proxy_pass overwrites Host header if it's not in the location block

This commit is contained in:
Sam A. 2024-03-11 22:31:54 +01:00
parent 63c864c81f
commit 9d32448a73
Signed by: samsapti
GPG key ID: CBBBE7371E81C4EA
5 changed files with 40 additions and 31 deletions

View file

@ -7,16 +7,16 @@ server {
set $upstream http://ipfs:{{ apps_vars.ipfs.port }}; set $upstream http://ipfs:{{ apps_vars.ipfs.port }};
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto "https";
proxy_http_version 1.1; proxy_http_version 1.1;
proxy_buffering off; proxy_buffering off;
location / { location / {
proxy_pass $upstream; proxy_pass $upstream;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto "https";
} }
} }
@ -26,16 +26,15 @@ server {
set $upstream http://ipfs:{{ apps_vars.ipfs.gateway_port }}; set $upstream http://ipfs:{{ apps_vars.ipfs.gateway_port }};
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto "https";
proxy_http_version 1.1; proxy_http_version 1.1;
proxy_buffering off; proxy_buffering off;
proxy_request_buffering off;
location / { location / {
proxy_pass $upstream; proxy_pass $upstream;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto "https";
} }
} }

View file

@ -7,21 +7,26 @@ server {
set $upstream http://jitsi:{{ apps_vars.jitsi.port }}; set $upstream http://jitsi:{{ apps_vars.jitsi.port }};
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto "https";
proxy_http_version 1.1; proxy_http_version 1.1;
proxy_buffering off; proxy_buffering off;
location / { location / {
proxy_pass $upstream; proxy_pass $upstream;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto "https";
} }
location ~^/(colibri-ws|xmpp-websocket)$ { location ~^/(colibri-ws|xmpp-websocket)$ {
proxy_pass $upstream; proxy_pass $upstream;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto "https";
# WebSocket support # WebSocket support
proxy_set_header Upgrade $http_upgrade; proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade; proxy_set_header Connection $connection_upgrade;

View file

@ -7,15 +7,15 @@ server {
set $upstream http://joplin:{{ apps_vars.joplin.port }}; set $upstream http://joplin:{{ apps_vars.joplin.port }};
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto "https";
proxy_http_version 1.1; proxy_http_version 1.1;
proxy_buffering off; proxy_buffering off;
location / { location / {
proxy_pass $upstream; proxy_pass $upstream;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto "https";
} }
} }

View file

@ -7,15 +7,15 @@ server {
set $upstream http://monerod:{{ apps_vars.monerod.port }}; set $upstream http://monerod:{{ apps_vars.monerod.port }};
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto "https";
proxy_http_version 1.1; proxy_http_version 1.1;
proxy_buffering off; proxy_buffering off;
location / { location / {
proxy_pass $upstream; proxy_pass $upstream;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto "https";
} }
} }

View file

@ -7,17 +7,17 @@ server {
set $upstream http://nextcloud:{{ apps_vars.nextcloud.port }}; set $upstream http://nextcloud:{{ apps_vars.nextcloud.port }};
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto "https";
proxy_http_version 1.1; proxy_http_version 1.1;
proxy_buffering off; proxy_buffering off;
location / { location / {
proxy_pass $upstream; proxy_pass $upstream;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto "https";
# WebSocket support # WebSocket support
proxy_set_header Upgrade $http_upgrade; proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade; proxy_set_header Connection $connection_upgrade;
@ -35,6 +35,11 @@ server {
# UnifiedPush Matrix gateway # UnifiedPush Matrix gateway
location /_matrix/push/v1/notify { location /_matrix/push/v1/notify {
proxy_pass $upstream/index.php/apps/uppush/gateway/matrix; proxy_pass $upstream/index.php/apps/uppush/gateway/matrix;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto "https";
} }
# CalDAV & CardDAV # CalDAV & CardDAV