Skip to content

Commit 2a64394

Browse files
jchiarullijchiarulli
committed
chore: update nginx config files
1 parent c8c12be commit 2a64394

File tree

12 files changed

+155
-100
lines changed

12 files changed

+155
-100
lines changed

pkg/relays/khatru29/nginx_http.go

+9-7
Original file line numberDiff line numberDiff line change
@@ -22,7 +22,7 @@ func ConfigureNginxHttp(domainName string) {
2222
'' close;
2323
}
2424
25-
upstream websocket_khatru29 {
25+
upstream khatru29_websocket {
2626
server 0.0.0.0:5577;
2727
}
2828
@@ -37,15 +37,17 @@ server {
3737
}
3838
3939
location / {
40-
# First attempt to serve request as file, then
41-
# as directory, then fall back to displaying 404.
42-
try_files $uri $uri/ =404;
43-
proxy_pass http://websocket_khatru29;
40+
proxy_pass http://khatru29_websocket;
4441
proxy_http_version 1.1;
4542
proxy_set_header Upgrade $http_upgrade;
4643
proxy_set_header Connection $connection_upgrade;
4744
proxy_set_header Host $host;
45+
proxy_set_header X-Real-IP $remote_addr;
4846
proxy_set_header X-Forwarded-For $remote_addr;
47+
proxy_set_header X-Forwarded-Proto $scheme;
48+
# First attempt to serve request as file, then
49+
# as directory, then fall back to displaying 404.
50+
try_files $uri $uri/ =404;
4951
}
5052
5153
# Only return Nginx in server header
@@ -58,11 +60,11 @@ server {
5860
add_header X-Frame-Options DENY;
5961
6062
# Avoid MIME type sniffing
61-
add_header X-Content-Type-Options nosniff always;
63+
add_header X-Content-Type-Options "nosniff" always;
6264
6365
add_header Referrer-Policy "no-referrer" always;
6466
65-
add_header X-XSS-Protection 0 always;
67+
add_header X-XSS-Protection "1; mode=block" always;
6668
6769
add_header Permissions-Policy "geolocation=(), midi=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), fullscreen=(self), payment=()" always;
6870

pkg/relays/khatru29/nginx_https.go

+9-7
Original file line numberDiff line numberDiff line change
@@ -19,7 +19,7 @@ func ConfigureNginxHttps(domainName string) {
1919
'' close;
2020
}
2121
22-
upstream websocket_khatru29 {
22+
upstream khatru29_websocket {
2323
server 0.0.0.0:5577;
2424
}
2525
@@ -31,15 +31,17 @@ server {
3131
root %s/%s;
3232
3333
location / {
34-
# First attempt to serve request as file, then
35-
# as directory, then fall back to displaying 404.
36-
try_files $uri $uri/ =404;
37-
proxy_pass http://websocket_khatru29;
34+
proxy_pass http://khatru29_websocket;
3835
proxy_http_version 1.1;
3936
proxy_set_header Upgrade $http_upgrade;
4037
proxy_set_header Connection $connection_upgrade;
4138
proxy_set_header Host $host;
39+
proxy_set_header X-Real-IP $remote_addr;
4240
proxy_set_header X-Forwarded-For $remote_addr;
41+
proxy_set_header X-Forwarded-Proto $scheme;
42+
# First attempt to serve request as file, then
43+
# as directory, then fall back to displaying 404.
44+
try_files $uri $uri/ =404;
4345
}
4446
4547
# Only return Nginx in server header
@@ -93,11 +95,11 @@ server {
9395
add_header X-Frame-Options DENY;
9496
9597
# Avoid MIME type sniffing
96-
add_header X-Content-Type-Options nosniff always;
98+
add_header X-Content-Type-Options "nosniff" always;
9799
98100
add_header Referrer-Policy "no-referrer" always;
99101
100-
add_header X-XSS-Protection 0 always;
102+
add_header X-XSS-Protection "1; mode=block" always;
101103
102104
add_header Permissions-Policy "geolocation=(), midi=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), fullscreen=(self), payment=()" always;
103105

pkg/relays/khatru_pyramid/nginx_http.go

+9-7
Original file line numberDiff line numberDiff line change
@@ -22,7 +22,7 @@ func ConfigureNginxHttp(domainName string) {
2222
'' close;
2323
}
2424
25-
upstream websocket_khatru_pyramid {
25+
upstream khatru_pyramid_websocket {
2626
server 0.0.0.0:3335;
2727
}
2828
@@ -37,15 +37,17 @@ server {
3737
}
3838
3939
location / {
40-
# First attempt to serve request as file, then
41-
# as directory, then fall back to displaying 404.
42-
try_files $uri $uri/ =404;
43-
proxy_pass http://websocket_khatru_pyramid;
40+
proxy_pass http://khatru_pyramid_websocket;
4441
proxy_http_version 1.1;
4542
proxy_set_header Upgrade $http_upgrade;
4643
proxy_set_header Connection $connection_upgrade;
4744
proxy_set_header Host $host;
45+
proxy_set_header X-Real-IP $remote_addr;
4846
proxy_set_header X-Forwarded-For $remote_addr;
47+
proxy_set_header X-Forwarded-Proto $scheme;
48+
# First attempt to serve request as file, then
49+
# as directory, then fall back to displaying 404.
50+
try_files $uri $uri/ =404;
4951
}
5052
5153
# Only return Nginx in server header
@@ -58,11 +60,11 @@ server {
5860
add_header X-Frame-Options DENY;
5961
6062
# Avoid MIME type sniffing
61-
add_header X-Content-Type-Options nosniff always;
63+
add_header X-Content-Type-Options "nosniff" always;
6264
6365
add_header Referrer-Policy "no-referrer" always;
6466
65-
add_header X-XSS-Protection 0 always;
67+
add_header X-XSS-Protection "1; mode=block" always;
6668
6769
add_header Permissions-Policy "geolocation=(), midi=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), fullscreen=(self), payment=()" always;
6870

pkg/relays/khatru_pyramid/nginx_https.go

+9-7
Original file line numberDiff line numberDiff line change
@@ -19,7 +19,7 @@ func ConfigureNginxHttps(domainName string) {
1919
'' close;
2020
}
2121
22-
upstream websocket_khatru_pyramid {
22+
upstream khatru_pyramid_websocket {
2323
server 0.0.0.0:3335;
2424
}
2525
@@ -31,15 +31,17 @@ server {
3131
root %s/%s;
3232
3333
location / {
34-
# First attempt to serve request as file, then
35-
# as directory, then fall back to displaying 404.
36-
try_files $uri $uri/ =404;
37-
proxy_pass http://websocket_khatru_pyramid;
34+
proxy_pass http://khatru_pyramid_websocket;
3835
proxy_http_version 1.1;
3936
proxy_set_header Upgrade $http_upgrade;
4037
proxy_set_header Connection $connection_upgrade;
4138
proxy_set_header Host $host;
39+
proxy_set_header X-Real-IP $remote_addr;
4240
proxy_set_header X-Forwarded-For $remote_addr;
41+
proxy_set_header X-Forwarded-Proto $scheme;
42+
# First attempt to serve request as file, then
43+
# as directory, then fall back to displaying 404.
44+
try_files $uri $uri/ =404;
4345
}
4446
4547
# Only return Nginx in server header
@@ -93,11 +95,11 @@ server {
9395
add_header X-Frame-Options DENY;
9496
9597
# Avoid MIME type sniffing
96-
add_header X-Content-Type-Options nosniff always;
98+
add_header X-Content-Type-Options "nosniff" always;
9799
98100
add_header Referrer-Policy "no-referrer" always;
99101
100-
add_header X-XSS-Protection 0 always;
102+
add_header X-XSS-Protection "1; mode=block" always;
101103
102104
add_header Permissions-Policy "geolocation=(), midi=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), fullscreen=(self), payment=()" always;
103105

pkg/relays/nostr_rs_relay/nginx_http.go

+9-7
Original file line numberDiff line numberDiff line change
@@ -22,7 +22,7 @@ func ConfigureNginxHttp(domainName string) {
2222
'' close;
2323
}
2424
25-
upstream websocket_nostr_rs_relay {
25+
upstream nostr_rs_relay_websocket {
2626
server 127.0.0.1:8080;
2727
}
2828
@@ -37,15 +37,17 @@ server {
3737
}
3838
3939
location / {
40-
# First attempt to serve request as file, then
41-
# as directory, then fall back to displaying 404.
42-
try_files $uri $uri/ =404;
43-
proxy_pass http://websocket_nostr_rs_relay;
40+
proxy_pass http://nostr_rs_relay_websocket;
4441
proxy_http_version 1.1;
4542
proxy_set_header Upgrade $http_upgrade;
4643
proxy_set_header Connection $connection_upgrade;
4744
proxy_set_header Host $host;
45+
proxy_set_header X-Real-IP $remote_addr;
4846
proxy_set_header X-Forwarded-For $remote_addr;
47+
proxy_set_header X-Forwarded-Proto $scheme;
48+
# First attempt to serve request as file, then
49+
# as directory, then fall back to displaying 404.
50+
try_files $uri $uri/ =404;
4951
}
5052
5153
# Only return Nginx in server header
@@ -58,11 +60,11 @@ server {
5860
add_header X-Frame-Options DENY;
5961
6062
# Avoid MIME type sniffing
61-
add_header X-Content-Type-Options nosniff always;
63+
add_header X-Content-Type-Options "nosniff" always;
6264
6365
add_header Referrer-Policy "no-referrer" always;
6466
65-
add_header X-XSS-Protection 0 always;
67+
add_header X-XSS-Protection "1; mode=block" always;
6668
6769
add_header Permissions-Policy "geolocation=(), midi=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), fullscreen=(self), payment=()" always;
6870

pkg/relays/nostr_rs_relay/nginx_https.go

+8-7
Original file line numberDiff line numberDiff line change
@@ -19,7 +19,7 @@ func ConfigureNginxHttps(domainName string) {
1919
'' close;
2020
}
2121
22-
upstream websocket_nostr_rs_relay {
22+
upstream nostr_rs_relay_websocket {
2323
server 127.0.0.1:8080;
2424
}
2525
@@ -31,15 +31,16 @@ server {
3131
root %s/%s;
3232
3333
location / {
34-
# First attempt to serve request as file, then
35-
# as directory, then fall back to displaying 404.
36-
try_files $uri $uri/ =404;
37-
proxy_pass http://websocket_nostr_rs_relay;
34+
proxy_pass http://nostr_rs_relay_websocket;
3835
proxy_http_version 1.1;
3936
proxy_set_header Upgrade $http_upgrade;
4037
proxy_set_header Connection $connection_upgrade;
4138
proxy_set_header Host $host;
39+
proxy_set_header X-Real-IP $remote_addr;
4240
proxy_set_header X-Forwarded-For $remote_addr;
41+
# First attempt to serve request as file, then
42+
# as directory, then fall back to displaying 404.
43+
try_files $uri $uri/ =404;
4344
}
4445
4546
# Only return Nginx in server header
@@ -93,11 +94,11 @@ server {
9394
add_header X-Frame-Options DENY;
9495
9596
# Avoid MIME type sniffing
96-
add_header X-Content-Type-Options nosniff always;
97+
add_header X-Content-Type-Options "nosniff" always;
9798
9899
add_header Referrer-Policy "no-referrer" always;
99100
100-
add_header X-XSS-Protection 0 always;
101+
add_header X-XSS-Protection "1; mode=block" always;
101102
102103
add_header Permissions-Policy "geolocation=(), midi=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), fullscreen=(self), payment=()" always;
103104

pkg/relays/strfry/nginx_http.go

+20-9
Original file line numberDiff line numberDiff line change
@@ -17,7 +17,16 @@ func ConfigureNginxHttp(domainName string) {
1717

1818
directories.CreateDirectory(fmt.Sprintf("%s/%s/%s/", network.WWWDirPath, domainName, network.AcmeChallengeDirPath), 0755)
1919

20-
configContent := fmt.Sprintf(`server {
20+
configContent := fmt.Sprintf(`map $http_upgrade $connection_upgrade {
21+
default upgrade;
22+
'' close;
23+
}
24+
25+
upstream strfry_websocket {
26+
server 127.0.0.1:7777;
27+
}
28+
29+
server {
2130
listen 80;
2231
listen [::]:80;
2332
server_name %s;
@@ -28,15 +37,17 @@ func ConfigureNginxHttp(domainName string) {
2837
}
2938
3039
location / {
31-
# First attempt to serve request as file, then
32-
# as directory, then fall back to displaying 404.
33-
try_files $uri $uri/ =404;
34-
proxy_pass http://127.0.0.1:7777;
40+
proxy_pass http://strfry_websocket;
3541
proxy_http_version 1.1;
3642
proxy_set_header Upgrade $http_upgrade;
37-
proxy_set_header Connection "upgrade";
43+
proxy_set_header Connection $connection_upgrade;
3844
proxy_set_header Host $host;
39-
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
45+
proxy_set_header X-Real-IP $remote_addr;
46+
proxy_set_header X-Forwarded-For $remote_addr;
47+
proxy_set_header X-Forwarded-Proto $scheme;
48+
# First attempt to serve request as file, then
49+
# as directory, then fall back to displaying 404.
50+
try_files $uri $uri/ =404;
4051
}
4152
4253
# Only return Nginx in server header
@@ -49,11 +60,11 @@ func ConfigureNginxHttp(domainName string) {
4960
add_header X-Frame-Options DENY;
5061
5162
# Avoid MIME type sniffing
52-
add_header X-Content-Type-Options nosniff always;
63+
add_header X-Content-Type-Options "nosniff" always;
5364
5465
add_header Referrer-Policy "no-referrer" always;
5566
56-
add_header X-XSS-Protection 0 always;
67+
add_header X-XSS-Protection "1; mode=block" always;
5768
5869
add_header Permissions-Policy "geolocation=(), midi=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), fullscreen=(self), payment=()" always;
5970

pkg/relays/strfry/nginx_https.go

+20-9
Original file line numberDiff line numberDiff line change
@@ -14,23 +14,34 @@ func ConfigureNginxHttps(domainName string) {
1414

1515
files.RemoveFile(NginxConfigFilePath)
1616

17-
configContent := fmt.Sprintf(`server {
17+
configContent := fmt.Sprintf(`map $http_upgrade $connection_upgrade {
18+
default upgrade;
19+
'' close;
20+
}
21+
22+
upstream strfry_websocket {
23+
server 127.0.0.1:7777;
24+
}
25+
26+
server {
1827
listen 443 ssl http2;
1928
listen [::]:443 ssl http2;
2029
server_name %s;
2130
2231
root %s/%s;
2332
2433
location / {
25-
# First attempt to serve request as file, then
26-
# as directory, then fall back to displaying 404.
27-
try_files $uri $uri/ =404;
28-
proxy_pass http://127.0.0.1:7777;
34+
proxy_pass http://strfry_websocket;
2935
proxy_http_version 1.1;
3036
proxy_set_header Upgrade $http_upgrade;
31-
proxy_set_header Connection "upgrade";
37+
proxy_set_header Connection $connection_upgrade;
3238
proxy_set_header Host $host;
33-
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
39+
proxy_set_header X-Real-IP $remote_addr;
40+
proxy_set_header X-Forwarded-For $remote_addr;
41+
proxy_set_header X-Forwarded-Proto $scheme;
42+
# First attempt to serve request as file, then
43+
# as directory, then fall back to displaying 404.
44+
try_files $uri $uri/ =404;
3445
}
3546
3647
# Only return Nginx in server header
@@ -84,11 +95,11 @@ func ConfigureNginxHttps(domainName string) {
8495
add_header X-Frame-Options DENY;
8596
8697
# Avoid MIME type sniffing
87-
add_header X-Content-Type-Options nosniff always;
98+
add_header X-Content-Type-Options "nosniff" always;
8899
89100
add_header Referrer-Policy "no-referrer" always;
90101
91-
add_header X-XSS-Protection 0 always;
102+
add_header X-XSS-Protection "1; mode=block" always;
92103
93104
add_header Permissions-Policy "geolocation=(), midi=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), fullscreen=(self), payment=()" always;
94105

0 commit comments

Comments
 (0)