This is an automated email from the git hooks/post-receive script. x2go pushed a commit to branch master in repository x2gohtmlclient. commit 1762f32f3bc572ac22ed85ab3506b1d927697632 Author: Mike Gabriel <mike.gabriel@das-netzwerkteam.de> Date: Wed Jun 23 17:06:54 2021 +0200 conf/nginx/: Add Nginx configuration files (http-no-SSL support only for now). --- .../nginx/sites-available/x2gohtmlclient-demo.conf | 22 ++++++++++++++++ conf/nginx/snippets/libjs-x2goclient.conf | 29 ++++++++++++++++++++++ conf/nginx/snippets/x2gohtmlclient-css.conf | 9 +++++++ conf/nginx/snippets/x2gohtmlclient-rpc.conf | 6 +++++ conf/nginx/snippets/x2gohtmlclient-wswrapper.conf | 18 ++++++++++++++ 5 files changed, 84 insertions(+) diff --git a/conf/nginx/sites-available/x2gohtmlclient-demo.conf b/conf/nginx/sites-available/x2gohtmlclient-demo.conf new file mode 100644 index 0000000..7eb8e4c --- /dev/null +++ b/conf/nginx/sites-available/x2gohtmlclient-demo.conf @@ -0,0 +1,22 @@ +server { + + listen 80; + +# listen 443 ssl; +# server_name <your-host>; +# ssl_certificate <your-SSL-cert>; +# ssl_certificate_key <your-SSL-key>; +# ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384; +# ssl_protocols TLSv1.2; +# ssl_prefer_server_ciphers off; +# ssl_session_timeout 5m; +# ssl_session_cache builtin:1000 shared:SSL:10m; +# ssl_session_tickets off; + + root /usr/share/x2gohtmlclient/demo; + + include snippets/libjs-x2goclient.conf; + include snippets/x2gohtmlclient-css.conf; + include snippets/x2gohtmlclient-rpc.conf; + include snippets/x2gohtmlclient-wswrapper.conf; +} diff --git a/conf/nginx/snippets/libjs-x2goclient.conf b/conf/nginx/snippets/libjs-x2goclient.conf new file mode 100644 index 0000000..fb7907a --- /dev/null +++ b/conf/nginx/snippets/libjs-x2goclient.conf @@ -0,0 +1,29 @@ +location /x2go/x2gokdriveclient.html { + alias /usr/share/x2gohtmlclient/x2gokdriveclient.html; + add_header Strict-Transport-Security "max-age=31536000"; + add_header Content-Security-Policy "default-src 'self' 'unsafe-inline' data: blob: ws: wss:; script-src 'self' 'unsafe-inline'"; + add_header Feature-Policy "vibrate 'none' ; microphone 'none' ; camera 'none' ; gyroscope 'none' ; magnetometer 'none' ; geolocation 'none' ; midi 'self' ; notifications 'self' ; push 'self' ; sync-xhr 'self'"; + add_header Referrer-Policy "same-origin"; + add_header X-Content-Type-Options "nosniff"; + add_header X-Frame-Options "SAMEORIGIN"; +} + +location /assets/js/ { + alias /usr/share/javascript/x2goclient/; + add_header Strict-Transport-Security "max-age=31536000"; + add_header Content-Security-Policy "default-src 'self' 'unsafe-inline' data: blob: ws: wss:; script-src 'self' 'unsafe-inline'"; + add_header Feature-Policy "vibrate 'none' ; microphone 'none' ; camera 'none' ; gyroscope 'none' ; magnetometer 'none' ; geolocation 'none' ; midi 'self' ; notifications 'self' ; push 'self' ; sync-xhr 'self'"; + add_header Referrer-Policy "same-origin"; + add_header X-Content-Type-Options "nosniff"; + add_header X-Frame-Options "SAMEORIGIN"; +} + +location /assets/img/ { + alias /usr/share/x2gohtmlclient/img/; + add_header Strict-Transport-Security "max-age=31536000"; + add_header Content-Security-Policy "default-src 'self' 'unsafe-inline' data: blob: ws: wss:; script-src 'self' 'unsafe-inline'"; + add_header Feature-Policy "vibrate 'none' ; microphone 'none' ; camera 'none' ; gyroscope 'none' ; magnetometer 'none' ; geolocation 'none' ; midi 'self' ; notifications 'self' ; push 'self' ; sync-xhr 'self'"; + add_header Referrer-Policy "same-origin"; + add_header X-Content-Type-Options "nosniff"; + add_header X-Frame-Options "SAMEORIGIN"; +} diff --git a/conf/nginx/snippets/x2gohtmlclient-css.conf b/conf/nginx/snippets/x2gohtmlclient-css.conf new file mode 100644 index 0000000..f7dab63 --- /dev/null +++ b/conf/nginx/snippets/x2gohtmlclient-css.conf @@ -0,0 +1,9 @@ +location /assets/css/ { + alias /usr/share/x2gohtmlclient/css/; + add_header Strict-Transport-Security "max-age=31536000"; + add_header Content-Security-Policy "default-src 'self' 'unsafe-inline' data: blob: ws: wss:; script-src 'self' 'unsafe-inline'"; + add_header Feature-Policy "vibrate 'none' ; microphone 'none' ; camera 'none' ; gyroscope 'none' ; magnetometer 'none' ; geolocation 'none' ; midi 'self' ; notifications 'self' ; push 'self' ; sync-xhr 'self'"; + add_header Referrer-Policy "same-origin"; + add_header X-Content-Type-Options "nosniff"; + add_header X-Frame-Options "SAMEORIGIN"; +} diff --git a/conf/nginx/snippets/x2gohtmlclient-rpc.conf b/conf/nginx/snippets/x2gohtmlclient-rpc.conf new file mode 100644 index 0000000..c2990d3 --- /dev/null +++ b/conf/nginx/snippets/x2gohtmlclient-rpc.conf @@ -0,0 +1,6 @@ +location /assets/rpc/x2gorpc.cgi { + alias /usr/lib/cgi-bin/x2gorpc.cgi; + gzip off; + include /etc/nginx/fastcgi_params; + fastcgi_pass unix:/var/run/fcgiwrap.socket; +} diff --git a/conf/nginx/snippets/x2gohtmlclient-wswrapper.conf b/conf/nginx/snippets/x2gohtmlclient-wswrapper.conf new file mode 100644 index 0000000..9500b96 --- /dev/null +++ b/conf/nginx/snippets/x2gohtmlclient-wswrapper.conf @@ -0,0 +1,18 @@ +# Provide port based access to x2gowswrapper launched by x2gorpc.cgi (aka x2gowebrpc) + +proxy_read_timeout 300; + +location ~ ^/x2gows/(.*)$ { + proxy_pass http://127.0.0.1:$1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_http_version 1.1; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header Host $http_host; + proxy_intercept_errors on; + proxy_redirect off; + proxy_cache_bypass $http_upgrade; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-NginX-Proxy true; + proxy_ssl_session_reuse off; +} -- Alioth's /home/x2go-admin/maintenancescripts/git/hooks/post-receive-email on /srv/git/code.x2go.org/x2gohtmlclient.git