diff options
| author | Igor Scheller <igor.scheller@igorshp.de> | 2018-08-13 16:30:27 +0200 |
|---|---|---|
| committer | msquare <msquare@notrademark.de> | 2018-08-19 16:44:33 +0200 |
| commit | bf6efe532c8f2de84e95b090911280a9b1b61ce8 (patch) | |
| tree | 33f767dc22b8073e1151782b77d1a48b25ff28b0 /contrib | |
| parent | 6415882b1c3c9ead00ccbab09e2292a22ce3d1d2 (diff) | |
Added trusted proxies
Diffstat (limited to 'contrib')
| -rw-r--r-- | contrib/Dockerfile | 6 | ||||
| -rw-r--r-- | contrib/nginx/nginx.conf | 43 |
2 files changed, 31 insertions, 18 deletions
diff --git a/contrib/Dockerfile b/contrib/Dockerfile index 8d5fb47b..9b218cf8 100644 --- a/contrib/Dockerfile +++ b/contrib/Dockerfile @@ -33,3 +33,9 @@ FROM php:7-fpm-alpine COPY --from=data /app/ /var/www RUN apk add --no-cache icu-dev gettext-dev && \ docker-php-ext-install intl gettext pdo_mysql + +ENV TRUSTED_PROXIES 10.0.0.0/8,::ffff:10.0.0.0/8,\ + 127.0.0.0/8,::ffff:127.0.0.0/8,\ + 172.16.0.0/12,::ffff:172.16.0.0/12,\ + 192.168.0.0/16,::ffff:192.168.0.0/16,\ + ::1/128,fc00::/7,fec0::/10 diff --git a/contrib/nginx/nginx.conf b/contrib/nginx/nginx.conf index bbaf5824..96e4688f 100644 --- a/contrib/nginx/nginx.conf +++ b/contrib/nginx/nginx.conf @@ -1,35 +1,42 @@ error_log stderr; + events { worker_connections 1024; } + http { client_body_temp_path /tmp/client_body_temp; - fastcgi_temp_path /tmp/fastcgi_temp; - proxy_temp_path /tmp/proxy_temp; - scgi_temp_path /tmp/scgi_temp; - uwsgi_temp_path /tmp/uwsgi_temp; - + fastcgi_temp_path /tmp/fastcgi_temp; + proxy_temp_path /tmp/proxy_temp; + scgi_temp_path /tmp/scgi_temp; + uwsgi_temp_path /tmp/uwsgi_temp; + + map $http_x_forwarded_proto $forwarded_proto { + default $http_x_forwarded_proto; + https https; + } + server { - include mime.types; - access_log off; - listen [::]:80 ipv6only=off; - proxy_redirect off; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - index index.php; - root /var/www/html; - + include mime.types; + access_log off; + listen [::]:80 ipv6only=off; + proxy_redirect off; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $forwarded_proto; + index index.php; + root /var/www/html; + location / { try_files $uri $uri/ /index.php?$args; } location ~ \.php$ { - fastcgi_pass engelsystem:9000; + fastcgi_pass engelsystem:9000; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_param HTTPS on; - include fastcgi_params; + include fastcgi_params; } } } |