VibeCoding sieht ok aus
This commit is contained in:
55
nginx.conf
55
nginx.conf
@@ -1,5 +1,10 @@
|
||||
error_log /var/log/nginx/error.log info;
|
||||
|
||||
map $http_upgrade $connection_upgrade {
|
||||
default upgrade;
|
||||
'' close;
|
||||
}
|
||||
|
||||
# Default HTTP -> HTTPS redirect (keine Änderung)
|
||||
server {
|
||||
listen 80 default_server;
|
||||
@@ -61,35 +66,60 @@ server {
|
||||
ssl_protocols TLSv1.2 TLSv1.3;
|
||||
ssl_prefer_server_ciphers on;
|
||||
|
||||
# Auth-Request
|
||||
# ---- Static assets: keine Auth, damit Browser die .js/.css korrekt erhält ----
|
||||
location ~* \.(?:js|css|png|jpg|jpeg|gif|ico|svg|webp)$ {
|
||||
proxy_pass https://thinkcentre.local:10010;
|
||||
proxy_set_header Host thinkcentre.local;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto https;
|
||||
# kein proxy_set_header Connection / Upgrade hier
|
||||
}
|
||||
|
||||
# ---- WebSocket-Endpoint (falls z.B. /echo) - auth prüfen ----
|
||||
location /echo {
|
||||
auth_request /nginxauth;
|
||||
proxy_pass https://thinkcentre.local:10010/echo;
|
||||
|
||||
location / {
|
||||
proxy_pass https://thinkcentre.local:10010/;
|
||||
|
||||
# WebSocket Support
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection "upgrade";
|
||||
proxy_set_header Connection $connection_upgrade;
|
||||
|
||||
# SSL zum Upstream
|
||||
proxy_ssl_server_name on;
|
||||
proxy_ssl_name thinkcentre.local; # proxy_ssl_name abc.server.schooltech.ch;
|
||||
proxy_ssl_name thinkcentre.local;
|
||||
proxy_ssl_verify off;
|
||||
|
||||
# Standard Proxy Header
|
||||
proxy_set_header Host thinkcentre.local; # proxy_set_header Host abc.server.schooltech.ch;
|
||||
proxy_set_header Host thinkcentre.local;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto https;
|
||||
}
|
||||
|
||||
# ---- Hauptanwendung (HTML, API-Aufrufe aus dem App) - auth prüfen ----
|
||||
location / {
|
||||
auth_request /nginxauth;
|
||||
|
||||
proxy_pass https://thinkcentre.local:10010/;
|
||||
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection $connection_upgrade;
|
||||
|
||||
proxy_ssl_server_name on;
|
||||
proxy_ssl_name thinkcentre.local;
|
||||
proxy_ssl_verify off;
|
||||
|
||||
proxy_set_header Host thinkcentre.local;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto https;
|
||||
proxy_set_header Origin $http_origin;
|
||||
|
||||
# iFrame erlauben
|
||||
proxy_hide_header X-Frame-Options;
|
||||
add_header X-Frame-Options "ALLOWALL" always;
|
||||
|
||||
proxy_hide_header Content-Security-Policy;
|
||||
add_header Content-Security-Policy "frame-ancestors https://server.schooltech.ch" always; # add_header Content-Security-Policy "frame-ancestors *" always;
|
||||
add_header Content-Security-Policy "frame-ancestors https://server.schooltech.ch" always;
|
||||
}
|
||||
|
||||
location = /nginxauth {
|
||||
@@ -101,6 +131,7 @@ server {
|
||||
}
|
||||
|
||||
|
||||
|
||||
server {
|
||||
listen 443 ssl http2;
|
||||
server_name xyz.server.schooltech.ch;
|
||||
|
||||
Reference in New Issue
Block a user