Differential D2984 Diff 8525 docker/proxy/rootfs/etc/nginx/nginx.conf

Changeset View

Standalone View

docker/proxy/rootfs/etc/nginx/nginx.conf

Show First 20 Lines • Show All 103 Lines • ▼ Show 20 Lines	server {
proxy_set_header X-Real-IP $remote_addr;		proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $host;		proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Proto $scheme;		proxy_set_header X-Forwarded-Proto $scheme;
proxy_no_cache 1;		proxy_no_cache 1;
proxy_cache_bypass 1;		proxy_cache_bypass 1;
}		}

		# FIXME do we need to whitelist certain requests that are unauthenticated?
		machniakUnsubmitted Done Inline Actions Looking at syncroton code all requests are being authenticated. machniak: Looking at syncroton code all requests are being authenticated.
		mollekopfAuthorUnsubmitted Done Inline Actions I think outlook on android tried to do some unauthenticated stuff, but as you say, syncroton doesn't support that anyways, so I guess that should be fine. mollekopf: I think outlook on android tried to do some unauthenticated stuff, but as you say, syncroton…
location /Microsoft-Server-ActiveSync {		location /Microsoft-Server-ActiveSync {
#auth_request /auth;		auth_request /auth;
#auth_request_set $auth_status $upstream_status;		#auth_request_set $auth_status $upstream_status;

proxy_pass http://127.0.0.1:9080;		proxy_pass http://127.0.0.1:9080;
proxy_set_header Host $host;		proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;		proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_send_timeout 910s;		proxy_send_timeout 910s;
proxy_read_timeout 910s;		proxy_read_timeout 910s;
fastcgi_send_timeout 910s;		fastcgi_send_timeout 910s;
fastcgi_read_timeout 910s;		fastcgi_read_timeout 910s;
}		}

location ~* ^/\\.well-known/(caldav\|carddav) {		location ~* ^/\\.well-known/(caldav\|carddav) {
#auth_request /auth;
#auth_request_set $auth_status $upstream_status;

proxy_pass http://127.0.0.1:9080;		proxy_pass http://127.0.0.1:9080;
proxy_set_header Host $host;		proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;		proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}		}

location /iRony {		location /iRony {
#auth_request /auth;		auth_request /auth;
#auth_request_set $auth_status $upstream_status;		#auth_request_set $auth_status $upstream_status;

proxy_pass http://127.0.0.1:9080;		proxy_pass http://127.0.0.1:9080;
proxy_set_header Host $host;		proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;		proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}		}

location = /auth {		location = /auth {
internal;		internal;
proxy_pass http://127.0.0.1:8000/api/webhooks/nginx;		proxy_pass http://127.0.0.1:8000/api/webhooks/nginx-httpauth;
proxy_pass_request_body off;		proxy_pass_request_body off;
proxy_set_header Host services.APP_WEBSITE_DOMAIN;		proxy_set_header Host services.APP_WEBSITE_DOMAIN;
proxy_set_header Content-Length "";		proxy_set_header Content-Length "";
proxy_set_header X-Original-URI $request_uri;		proxy_set_header X-Original-URI $request_uri;

proxy_set_header X-Real-IP $remote_addr;		proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;		proxy_set_header X-Forwarded-Proto $scheme;
Show All 12 Lines