From 8d5f6e56b81c6df94de35b4b8e140103e6d74eb9 Mon Sep 17 00:00:00 2001 From: Eric Nemchik Date: Fri, 25 Sep 2020 11:24:44 -0500 Subject: [PATCH] Cleanups and reordering --- readme-vars.yml | 1 + root/defaults/nginx.conf | 20 ++++++++-------- root/defaults/proxy.conf | 51 +++++++++++++++++++--------------------- root/defaults/ssl.conf | 12 +++++----- 4 files changed, 41 insertions(+), 43 deletions(-) diff --git a/readme-vars.yml b/readme-vars.yml index a6c2c65..2207e73 100755 --- a/readme-vars.yml +++ b/readme-vars.yml @@ -149,6 +149,7 @@ app_setup_nginx_reverse_proxy_block: "" # changelog changelogs: + - { date: "01.09.25:", desc: "[Existing users should update:](https://github.com/linuxserver/docker-swag/blob/master/README.md#updating-configs) nginx.conf, proxy.conf, and ssl.conf - Minor cleanups and reordering." } - { date: "20.09.20:", desc: "[Existing users should update:](https://github.com/linuxserver/docker-swag/blob/master/README.md#updating-configs) nginx.conf - Added geoip2 configs. Added MAXMINDDB_LICENSE_KEY variable to readme."} - { date: "08.09.20:", desc: "Add php7-xsl." } - { date: "01.09.20:", desc: "[Existing users should update:](https://github.com/linuxserver/docker-swag/blob/master/README.md#updating-configs) nginx.conf, proxy.conf, and various proxy samples - Global websockets across all configs." } diff --git a/root/defaults/nginx.conf b/root/defaults/nginx.conf index a291517..23a8bc6 100644 --- a/root/defaults/nginx.conf +++ b/root/defaults/nginx.conf @@ -1,4 +1,4 @@ -## Version 2020/09/20 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx.conf +## Version 2020/09/25 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx.conf user abc; worker_processes 4; @@ -16,21 +16,21 @@ http { # Basic Settings ## - sendfile on; - tcp_nopush on; - tcp_nodelay on; + client_body_buffer_size 128k; + client_max_body_size 0; keepalive_timeout 65; + large_client_header_buffers 4 16k; + send_timeout 5m; + sendfile on; + tcp_nodelay on; + tcp_nopush on; types_hash_max_size 2048; variables_hash_max_size 2048; - large_client_header_buffers 4 16k; # server_tokens off; - # server_names_hash_bucket_size 64; # server_name_in_redirect off; - client_max_body_size 0; - include /etc/nginx/mime.types; default_type application/octet-stream; @@ -90,9 +90,9 @@ http { ## # Geoip2 config ## - # Uncomment to add the Geoip2 configs needed to geo block countries/cities. + # Uncomment to add the Geoip2 configs needed to geo block countries/cities. ## - + #include /config/nginx/geoip2.conf; } diff --git a/root/defaults/proxy.conf b/root/defaults/proxy.conf index 41d5ff9..49b0d6e 100644 --- a/root/defaults/proxy.conf +++ b/root/defaults/proxy.conf @@ -1,33 +1,30 @@ -## Version 2020/09/01 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/proxy.conf +## Version 2020/09/25 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/proxy.conf -client_body_buffer_size 128k; - -#Timeout if the real server is dead +# Timeout if the real server is dead proxy_next_upstream error timeout invalid_header http_500 http_502 http_503; -# Advanced Proxy Config -send_timeout 5m; -proxy_read_timeout 240; -proxy_send_timeout 240; -proxy_connect_timeout 240; - -# TLS 1.3 early data -proxy_set_header Early-Data $ssl_early_data; - -# Basic Proxy Config -proxy_set_header Host $host; -proxy_set_header X-Real-IP $remote_addr; -proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; -proxy_set_header X-Forwarded-Proto https; -proxy_set_header X-Forwarded-Host $host; -proxy_set_header X-Forwarded-Ssl on; -proxy_redirect http:// $scheme://; -proxy_http_version 1.1; -proxy_set_header Upgrade $http_upgrade; -proxy_set_header Connection $connection_upgrade; -#proxy_cookie_path / "/; HTTPOnly; Secure"; # enable at your own risk, may break certain apps -proxy_cache_bypass $cookie_session; -proxy_no_cache $cookie_session; +# Proxy Connection Settings proxy_buffers 32 4k; +proxy_connect_timeout 240; proxy_headers_hash_bucket_size 128; proxy_headers_hash_max_size 1024; +proxy_http_version 1.1; +proxy_read_timeout 240; +proxy_redirect http:// $scheme://; +proxy_send_timeout 240; + +# Proxy Cache and Cookie Settings +proxy_cache_bypass $cookie_session; +#proxy_cookie_path / "/; Secure"; # enable at your own risk, may break certain apps +proxy_no_cache $cookie_session; + +# Proxy Header Settings +proxy_set_header Connection $connection_upgrade; +proxy_set_header Early-Data $ssl_early_data; +proxy_set_header Host $host; +proxy_set_header Upgrade $http_upgrade; +proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; +proxy_set_header X-Forwarded-Host $host; +proxy_set_header X-Forwarded-Proto https; +proxy_set_header X-Forwarded-Ssl on; +proxy_set_header X-Real-IP $remote_addr; diff --git a/root/defaults/ssl.conf b/root/defaults/ssl.conf index 37ea36a..44aefa9 100644 --- a/root/defaults/ssl.conf +++ b/root/defaults/ssl.conf @@ -1,4 +1,4 @@ -## Version 2020/06/17 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/ssl.conf +## Version 2020/09/25 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/ssl.conf ### Mozilla Recommendations # generated 2020-06-17, Mozilla Guideline v5.4, nginx 1.18.0-r0, OpenSSL 1.1.1g-r0, intermediate configuration @@ -39,10 +39,10 @@ ssl_early_data on; #add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always; # Optional additional headers -#add_header Content-Security-Policy "upgrade-insecure-requests"; -#add_header X-Frame-Options "SAMEORIGIN" always; -#add_header X-XSS-Protection "1; mode=block" always; -#add_header X-Content-Type-Options "nosniff" always; -#add_header X-UA-Compatible "IE=Edge" always; #add_header Cache-Control "no-transform" always; +#add_header Content-Security-Policy "upgrade-insecure-requests"; #add_header Referrer-Policy "same-origin" always; +#add_header X-Content-Type-Options "nosniff" always; +#add_header X-Frame-Options "SAMEORIGIN" always; +#add_header X-UA-Compatible "IE=Edge" always; +#add_header X-XSS-Protection "1; mode=block" always;