19 additions and 37 deletions
--- a/bundles/c3voc-addons/files/site_template
+++ b/bundles/c3voc-addons/files/site_template
@ -20,6 +20,12 @@ server {
    resolver 8.8.8.8 8.8.4.4 valid=300s;
    resolver_timeout 5s;

+% if max_body_size:
+    client_max_body_size ${max_body_size};
+% elif proxy:
+    client_max_body_size 5M;
+% endif
+
    add_header Referrer-Policy same-origin;
    add_header X-Content-Type-Options nosniff;

--- a/bundles/nginx/files/nginx.conf
+++ b/bundles/nginx/files/nginx.conf
@ -27,7 +27,7 @@ http {

    client_body_buffer_size 10K;
    client_header_buffer_size 1k;
-    client_max_body_size 8m;
+    client_max_body_size 1M;
    large_client_header_buffers 2 1k;

    map $http_upgrade $connection_upgrade {
--- a/bundles/nginx/files/site_template
+++ b/bundles/nginx/files/site_template
@ -30,6 +30,12 @@ server {
    resolver 8.8.8.8 8.8.4.4 valid=300s;
    resolver_timeout 5s;

+% if max_body_size:
+    client_max_body_size ${max_body_size};
+% elif proxy or php:
+    client_max_body_size 5M;
+% endif
+
 % if not do_not_set_content_security_headers:
    add_header Referrer-Policy same-origin;
    add_header X-Frame-Options "SAMEORIGIN";
--- a/data/nginx/files/extras/home.octoprint-vielschichtigkeit/octoprint
+++ b/data/nginx/files/extras/home.octoprint-vielschichtigkeit/octoprint
@ -1 +0,0 @@
-    client_max_body_size 100M;
--- a/data/nginx/files/extras/htz-cloud.pleroma/pleroma
+++ b/data/nginx/files/extras/htz-cloud.pleroma/pleroma
@ -1,4 +1,2 @@
-    client_max_body_size 16m;
-
    access_log /var/log/nginx/pleroma.log gdpr;
    error_log /var/log/nginx/error.log;
--- a/data/nginx/files/extras/htz-cloud.sewfile/sewfile.franzi.business
+++ b/data/nginx/files/extras/htz-cloud.sewfile/sewfile.franzi.business
@ -1,5 +1,3 @@
-    client_max_body_size 0;
-
    location / {
        proxy_pass         http://127.0.0.1:8000;
        proxy_set_header   Host $host;
--- a/data/nginx/files/extras/htz.ex42-1048908/dimension.franzi.business
+++ b/data/nginx/files/extras/htz.ex42-1048908/dimension.franzi.business
@ -1,7 +1,5 @@
    add_header Content-Security-Policy "frame-ancestors 'self' chat.franzi.business matrix.nyantec.com";

-    client_max_body_size 50M;
-
    location /.well-known/matrix/ {
        alias /etc/matrix-synapse/wellknown/;
        add_header Access-Control-Allow-Origin *;
--- a/data/nginx/files/extras/htz.ex42-1048908/pad.franzi.business
+++ b/data/nginx/files/extras/htz.ex42-1048908/pad.franzi.business
@ -1,28 +0,0 @@
-    keepalive_timeout    70;
-    sendfile             on;
-    client_max_body_size 40m;
-    client_body_timeout  3600;
-
-    location / {
-        try_files $uri @proxy;
-    }
-
-    location @proxy {
-        proxy_set_header Host $host;
-        proxy_set_header X-Real-IP $remote_addr;
-        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-        proxy_set_header X-Forwarded-Proto https;
-        proxy_set_header Proxy "";
-        proxy_pass_header Server;
-
-        proxy_pass http://127.0.0.1:3700;
-        proxy_buffering off;
-        proxy_redirect off;
-        proxy_http_version 1.1;
-        proxy_set_header Upgrade $http_upgrade;
-        proxy_set_header Connection $connection_upgrade;
-
-        tcp_nodelay on;
-    }
-
-    error_page 500 501 502 503 504 /500.html;
--- a/nodes/home/octoprint-vielschichtigkeit.py
+++ b/nodes/home/octoprint-vielschichtigkeit.py
@ -24,9 +24,9 @@ nodes['home.octoprint-vielschichtigkeit'] = {
        'nginx': {
            'vhosts': {
                'octoprint': {
+                    'max_body_size': '0',
                    'domain': 'vielschichtigkeit.franzi-home.kunbox.net',
                    'do_not_set_content_security_headers': True,
-                    'extras': True,
                    'ssl': False,
                    'proxy': {
                        '/': {
--- a/nodes/htz-cloud/pleroma.py
+++ b/nodes/htz-cloud/pleroma.py
@ -25,6 +25,7 @@ nodes['htz-cloud.pleroma'] = {
        'nginx': {
            'vhosts': {
                'pleroma': {
+                    'max_body_size': '16M',
                    'extras': True,
                },
                'pleroma-www-redir': {
--- a/nodes/htz-cloud/sewfile.py
+++ b/nodes/htz-cloud/sewfile.py
@ -43,6 +43,7 @@ nodes['htz-cloud.sewfile'] = {
        'nginx': {
            'vhosts': {
                'sewfile.franzi.business': {
+                    'max_body_size': '0',
                    'extras': True,
                    'website_check_path': '/accounts/login/',
                    'website_check_string': 'Username',
--- a/nodes/htz/ex42-1048908.py
+++ b/nodes/htz/ex42-1048908.py
@ -241,6 +241,7 @@ nodes['htz.ex42-1048908'] = {
                'dimension.franzi.business': {
                    'extras': True,
                    'do_not_set_content_security_headers': True,
+                    'max_body_size': '50M',
                    'proxy': {
                        '/': {
                            'target': 'http://127.0.0.1:8184',
--- a/nodes/voc/pretalx.py
+++ b/nodes/voc/pretalx.py
@ -35,6 +35,8 @@ nodes['voc.pretalx'] = {
            'vhosts': {
                'pretalx': {
                    'domain': 'pretalx.c3voc.de',
+                    # pretalx limits this to 10M per file, too
+                    'max_body_size': '100M',
                    'proxy': {
                        '/': {
                            'target': 'http://127.0.0.1:22060/',