re init
This commit is contained in:
@@ -0,0 +1,6 @@
|
||||
FROM nginx:1.21.4-alpine
|
||||
|
||||
ADD default.conf.template /default.conf.template
|
||||
ADD run_nginx.sh /run_nginx.sh
|
||||
|
||||
RUN chmod +x /run_nginx.sh
|
||||
@@ -0,0 +1,37 @@
|
||||
server {
|
||||
listen 80;
|
||||
server_name bw.knast.cc;
|
||||
# server_name localhost;
|
||||
|
||||
client_body_temp_path /tmp/nginx;
|
||||
client_max_body_size 128M;
|
||||
|
||||
ssl_protocols TLSv1.3;
|
||||
ssl_reject_handshake on;
|
||||
ssl_prefer_server_ciphers on;
|
||||
ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA HIGH !RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS";
|
||||
|
||||
# the header prevents clickjacking
|
||||
add_header X-Frame-Options "SAMEORIGIN";
|
||||
|
||||
# block Cross-Site scripting
|
||||
add_header X-XSS-Protection "1; mode=block";
|
||||
|
||||
location / {
|
||||
proxy_pass http://vaultwarden;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
}
|
||||
|
||||
location /notifications/hub {
|
||||
proxy_pass http://vaultwarden:3012;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection "upgrade";
|
||||
}
|
||||
|
||||
location /notifications/hub/negotiate {
|
||||
proxy_pass http://vaultwarden:80;
|
||||
}
|
||||
}
|
||||
Executable
+8
@@ -0,0 +1,8 @@
|
||||
#!/bin/sh
|
||||
|
||||
set -e
|
||||
set -u
|
||||
|
||||
envsubst '${NGINX_PORT}' < /default.conf.template > /etc/nginx/conf.d/default.conf
|
||||
|
||||
nginx -g "daemon off;"
|
||||
Reference in New Issue
Block a user