[X2Go-Commits] [x2gohtmlclient] 09/12: conf/nginx/: Add Nginx configuration files (http-no-SSL support only for now).
git-admin at x2go.org
git-admin at x2go.org
Wed Jun 23 18:17:29 CEST 2021
This is an automated email from the git hooks/post-receive script.
x2go pushed a commit to branch master
in repository x2gohtmlclient.
commit 1762f32f3bc572ac22ed85ab3506b1d927697632
Author: Mike Gabriel <mike.gabriel at das-netzwerkteam.de>
Date: Wed Jun 23 17:06:54 2021 +0200
conf/nginx/: Add Nginx configuration files (http-no-SSL support only for now).
---
.../nginx/sites-available/x2gohtmlclient-demo.conf | 22 ++++++++++++++++
conf/nginx/snippets/libjs-x2goclient.conf | 29 ++++++++++++++++++++++
conf/nginx/snippets/x2gohtmlclient-css.conf | 9 +++++++
conf/nginx/snippets/x2gohtmlclient-rpc.conf | 6 +++++
conf/nginx/snippets/x2gohtmlclient-wswrapper.conf | 18 ++++++++++++++
5 files changed, 84 insertions(+)
diff --git a/conf/nginx/sites-available/x2gohtmlclient-demo.conf b/conf/nginx/sites-available/x2gohtmlclient-demo.conf
new file mode 100644
index 0000000..7eb8e4c
--- /dev/null
+++ b/conf/nginx/sites-available/x2gohtmlclient-demo.conf
@@ -0,0 +1,22 @@
+server {
+
+ listen 80;
+
+# listen 443 ssl;
+# server_name <your-host>;
+# ssl_certificate <your-SSL-cert>;
+# ssl_certificate_key <your-SSL-key>;
+# ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
+# ssl_protocols TLSv1.2;
+# ssl_prefer_server_ciphers off;
+# ssl_session_timeout 5m;
+# ssl_session_cache builtin:1000 shared:SSL:10m;
+# ssl_session_tickets off;
+
+ root /usr/share/x2gohtmlclient/demo;
+
+ include snippets/libjs-x2goclient.conf;
+ include snippets/x2gohtmlclient-css.conf;
+ include snippets/x2gohtmlclient-rpc.conf;
+ include snippets/x2gohtmlclient-wswrapper.conf;
+}
diff --git a/conf/nginx/snippets/libjs-x2goclient.conf b/conf/nginx/snippets/libjs-x2goclient.conf
new file mode 100644
index 0000000..fb7907a
--- /dev/null
+++ b/conf/nginx/snippets/libjs-x2goclient.conf
@@ -0,0 +1,29 @@
+location /x2go/x2gokdriveclient.html {
+ alias /usr/share/x2gohtmlclient/x2gokdriveclient.html;
+ add_header Strict-Transport-Security "max-age=31536000";
+ add_header Content-Security-Policy "default-src 'self' 'unsafe-inline' data: blob: ws: wss:; script-src 'self' 'unsafe-inline'";
+ add_header Feature-Policy "vibrate 'none' ; microphone 'none' ; camera 'none' ; gyroscope 'none' ; magnetometer 'none' ; geolocation 'none' ; midi 'self' ; notifications 'self' ; push 'self' ; sync-xhr 'self'";
+ add_header Referrer-Policy "same-origin";
+ add_header X-Content-Type-Options "nosniff";
+ add_header X-Frame-Options "SAMEORIGIN";
+}
+
+location /assets/js/ {
+ alias /usr/share/javascript/x2goclient/;
+ add_header Strict-Transport-Security "max-age=31536000";
+ add_header Content-Security-Policy "default-src 'self' 'unsafe-inline' data: blob: ws: wss:; script-src 'self' 'unsafe-inline'";
+ add_header Feature-Policy "vibrate 'none' ; microphone 'none' ; camera 'none' ; gyroscope 'none' ; magnetometer 'none' ; geolocation 'none' ; midi 'self' ; notifications 'self' ; push 'self' ; sync-xhr 'self'";
+ add_header Referrer-Policy "same-origin";
+ add_header X-Content-Type-Options "nosniff";
+ add_header X-Frame-Options "SAMEORIGIN";
+}
+
+location /assets/img/ {
+ alias /usr/share/x2gohtmlclient/img/;
+ add_header Strict-Transport-Security "max-age=31536000";
+ add_header Content-Security-Policy "default-src 'self' 'unsafe-inline' data: blob: ws: wss:; script-src 'self' 'unsafe-inline'";
+ add_header Feature-Policy "vibrate 'none' ; microphone 'none' ; camera 'none' ; gyroscope 'none' ; magnetometer 'none' ; geolocation 'none' ; midi 'self' ; notifications 'self' ; push 'self' ; sync-xhr 'self'";
+ add_header Referrer-Policy "same-origin";
+ add_header X-Content-Type-Options "nosniff";
+ add_header X-Frame-Options "SAMEORIGIN";
+}
diff --git a/conf/nginx/snippets/x2gohtmlclient-css.conf b/conf/nginx/snippets/x2gohtmlclient-css.conf
new file mode 100644
index 0000000..f7dab63
--- /dev/null
+++ b/conf/nginx/snippets/x2gohtmlclient-css.conf
@@ -0,0 +1,9 @@
+location /assets/css/ {
+ alias /usr/share/x2gohtmlclient/css/;
+ add_header Strict-Transport-Security "max-age=31536000";
+ add_header Content-Security-Policy "default-src 'self' 'unsafe-inline' data: blob: ws: wss:; script-src 'self' 'unsafe-inline'";
+ add_header Feature-Policy "vibrate 'none' ; microphone 'none' ; camera 'none' ; gyroscope 'none' ; magnetometer 'none' ; geolocation 'none' ; midi 'self' ; notifications 'self' ; push 'self' ; sync-xhr 'self'";
+ add_header Referrer-Policy "same-origin";
+ add_header X-Content-Type-Options "nosniff";
+ add_header X-Frame-Options "SAMEORIGIN";
+}
diff --git a/conf/nginx/snippets/x2gohtmlclient-rpc.conf b/conf/nginx/snippets/x2gohtmlclient-rpc.conf
new file mode 100644
index 0000000..c2990d3
--- /dev/null
+++ b/conf/nginx/snippets/x2gohtmlclient-rpc.conf
@@ -0,0 +1,6 @@
+location /assets/rpc/x2gorpc.cgi {
+ alias /usr/lib/cgi-bin/x2gorpc.cgi;
+ gzip off;
+ include /etc/nginx/fastcgi_params;
+ fastcgi_pass unix:/var/run/fcgiwrap.socket;
+}
diff --git a/conf/nginx/snippets/x2gohtmlclient-wswrapper.conf b/conf/nginx/snippets/x2gohtmlclient-wswrapper.conf
new file mode 100644
index 0000000..9500b96
--- /dev/null
+++ b/conf/nginx/snippets/x2gohtmlclient-wswrapper.conf
@@ -0,0 +1,18 @@
+# Provide port based access to x2gowswrapper launched by x2gorpc.cgi (aka x2gowebrpc)
+
+proxy_read_timeout 300;
+
+location ~ ^/x2gows/(.*)$ {
+ proxy_pass http://127.0.0.1:$1;
+ proxy_set_header Upgrade $http_upgrade;
+ proxy_set_header Connection "upgrade";
+ proxy_http_version 1.1;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header Host $http_host;
+ proxy_intercept_errors on;
+ proxy_redirect off;
+ proxy_cache_bypass $http_upgrade;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-NginX-Proxy true;
+ proxy_ssl_session_reuse off;
+}
--
Alioth's /home/x2go-admin/maintenancescripts/git/hooks/post-receive-email on /srv/git/code.x2go.org/x2gohtmlclient.git
More information about the x2go-commits
mailing list