mirror of
https://github.com/linuxserver/docker-swag.git
synced 2025-10-31 21:17:42 +09:00
Cleanups and reordering
This commit is contained in:
Eric Nemchik
@@ -149,6 +149,7 @@ app_setup_nginx_reverse_proxy_block: ""
|
|||||||
|
|
||||||
# changelog
|
# changelog
|
||||||
changelogs:
|
changelogs:
|
||||||
|
- { date: "01.09.25:", desc: "[Existing users should update:](https://github.com/linuxserver/docker-swag/blob/master/README.md#updating-configs) nginx.conf, proxy.conf, and ssl.conf - Minor cleanups and reordering." }
|
||||||
- { date: "20.09.20:", desc: "[Existing users should update:](https://github.com/linuxserver/docker-swag/blob/master/README.md#updating-configs) nginx.conf - Added geoip2 configs. Added MAXMINDDB_LICENSE_KEY variable to readme."}
|
- { date: "20.09.20:", desc: "[Existing users should update:](https://github.com/linuxserver/docker-swag/blob/master/README.md#updating-configs) nginx.conf - Added geoip2 configs. Added MAXMINDDB_LICENSE_KEY variable to readme."}
|
||||||
- { date: "08.09.20:", desc: "Add php7-xsl." }
|
- { date: "08.09.20:", desc: "Add php7-xsl." }
|
||||||
- { date: "01.09.20:", desc: "[Existing users should update:](https://github.com/linuxserver/docker-swag/blob/master/README.md#updating-configs) nginx.conf, proxy.conf, and various proxy samples - Global websockets across all configs." }
|
- { date: "01.09.20:", desc: "[Existing users should update:](https://github.com/linuxserver/docker-swag/blob/master/README.md#updating-configs) nginx.conf, proxy.conf, and various proxy samples - Global websockets across all configs." }
|
||||||
|
|||||||
@@ -1,4 +1,4 @@
|
|||||||
## Version 2020/09/20 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx.conf
|
## Version 2020/09/25 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx.conf
|
||||||
|
|
||||||
user abc;
|
user abc;
|
||||||
worker_processes 4;
|
worker_processes 4;
|
||||||
@@ -16,21 +16,21 @@ http {
|
|||||||
# Basic Settings
|
# Basic Settings
|
||||||
##
|
##
|
||||||
|
|
||||||
sendfile on;
|
client_body_buffer_size 128k;
|
||||||
tcp_nopush on;
|
client_max_body_size 0;
|
||||||
tcp_nodelay on;
|
|
||||||
keepalive_timeout 65;
|
keepalive_timeout 65;
|
||||||
|
large_client_header_buffers 4 16k;
|
||||||
|
send_timeout 5m;
|
||||||
|
sendfile on;
|
||||||
|
tcp_nodelay on;
|
||||||
|
tcp_nopush on;
|
||||||
types_hash_max_size 2048;
|
types_hash_max_size 2048;
|
||||||
variables_hash_max_size 2048;
|
variables_hash_max_size 2048;
|
||||||
large_client_header_buffers 4 16k;
|
|
||||||
|
|
||||||
# server_tokens off;
|
# server_tokens off;
|
||||||
|
|
||||||
# server_names_hash_bucket_size 64;
|
# server_names_hash_bucket_size 64;
|
||||||
# server_name_in_redirect off;
|
# server_name_in_redirect off;
|
||||||
|
|
||||||
client_max_body_size 0;
|
|
||||||
|
|
||||||
include /etc/nginx/mime.types;
|
include /etc/nginx/mime.types;
|
||||||
default_type application/octet-stream;
|
default_type application/octet-stream;
|
||||||
|
|
||||||
|
|||||||
@@ -1,33 +1,30 @@
|
|||||||
## Version 2020/09/01 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/proxy.conf
|
## Version 2020/09/25 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/proxy.conf
|
||||||
|
|
||||||
client_body_buffer_size 128k;
|
|
||||||
|
|
||||||
# Timeout if the real server is dead
|
# Timeout if the real server is dead
|
||||||
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503;
|
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503;
|
||||||
|
|
||||||
# Advanced Proxy Config
|
# Proxy Connection Settings
|
||||||
send_timeout 5m;
|
|
||||||
proxy_read_timeout 240;
|
|
||||||
proxy_send_timeout 240;
|
|
||||||
proxy_connect_timeout 240;
|
|
||||||
|
|
||||||
# TLS 1.3 early data
|
|
||||||
proxy_set_header Early-Data $ssl_early_data;
|
|
||||||
|
|
||||||
# Basic Proxy Config
|
|
||||||
proxy_set_header Host $host;
|
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
|
||||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
||||||
proxy_set_header X-Forwarded-Proto https;
|
|
||||||
proxy_set_header X-Forwarded-Host $host;
|
|
||||||
proxy_set_header X-Forwarded-Ssl on;
|
|
||||||
proxy_redirect http:// $scheme://;
|
|
||||||
proxy_http_version 1.1;
|
|
||||||
proxy_set_header Upgrade $http_upgrade;
|
|
||||||
proxy_set_header Connection $connection_upgrade;
|
|
||||||
#proxy_cookie_path / "/; HTTPOnly; Secure"; # enable at your own risk, may break certain apps
|
|
||||||
proxy_cache_bypass $cookie_session;
|
|
||||||
proxy_no_cache $cookie_session;
|
|
||||||
proxy_buffers 32 4k;
|
proxy_buffers 32 4k;
|
||||||
|
proxy_connect_timeout 240;
|
||||||
proxy_headers_hash_bucket_size 128;
|
proxy_headers_hash_bucket_size 128;
|
||||||
proxy_headers_hash_max_size 1024;
|
proxy_headers_hash_max_size 1024;
|
||||||
|
proxy_http_version 1.1;
|
||||||
|
proxy_read_timeout 240;
|
||||||
|
proxy_redirect http:// $scheme://;
|
||||||
|
proxy_send_timeout 240;
|
||||||
|
|
||||||
|
# Proxy Cache and Cookie Settings
|
||||||
|
proxy_cache_bypass $cookie_session;
|
||||||
|
#proxy_cookie_path / "/; Secure"; # enable at your own risk, may break certain apps
|
||||||
|
proxy_no_cache $cookie_session;
|
||||||
|
|
||||||
|
# Proxy Header Settings
|
||||||
|
proxy_set_header Connection $connection_upgrade;
|
||||||
|
proxy_set_header Early-Data $ssl_early_data;
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
proxy_set_header Upgrade $http_upgrade;
|
||||||
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
|
proxy_set_header X-Forwarded-Host $host;
|
||||||
|
proxy_set_header X-Forwarded-Proto https;
|
||||||
|
proxy_set_header X-Forwarded-Ssl on;
|
||||||
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
|
|||||||
@@ -1,4 +1,4 @@
|
|||||||
## Version 2020/06/17 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/ssl.conf
|
## Version 2020/09/25 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/ssl.conf
|
||||||
|
|
||||||
### Mozilla Recommendations
|
### Mozilla Recommendations
|
||||||
# generated 2020-06-17, Mozilla Guideline v5.4, nginx 1.18.0-r0, OpenSSL 1.1.1g-r0, intermediate configuration
|
# generated 2020-06-17, Mozilla Guideline v5.4, nginx 1.18.0-r0, OpenSSL 1.1.1g-r0, intermediate configuration
|
||||||
@@ -39,10 +39,10 @@ ssl_early_data on;
|
|||||||
#add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always;
|
#add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always;
|
||||||
|
|
||||||
# Optional additional headers
|
# Optional additional headers
|
||||||
#add_header Content-Security-Policy "upgrade-insecure-requests";
|
|
||||||
#add_header X-Frame-Options "SAMEORIGIN" always;
|
|
||||||
#add_header X-XSS-Protection "1; mode=block" always;
|
|
||||||
#add_header X-Content-Type-Options "nosniff" always;
|
|
||||||
#add_header X-UA-Compatible "IE=Edge" always;
|
|
||||||
#add_header Cache-Control "no-transform" always;
|
#add_header Cache-Control "no-transform" always;
|
||||||
|
#add_header Content-Security-Policy "upgrade-insecure-requests";
|
||||||
#add_header Referrer-Policy "same-origin" always;
|
#add_header Referrer-Policy "same-origin" always;
|
||||||
|
#add_header X-Content-Type-Options "nosniff" always;
|
||||||
|
#add_header X-Frame-Options "SAMEORIGIN" always;
|
||||||
|
#add_header X-UA-Compatible "IE=Edge" always;
|
||||||
|
#add_header X-XSS-Protection "1; mode=block" always;
|
||||||
|
|||||||
Reference in New Issue
Block a user