From 6c993f13275e0c035640408644a3ec178fdb8dc0 Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 23 Oct 2020 21:30:01 +0200 Subject: ma deployment/etherpad: set proxy configuration according to recommendations --- .../deployment/docker/etherpad.euer.krebsco.de.nix | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/makefu/2configs/deployment/docker/etherpad.euer.krebsco.de.nix b/makefu/2configs/deployment/docker/etherpad.euer.krebsco.de.nix index 32f1a2f8..172e69c4 100644 --- a/makefu/2configs/deployment/docker/etherpad.euer.krebsco.de.nix +++ b/makefu/2configs/deployment/docker/etherpad.euer.krebsco.de.nix @@ -5,9 +5,30 @@ in { #services.nginx.virtualHosts."euer.krebsco.de".serverAliases = [ "etherpad.euer.krebsco.de" ]; services.nginx.virtualHosts."etherpad.euer.krebsco.de" = { # useACMEHost = "euer.krebsco.de"; + extraConfig = '' + ssl_session_timeout 5m; + ''; enableACME = true; forceSSL = true; locations."/".proxyPass = "http://localhost:${toString port}"; + # from https://github.com/ether/etherpad-lite/wiki/How-to-put-Etherpad-Lite-behind-a-reverse-Proxy + locations."/".extraConfig = '' + + proxy_buffering off; # be careful, this line doesn't override any proxy_buffering on set in a conf.d/file.conf + proxy_set_header Host $host; + proxy_pass_header Server; + + # Note you might want to pass these headers etc too. + proxy_set_header X-Real-IP $remote_addr; # https://nginx.org/en/docs/http/ngx_http_proxy_module.html + proxy_set_header X-Forwarded-For $remote_addr; # EP logs to show the actual remote IP + proxy_set_header X-Forwarded-Proto $scheme; # for EP to set secure cookie flag when https is used + proxy_http_version 1.1; # recommended with keepalive connections + + # WebSocket proxying - from https://nginx.org/en/docs/http/websocket.html + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_read_timeout 61s; + ''; }; docker-containers."etherpad-lite" = { image = "makefoo/bgt-etherpad:2020-05-02.6"; -- cgit v1.2.3