[X2Go-Commits] [x2gohtmlclient] 09/12: conf/nginx/: Add Nginx configuration files (http-no-SSL support only for now).

git-admin at x2go.org git-admin at x2go.org
Wed Jun 23 18:17:29 CEST 2021 

This is an automated email from the git hooks/post-receive script.

x2go pushed a commit to branch master
in repository x2gohtmlclient.

commit 1762f32f3bc572ac22ed85ab3506b1d927697632
Author: Mike Gabriel <mike.gabriel at das-netzwerkteam.de>
Date:   Wed Jun 23 17:06:54 2021 +0200

    conf/nginx/: Add Nginx configuration files (http-no-SSL support only for now).
---
 .../nginx/sites-available/x2gohtmlclient-demo.conf | 22 ++++++++++++++++
 conf/nginx/snippets/libjs-x2goclient.conf          | 29 ++++++++++++++++++++++
 conf/nginx/snippets/x2gohtmlclient-css.conf        |  9 +++++++
 conf/nginx/snippets/x2gohtmlclient-rpc.conf        |  6 +++++
 conf/nginx/snippets/x2gohtmlclient-wswrapper.conf  | 18 ++++++++++++++
 5 files changed, 84 insertions(+)

diff --git a/conf/nginx/sites-available/x2gohtmlclient-demo.conf b/conf/nginx/sites-available/x2gohtmlclient-demo.conf
new file mode 100644
index 0000000..7eb8e4c
--- /dev/null
+++ b/conf/nginx/sites-available/x2gohtmlclient-demo.conf
@@ -0,0 +1,22 @@
+server {
+
+	listen 80;
+
+#	listen 443 ssl;
+#	server_name <your-host>;
+#	ssl_certificate <your-SSL-cert>;
+#	ssl_certificate_key <your-SSL-key>;
+#	ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
+#	ssl_protocols TLSv1.2;
+#	ssl_prefer_server_ciphers off;
+#	ssl_session_timeout 5m;
+#	ssl_session_cache builtin:1000  shared:SSL:10m;
+#	ssl_session_tickets off;
+
+	root /usr/share/x2gohtmlclient/demo;
+
+	include snippets/libjs-x2goclient.conf;
+	include snippets/x2gohtmlclient-css.conf;
+	include snippets/x2gohtmlclient-rpc.conf;
+	include snippets/x2gohtmlclient-wswrapper.conf;
+}
diff --git a/conf/nginx/snippets/libjs-x2goclient.conf b/conf/nginx/snippets/libjs-x2goclient.conf
new file mode 100644
index 0000000..fb7907a
--- /dev/null
+++ b/conf/nginx/snippets/libjs-x2goclient.conf
@@ -0,0 +1,29 @@
+location /x2go/x2gokdriveclient.html {
+	alias /usr/share/x2gohtmlclient/x2gokdriveclient.html;
+	add_header Strict-Transport-Security "max-age=31536000";
+	add_header Content-Security-Policy "default-src 'self' 'unsafe-inline' data: blob: ws: wss:; script-src 'self' 'unsafe-inline'";
+	add_header Feature-Policy "vibrate 'none' ; microphone 'none' ; camera 'none' ; gyroscope 'none' ; magnetometer 'none' ; geolocation 'none' ; midi 'self' ; notifications 'self' ; push 'self' ; sync-xhr 'self'";
+	add_header Referrer-Policy "same-origin";
+	add_header X-Content-Type-Options "nosniff";
+	add_header X-Frame-Options "SAMEORIGIN";
+}
+
+location /assets/js/ {
+	alias /usr/share/javascript/x2goclient/;
+	add_header Strict-Transport-Security "max-age=31536000";
+	add_header Content-Security-Policy "default-src 'self' 'unsafe-inline' data: blob: ws: wss:; script-src 'self' 'unsafe-inline'";
+	add_header Feature-Policy "vibrate 'none' ; microphone 'none' ; camera 'none' ; gyroscope 'none' ; magnetometer 'none' ; geolocation 'none' ; midi 'self' ; notifications 'self' ; push 'self' ; sync-xhr 'self'";
+	add_header Referrer-Policy "same-origin";
+	add_header X-Content-Type-Options "nosniff";
+	add_header X-Frame-Options "SAMEORIGIN";
+}
+
+location /assets/img/ {
+	alias /usr/share/x2gohtmlclient/img/;
+	add_header Strict-Transport-Security "max-age=31536000";
+	add_header Content-Security-Policy "default-src 'self' 'unsafe-inline' data: blob: ws: wss:; script-src 'self' 'unsafe-inline'";
+	add_header Feature-Policy "vibrate 'none' ; microphone 'none' ; camera 'none' ; gyroscope 'none' ; magnetometer 'none' ; geolocation 'none' ; midi 'self' ; notifications 'self' ; push 'self' ; sync-xhr 'self'";
+	add_header Referrer-Policy "same-origin";
+	add_header X-Content-Type-Options "nosniff";
+	add_header X-Frame-Options "SAMEORIGIN";
+}
diff --git a/conf/nginx/snippets/x2gohtmlclient-css.conf b/conf/nginx/snippets/x2gohtmlclient-css.conf
new file mode 100644
index 0000000..f7dab63
--- /dev/null
+++ b/conf/nginx/snippets/x2gohtmlclient-css.conf
@@ -0,0 +1,9 @@
+location /assets/css/ {
+	alias /usr/share/x2gohtmlclient/css/;
+	add_header Strict-Transport-Security "max-age=31536000";
+	add_header Content-Security-Policy "default-src 'self' 'unsafe-inline' data: blob: ws: wss:; script-src 'self' 'unsafe-inline'";
+	add_header Feature-Policy "vibrate 'none' ; microphone 'none' ; camera 'none' ; gyroscope 'none' ; magnetometer 'none' ; geolocation 'none' ; midi 'self' ; notifications 'self' ; push 'self' ; sync-xhr 'self'";
+	add_header Referrer-Policy "same-origin";
+	add_header X-Content-Type-Options "nosniff";
+	add_header X-Frame-Options "SAMEORIGIN";
+}
diff --git a/conf/nginx/snippets/x2gohtmlclient-rpc.conf b/conf/nginx/snippets/x2gohtmlclient-rpc.conf
new file mode 100644
index 0000000..c2990d3
--- /dev/null
+++ b/conf/nginx/snippets/x2gohtmlclient-rpc.conf
@@ -0,0 +1,6 @@
+location /assets/rpc/x2gorpc.cgi {
+	alias /usr/lib/cgi-bin/x2gorpc.cgi;
+	gzip off;
+	include /etc/nginx/fastcgi_params;
+	fastcgi_pass  unix:/var/run/fcgiwrap.socket;
+}
diff --git a/conf/nginx/snippets/x2gohtmlclient-wswrapper.conf b/conf/nginx/snippets/x2gohtmlclient-wswrapper.conf
new file mode 100644
index 0000000..9500b96
--- /dev/null
+++ b/conf/nginx/snippets/x2gohtmlclient-wswrapper.conf
@@ -0,0 +1,18 @@
+# Provide port based access to x2gowswrapper launched by x2gorpc.cgi (aka x2gowebrpc)
+
+proxy_read_timeout 300;
+
+location ~ ^/x2gows/(.*)$ {
+	proxy_pass       http://127.0.0.1:$1;
+	proxy_set_header Upgrade $http_upgrade;
+	proxy_set_header Connection "upgrade";
+	proxy_http_version 1.1;
+	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+	proxy_set_header Host $http_host;
+	proxy_intercept_errors on;
+	proxy_redirect off;
+	proxy_cache_bypass $http_upgrade;
+	proxy_set_header X-Real-IP $remote_addr;
+	proxy_set_header X-NginX-Proxy true;
+	proxy_ssl_session_reuse off;
+}

--
Alioth's /home/x2go-admin/maintenancescripts/git/hooks/post-receive-email on /srv/git/code.x2go.org/x2gohtmlclient.git

More information about the x2go-commits mailing list