bundles/nginx: add configuration option for client_max_body_size
All checks were successful
bundlewrap/pipeline/head This commit looks good

This commit is contained in:
Franzi 2021-03-30 21:26:25 +02:00
parent b7583bc8cc
commit b52a196c73
Signed by: kunsi
GPG key ID: 12E3D2136B818350
13 changed files with 19 additions and 37 deletions

View file

@ -20,6 +20,12 @@ server {
resolver 8.8.8.8 8.8.4.4 valid=300s; resolver 8.8.8.8 8.8.4.4 valid=300s;
resolver_timeout 5s; resolver_timeout 5s;
% if max_body_size:
client_max_body_size ${max_body_size};
% elif proxy:
client_max_body_size 5M;
% endif
add_header Referrer-Policy same-origin; add_header Referrer-Policy same-origin;
add_header X-Content-Type-Options nosniff; add_header X-Content-Type-Options nosniff;

View file

@ -27,7 +27,7 @@ http {
client_body_buffer_size 10K; client_body_buffer_size 10K;
client_header_buffer_size 1k; client_header_buffer_size 1k;
client_max_body_size 8m; client_max_body_size 1M;
large_client_header_buffers 2 1k; large_client_header_buffers 2 1k;
map $http_upgrade $connection_upgrade { map $http_upgrade $connection_upgrade {

View file

@ -30,6 +30,12 @@ server {
resolver 8.8.8.8 8.8.4.4 valid=300s; resolver 8.8.8.8 8.8.4.4 valid=300s;
resolver_timeout 5s; resolver_timeout 5s;
% if max_body_size:
client_max_body_size ${max_body_size};
% elif proxy or php:
client_max_body_size 5M;
% endif
% if not do_not_set_content_security_headers: % if not do_not_set_content_security_headers:
add_header Referrer-Policy same-origin; add_header Referrer-Policy same-origin;
add_header X-Frame-Options "SAMEORIGIN"; add_header X-Frame-Options "SAMEORIGIN";

View file

@ -1 +0,0 @@
client_max_body_size 100M;

View file

@ -1,4 +1,2 @@
client_max_body_size 16m;
access_log /var/log/nginx/pleroma.log gdpr; access_log /var/log/nginx/pleroma.log gdpr;
error_log /var/log/nginx/error.log; error_log /var/log/nginx/error.log;

View file

@ -1,5 +1,3 @@
client_max_body_size 0;
location / { location / {
proxy_pass http://127.0.0.1:8000; proxy_pass http://127.0.0.1:8000;
proxy_set_header Host $host; proxy_set_header Host $host;

View file

@ -1,7 +1,5 @@
add_header Content-Security-Policy "frame-ancestors 'self' chat.franzi.business matrix.nyantec.com"; add_header Content-Security-Policy "frame-ancestors 'self' chat.franzi.business matrix.nyantec.com";
client_max_body_size 50M;
location /.well-known/matrix/ { location /.well-known/matrix/ {
alias /etc/matrix-synapse/wellknown/; alias /etc/matrix-synapse/wellknown/;
add_header Access-Control-Allow-Origin *; add_header Access-Control-Allow-Origin *;

View file

@ -1,28 +0,0 @@
keepalive_timeout 70;
sendfile on;
client_max_body_size 40m;
client_body_timeout 3600;
location / {
try_files $uri @proxy;
}
location @proxy {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header Proxy "";
proxy_pass_header Server;
proxy_pass http://127.0.0.1:3700;
proxy_buffering off;
proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
tcp_nodelay on;
}
error_page 500 501 502 503 504 /500.html;

View file

@ -24,9 +24,9 @@ nodes['home.octoprint-vielschichtigkeit'] = {
'nginx': { 'nginx': {
'vhosts': { 'vhosts': {
'octoprint': { 'octoprint': {
'max_body_size': '0',
'domain': 'vielschichtigkeit.franzi-home.kunbox.net', 'domain': 'vielschichtigkeit.franzi-home.kunbox.net',
'do_not_set_content_security_headers': True, 'do_not_set_content_security_headers': True,
'extras': True,
'ssl': False, 'ssl': False,
'proxy': { 'proxy': {
'/': { '/': {

View file

@ -25,6 +25,7 @@ nodes['htz-cloud.pleroma'] = {
'nginx': { 'nginx': {
'vhosts': { 'vhosts': {
'pleroma': { 'pleroma': {
'max_body_size': '16M',
'extras': True, 'extras': True,
}, },
'pleroma-www-redir': { 'pleroma-www-redir': {

View file

@ -43,6 +43,7 @@ nodes['htz-cloud.sewfile'] = {
'nginx': { 'nginx': {
'vhosts': { 'vhosts': {
'sewfile.franzi.business': { 'sewfile.franzi.business': {
'max_body_size': '0',
'extras': True, 'extras': True,
'website_check_path': '/accounts/login/', 'website_check_path': '/accounts/login/',
'website_check_string': 'Username', 'website_check_string': 'Username',

View file

@ -241,6 +241,7 @@ nodes['htz.ex42-1048908'] = {
'dimension.franzi.business': { 'dimension.franzi.business': {
'extras': True, 'extras': True,
'do_not_set_content_security_headers': True, 'do_not_set_content_security_headers': True,
'max_body_size': '50M',
'proxy': { 'proxy': {
'/': { '/': {
'target': 'http://127.0.0.1:8184', 'target': 'http://127.0.0.1:8184',

View file

@ -35,6 +35,8 @@ nodes['voc.pretalx'] = {
'vhosts': { 'vhosts': {
'pretalx': { 'pretalx': {
'domain': 'pretalx.c3voc.de', 'domain': 'pretalx.c3voc.de',
# pretalx limits this to 10M per file, too
'max_body_size': '100M',
'proxy': { 'proxy': {
'/': { '/': {
'target': 'http://127.0.0.1:22060/', 'target': 'http://127.0.0.1:22060/',