From 9d32448a737042c860c3af6d6c774591ed7f24c5 Mon Sep 17 00:00:00 2001 From: Sam Al-Sapti Date: Mon, 11 Mar 2024 22:31:54 +0100 Subject: [PATCH] proxy_pass overwrites Host header if it's not in the location block --- .../apps/templates/nginx/conf.d/ipfs.conf.j2 | 21 +++++++++---------- .../apps/templates/nginx/conf.d/jitsi.conf.j2 | 15 ++++++++----- .../templates/nginx/conf.d/joplin.conf.j2 | 10 ++++----- .../templates/nginx/conf.d/monerod.conf.j2 | 10 ++++----- .../templates/nginx/conf.d/nextcloud.conf.j2 | 15 ++++++++----- 5 files changed, 40 insertions(+), 31 deletions(-) diff --git a/roles/apps/templates/nginx/conf.d/ipfs.conf.j2 b/roles/apps/templates/nginx/conf.d/ipfs.conf.j2 index 78b8bdc..2674cf3 100644 --- a/roles/apps/templates/nginx/conf.d/ipfs.conf.j2 +++ b/roles/apps/templates/nginx/conf.d/ipfs.conf.j2 @@ -7,16 +7,16 @@ server { set $upstream http://ipfs:{{ apps_vars.ipfs.port }}; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto "https"; - proxy_http_version 1.1; proxy_buffering off; location / { proxy_pass $upstream; + + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto "https"; } } @@ -26,16 +26,15 @@ server { set $upstream http://ipfs:{{ apps_vars.ipfs.gateway_port }}; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto "https"; - proxy_http_version 1.1; proxy_buffering off; - proxy_request_buffering off; location / { proxy_pass $upstream; + + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto "https"; } } diff --git a/roles/apps/templates/nginx/conf.d/jitsi.conf.j2 b/roles/apps/templates/nginx/conf.d/jitsi.conf.j2 index 42a7412..ba9bc12 100644 --- a/roles/apps/templates/nginx/conf.d/jitsi.conf.j2 +++ b/roles/apps/templates/nginx/conf.d/jitsi.conf.j2 @@ -7,21 +7,26 @@ server { set $upstream http://jitsi:{{ apps_vars.jitsi.port }}; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto "https"; - proxy_http_version 1.1; proxy_buffering off; location / { proxy_pass $upstream; + + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto "https"; } location ~^/(colibri-ws|xmpp-websocket)$ { proxy_pass $upstream; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto "https"; + # WebSocket support proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $connection_upgrade; diff --git a/roles/apps/templates/nginx/conf.d/joplin.conf.j2 b/roles/apps/templates/nginx/conf.d/joplin.conf.j2 index 751016a..dc9a6dc 100644 --- a/roles/apps/templates/nginx/conf.d/joplin.conf.j2 +++ b/roles/apps/templates/nginx/conf.d/joplin.conf.j2 @@ -7,15 +7,15 @@ server { set $upstream http://joplin:{{ apps_vars.joplin.port }}; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto "https"; - proxy_http_version 1.1; proxy_buffering off; location / { proxy_pass $upstream; + + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto "https"; } } diff --git a/roles/apps/templates/nginx/conf.d/monerod.conf.j2 b/roles/apps/templates/nginx/conf.d/monerod.conf.j2 index d7dbf5c..20bbf97 100644 --- a/roles/apps/templates/nginx/conf.d/monerod.conf.j2 +++ b/roles/apps/templates/nginx/conf.d/monerod.conf.j2 @@ -7,15 +7,15 @@ server { set $upstream http://monerod:{{ apps_vars.monerod.port }}; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto "https"; - proxy_http_version 1.1; proxy_buffering off; location / { proxy_pass $upstream; + + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto "https"; } } diff --git a/roles/apps/templates/nginx/conf.d/nextcloud.conf.j2 b/roles/apps/templates/nginx/conf.d/nextcloud.conf.j2 index 7366d54..aca7951 100644 --- a/roles/apps/templates/nginx/conf.d/nextcloud.conf.j2 +++ b/roles/apps/templates/nginx/conf.d/nextcloud.conf.j2 @@ -7,17 +7,17 @@ server { set $upstream http://nextcloud:{{ apps_vars.nextcloud.port }}; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto "https"; - proxy_http_version 1.1; proxy_buffering off; location / { proxy_pass $upstream; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto "https"; + # WebSocket support proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $connection_upgrade; @@ -35,6 +35,11 @@ server { # UnifiedPush Matrix gateway location /_matrix/push/v1/notify { proxy_pass $upstream/index.php/apps/uppush/gateway/matrix; + + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto "https"; } # CalDAV & CardDAV