From b52a196c73729c5ea777ae060a1142e65186fbc5 Mon Sep 17 00:00:00 2001
From: Franziska Kunsmann <hi@kunsmann.eu>
Date: Tue, 30 Mar 2021 21:26:25 +0200
Subject: [PATCH] bundles/nginx: add configuration option for
 client_max_body_size

---
 bundles/c3voc-addons/files/site_template      |  6 ++++
 bundles/nginx/files/nginx.conf                |  2 +-
 bundles/nginx/files/site_template             |  6 ++++
 .../octoprint                                 |  1 -
 .../files/extras/htz-cloud.pleroma/pleroma    |  2 --
 .../htz-cloud.sewfile/sewfile.franzi.business |  2 --
 .../dimension.franzi.business                 |  2 --
 .../htz.ex42-1048908/pad.franzi.business      | 28 -------------------
 nodes/home/octoprint-vielschichtigkeit.py     |  2 +-
 nodes/htz-cloud/pleroma.py                    |  1 +
 nodes/htz-cloud/sewfile.py                    |  1 +
 nodes/htz/ex42-1048908.py                     |  1 +
 nodes/voc/pretalx.py                          |  2 ++
 13 files changed, 19 insertions(+), 37 deletions(-)
 delete mode 100644 data/nginx/files/extras/home.octoprint-vielschichtigkeit/octoprint
 delete mode 100644 data/nginx/files/extras/htz.ex42-1048908/pad.franzi.business

diff --git a/bundles/c3voc-addons/files/site_template b/bundles/c3voc-addons/files/site_template
index 8b66989..0e10fd7 100644
--- a/bundles/c3voc-addons/files/site_template
+++ b/bundles/c3voc-addons/files/site_template
@@ -20,6 +20,12 @@ server {
     resolver 8.8.8.8 8.8.4.4 valid=300s;
     resolver_timeout 5s;
 
+% if max_body_size:
+    client_max_body_size ${max_body_size};
+% elif proxy:
+    client_max_body_size 5M;
+% endif
+
     add_header Referrer-Policy same-origin;
     add_header X-Content-Type-Options nosniff;
 
diff --git a/bundles/nginx/files/nginx.conf b/bundles/nginx/files/nginx.conf
index 5943dee..153dc96 100644
--- a/bundles/nginx/files/nginx.conf
+++ b/bundles/nginx/files/nginx.conf
@@ -27,7 +27,7 @@ http {
 
     client_body_buffer_size 10K;
     client_header_buffer_size 1k;
-    client_max_body_size 8m;
+    client_max_body_size 1M;
     large_client_header_buffers 2 1k;
 
     map $http_upgrade $connection_upgrade {
diff --git a/bundles/nginx/files/site_template b/bundles/nginx/files/site_template
index 9bbea3d..cfcbe98 100644
--- a/bundles/nginx/files/site_template
+++ b/bundles/nginx/files/site_template
@@ -30,6 +30,12 @@ server {
     resolver 8.8.8.8 8.8.4.4 valid=300s;
     resolver_timeout 5s;
 
+% if max_body_size:
+    client_max_body_size ${max_body_size};
+% elif proxy or php:
+    client_max_body_size 5M;
+% endif
+
 % if not do_not_set_content_security_headers:
     add_header Referrer-Policy same-origin;
     add_header X-Frame-Options "SAMEORIGIN";
diff --git a/data/nginx/files/extras/home.octoprint-vielschichtigkeit/octoprint b/data/nginx/files/extras/home.octoprint-vielschichtigkeit/octoprint
deleted file mode 100644
index 0083203..0000000
--- a/data/nginx/files/extras/home.octoprint-vielschichtigkeit/octoprint
+++ /dev/null
@@ -1 +0,0 @@
-    client_max_body_size 100M;
diff --git a/data/nginx/files/extras/htz-cloud.pleroma/pleroma b/data/nginx/files/extras/htz-cloud.pleroma/pleroma
index 3f9e6a0..7e69502 100644
--- a/data/nginx/files/extras/htz-cloud.pleroma/pleroma
+++ b/data/nginx/files/extras/htz-cloud.pleroma/pleroma
@@ -1,4 +1,2 @@
-    client_max_body_size 16m;
-
     access_log /var/log/nginx/pleroma.log gdpr;
     error_log /var/log/nginx/error.log;
diff --git a/data/nginx/files/extras/htz-cloud.sewfile/sewfile.franzi.business b/data/nginx/files/extras/htz-cloud.sewfile/sewfile.franzi.business
index 20c4040..9312c7e 100644
--- a/data/nginx/files/extras/htz-cloud.sewfile/sewfile.franzi.business
+++ b/data/nginx/files/extras/htz-cloud.sewfile/sewfile.franzi.business
@@ -1,5 +1,3 @@
-    client_max_body_size 0;
-
     location / {
         proxy_pass         http://127.0.0.1:8000;
         proxy_set_header   Host $host;
diff --git a/data/nginx/files/extras/htz.ex42-1048908/dimension.franzi.business b/data/nginx/files/extras/htz.ex42-1048908/dimension.franzi.business
index 05e631b..6312d6a 100644
--- a/data/nginx/files/extras/htz.ex42-1048908/dimension.franzi.business
+++ b/data/nginx/files/extras/htz.ex42-1048908/dimension.franzi.business
@@ -1,7 +1,5 @@
     add_header Content-Security-Policy "frame-ancestors 'self' chat.franzi.business matrix.nyantec.com";
 
-    client_max_body_size 50M;
-
     location /.well-known/matrix/ {
         alias /etc/matrix-synapse/wellknown/;
         add_header Access-Control-Allow-Origin *;
diff --git a/data/nginx/files/extras/htz.ex42-1048908/pad.franzi.business b/data/nginx/files/extras/htz.ex42-1048908/pad.franzi.business
deleted file mode 100644
index 4e4592d..0000000
--- a/data/nginx/files/extras/htz.ex42-1048908/pad.franzi.business
+++ /dev/null
@@ -1,28 +0,0 @@
-    keepalive_timeout    70;
-    sendfile             on;
-    client_max_body_size 40m;
-    client_body_timeout  3600;
-
-    location / {
-        try_files $uri @proxy;
-    }
-
-    location @proxy {
-        proxy_set_header Host $host;
-        proxy_set_header X-Real-IP $remote_addr;
-        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-        proxy_set_header X-Forwarded-Proto https;
-        proxy_set_header Proxy "";
-        proxy_pass_header Server;
-
-        proxy_pass http://127.0.0.1:3700;
-        proxy_buffering off;
-        proxy_redirect off;
-        proxy_http_version 1.1;
-        proxy_set_header Upgrade $http_upgrade;
-        proxy_set_header Connection $connection_upgrade;
-
-        tcp_nodelay on;
-    }
-
-    error_page 500 501 502 503 504 /500.html;
diff --git a/nodes/home/octoprint-vielschichtigkeit.py b/nodes/home/octoprint-vielschichtigkeit.py
index 201d830..33b9867 100644
--- a/nodes/home/octoprint-vielschichtigkeit.py
+++ b/nodes/home/octoprint-vielschichtigkeit.py
@@ -24,9 +24,9 @@ nodes['home.octoprint-vielschichtigkeit'] = {
         'nginx': {
             'vhosts': {
                 'octoprint': {
+                    'max_body_size': '0',
                     'domain': 'vielschichtigkeit.franzi-home.kunbox.net',
                     'do_not_set_content_security_headers': True,
-                    'extras': True,
                     'ssl': False,
                     'proxy': {
                         '/': {
diff --git a/nodes/htz-cloud/pleroma.py b/nodes/htz-cloud/pleroma.py
index 0d9b2ae..960f3bb 100644
--- a/nodes/htz-cloud/pleroma.py
+++ b/nodes/htz-cloud/pleroma.py
@@ -25,6 +25,7 @@ nodes['htz-cloud.pleroma'] = {
         'nginx': {
             'vhosts': {
                 'pleroma': {
+                    'max_body_size': '16M',
                     'extras': True,
                 },
                 'pleroma-www-redir': {
diff --git a/nodes/htz-cloud/sewfile.py b/nodes/htz-cloud/sewfile.py
index 699f375..fe78fd2 100644
--- a/nodes/htz-cloud/sewfile.py
+++ b/nodes/htz-cloud/sewfile.py
@@ -43,6 +43,7 @@ nodes['htz-cloud.sewfile'] = {
         'nginx': {
             'vhosts': {
                 'sewfile.franzi.business': {
+                    'max_body_size': '0',
                     'extras': True,
                     'website_check_path': '/accounts/login/',
                     'website_check_string': 'Username',
diff --git a/nodes/htz/ex42-1048908.py b/nodes/htz/ex42-1048908.py
index cdb9743..6a96d01 100644
--- a/nodes/htz/ex42-1048908.py
+++ b/nodes/htz/ex42-1048908.py
@@ -241,6 +241,7 @@ nodes['htz.ex42-1048908'] = {
                 'dimension.franzi.business': {
                     'extras': True,
                     'do_not_set_content_security_headers': True,
+                    'max_body_size': '50M',
                     'proxy': {
                         '/': {
                             'target': 'http://127.0.0.1:8184',
diff --git a/nodes/voc/pretalx.py b/nodes/voc/pretalx.py
index 6111293..c6344ce 100644
--- a/nodes/voc/pretalx.py
+++ b/nodes/voc/pretalx.py
@@ -35,6 +35,8 @@ nodes['voc.pretalx'] = {
             'vhosts': {
                 'pretalx': {
                     'domain': 'pretalx.c3voc.de',
+                    # pretalx limits this to 10M per file, too
+                    'max_body_size': '100M',
                     'proxy': {
                         '/': {
                             'target': 'http://127.0.0.1:22060/',