Disassembler/Spotter-VM
1
0
Fork 0
Code Issues 78 Pull Requests Actions Packages Projects Releases Wiki Activity

Extend X-Forwarded headers to avoid bogus URLs on double-proxied apps

Browse Source
This commit is contained in:
Disassembler 2018-02-02 21:04:12 +01:00
parent 7f93df3014
commit 003b3f2c12
Signed by: Disassembler
GPG Key ID: 524BD33A0EE29499
6 changed files with 27 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
kanboard/docker/etc/nginx/nginx.conf
View File

@ -33,9 +33,14 @@ http {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/kanboard.sock;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param HTTP_HOST $http_x_forwarded_host if_not_empty;
fastcgi_param HTTPS $http_x_forwarded_https if_not_empty;
fastcgi_param REQUEST_SCHEME $http_x_forwarded_proto if_not_empty;
fastcgi_param SERVER_NAME $http_x_forwarded_server_name if_not_empty;
fastcgi_param SERVER_PORT $http_x_forwarded_server_port if_not_empty;
}
location ~* ^.+\.(log|sqlite)$ {

3
kanboard/etc/nginx/conf.d/kanboard.conf
View File

@ -9,6 +9,9 @@ server {
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Host $host:$server_port;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-HTTPS $https;
proxy_set_header X-Forwarded-Server-Name $host;
proxy_set_header X-Forwarded-Server-Port $server_port;
proxy_pass http://127.0.0.1:8009;
}
}

7
seeddms/docker/etc/nginx/nginx.conf
View File

@ -31,9 +31,14 @@ http {
location ~ \.php$ {
fastcgi_pass unix:/var/run/seeddms.sock;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_param HTTP_HOST $http_x_forwarded_host if_not_empty;
fastcgi_param HTTPS $http_x_forwarded_https if_not_empty;
fastcgi_param REQUEST_SCHEME $http_x_forwarded_proto if_not_empty;
fastcgi_param SERVER_NAME $http_x_forwarded_server_name if_not_empty;
fastcgi_param SERVER_PORT $http_x_forwarded_server_port if_not_empty;
}
}
}

3
seeddms/etc/nginx/conf.d/seeddms.conf
View File

@ -9,6 +9,9 @@ server {
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Host $host:$server_port;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-HTTPS $https;
proxy_set_header X-Forwarded-Server-Name $host;
proxy_set_header X-Forwarded-Server-Port $server_port;
proxy_pass http://127.0.0.1:8010;
}
}

7
ushahidi/docker/etc/nginx/nginx.conf
View File

@ -30,13 +30,18 @@ http {
}
location /platform {
fastcgi_pass unix:/var/run/ushahidi.sock;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root/platform/httpdocs/index.php;
fastcgi_split_path_info ^(/platform/)(.*)$;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info;
fastcgi_pass unix:/var/run/ushahidi.sock;
fastcgi_param HTTP_HOST $http_x_forwarded_host if_not_empty;
fastcgi_param HTTPS $http_x_forwarded_https if_not_empty;
fastcgi_param REQUEST_SCHEME $http_x_forwarded_proto if_not_empty;
fastcgi_param SERVER_NAME $http_x_forwarded_server_name if_not_empty;
fastcgi_param SERVER_PORT $http_x_forwarded_server_port if_not_empty;
}
}
}

3
ushahidi/etc/nginx/conf.d/ushahidi.conf
View File

@ -9,6 +9,9 @@ server {
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Host $host:$server_port;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-HTTPS $https;
proxy_set_header X-Forwarded-Server-Name $host;
proxy_set_header X-Forwarded-Server-Port $server_port;
proxy_pass http://127.0.0.1:8014;
}
}