ChK/appServerPortalUI
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

portainer korrekt

Browse Source
This commit is contained in:
ChK
2026-02-13 14:08:52 +01:00
parent 099ba7188c
commit 493be6d5de
1 changed files with 10 additions and 40 deletions
Download Patch File Download Diff File Expand all files Collapse all files

50
nginx.conf
View File

@@ -309,59 +309,29 @@ server {
ssl_protocols TLSv1.2 TLSv1.3; ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on; ssl_prefer_server_ciphers on;
#***# PORTAINER: API direkt weiterleiten (kein auth_request)
location ^~ /api/ {
proxy_pass http://127.0.0.1:9000; #***# auf lokalen Portainer HTTP Backend zeigen
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
#***# PORTAINER: statische Assets / locales ebenfalls ohne auth (wichtig für i18n)
location ~* \.(?:js|css|json|png|jpg|jpeg|gif|ico|svg|woff2?)$ {
proxy_pass http://127.0.0.1:9000;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location ^~ /locales/ {
# explizit für i18n Pfade
proxy_pass http://127.0.0.1:9000;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto https;
}
# Haupt-UI: auth_request greift nur hier (UI), nicht für /api/ oder Assets
location / { location / {
auth_request /nginxauth; auth_request /nginxauth;
proxy_pass http://127.0.0.1:9000/; #***# auf lokales Portainer HTTP Backend zeigen proxy_pass http://portainer:9000;
proxy_http_version 1.1; proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade; proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade; proxy_set_header Connection "upgrade";
#***# PORTAINER HOST FIX: proxy_set_header Host $host;
proxy_set_header Host $host; #***# PORTAINER HOST proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-Host $host; #***# PORTAINER HOST
proxy_set_header X-Forwarded-Proto https; #***# PORTAINER HOST
proxy_set_header Origin $http_origin;
proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# WICHTIG FÜR IFRAME
proxy_hide_header X-Frame-Options; proxy_hide_header X-Frame-Options;
add_header X-Frame-Options "ALLOWALL" always;
proxy_hide_header Content-Security-Policy; proxy_hide_header Content-Security-Policy;
add_header Content-Security-Policy "frame-ancestors *" always;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header Content-Security-Policy "frame-ancestors https://server.schooltech.ch" always;
} }
location = /nginxauth { location = /nginxauth {
internal; internal;
proxy_pass http://appserverauth:3000/internal/auth; #***# AUTH proxy_pass http://appserverauth:3000/internal/auth; #***# AUTH