linuxserver/docker-swag
1
0
Fork 0
mirror of https://github.com/linuxserver/docker-swag.git synced 2025-11-03 14:32:37 +09:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Mitigate https://httpoxy.org/ vulnerabilities.

Browse Source 
Ref: https://www.nginx.com/blog/mitigating-the-httpoxy-vulnerability-with-nginx#Defeating-the-Attack-using-NGINX-and-NGINX-Plus
This commit is contained in:
Eric Nemchik
2021-10-26 08:33:36 -05:00
parent c40c2bd6e5
commit 66a4c1203b
3 changed files with 4 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
README.md
View File

@@ -332,6 +332,7 @@ Once registered you can define the dockerfile to use with `-f Dockerfile.aarch64
## Versions ## Versions
* **26.10.21:** - [Existing users should update:](https://github.com/linuxserver/docker-swag/blob/master/README.md#updating-configs) proxy.conf - Mitigate https://httpoxy.org/ vulnerabilities. Ref: https://www.nginx.com/blog/mitigating-the-httpoxy-vulnerability-with-nginx#Defeating-the-Attack-using-NGINX-and-NGINX-Plus
* **23.10.21:** - Fix Hurricane Electric (HE) DNS validation. * **23.10.21:** - Fix Hurricane Electric (HE) DNS validation.
* **12.10.21:** - Fix deprecated LE root cert check to fix failures when using `STAGING=true`, and failures in revoking. * **12.10.21:** - Fix deprecated LE root cert check to fix failures when using `STAGING=true`, and failures in revoking.
* **06.10.21:** - Added support for Hurricane Electric (HE) DNS validation. Added lxml build deps. * **06.10.21:** - Added support for Hurricane Electric (HE) DNS validation. Added lxml build deps.

1
readme-vars.yml
View File

@@ -155,6 +155,7 @@ app_setup_nginx_reverse_proxy_block: ""
# changelog # changelog
changelogs: changelogs:
- { date: "26.10.21:", desc: "[Existing users should update:](https://github.com/linuxserver/docker-swag/blob/master/README.md#updating-configs) proxy.conf - Mitigate https://httpoxy.org/ vulnerabilities. Ref: https://www.nginx.com/blog/mitigating-the-httpoxy-vulnerability-with-nginx#Defeating-the-Attack-using-NGINX-and-NGINX-Plus" }
- { date: "23.10.21:", desc: "Fix Hurricane Electric (HE) DNS validation." } - { date: "23.10.21:", desc: "Fix Hurricane Electric (HE) DNS validation." }
- { date: "12.10.21:", desc: "Fix deprecated LE root cert check to fix failures when using `STAGING=true`, and failures in revoking." } - { date: "12.10.21:", desc: "Fix deprecated LE root cert check to fix failures when using `STAGING=true`, and failures in revoking." }
- { date: "06.10.21:", desc: "Added support for Hurricane Electric (HE) DNS validation. Added lxml build deps." } - { date: "06.10.21:", desc: "Added support for Hurricane Electric (HE) DNS validation. Added lxml build deps." }

3
root/defaults/proxy.conf
View File

@@ -1,4 +1,4 @@
## Version 2021/04/27 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/proxy.conf ## Version 2021/10/26 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/proxy.conf
# Timeout if the real server is dead # Timeout if the real server is dead
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503; proxy_next_upstream error timeout invalid_header http_500 http_502 http_503;
@@ -22,6 +22,7 @@ proxy_no_cache $cookie_session;
proxy_set_header Connection $connection_upgrade; proxy_set_header Connection $connection_upgrade;
proxy_set_header Early-Data $ssl_early_data; proxy_set_header Early-Data $ssl_early_data;
proxy_set_header Host $host; proxy_set_header Host $host;
proxy_set_header Proxy "";
proxy_set_header Upgrade $http_upgrade; proxy_set_header Upgrade $http_upgrade;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Host $host;