Changeset View
Changeset View
Standalone View
Standalone View
docker/proxy/rootfs/etc/nginx/nginx.conf
Show First 20 Lines • Show All 103 Lines • ▼ Show 20 Lines | server { | ||||
proxy_set_header X-Real-IP $remote_addr; | proxy_set_header X-Real-IP $remote_addr; | ||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | ||||
proxy_set_header X-Forwarded-Host $host; | proxy_set_header X-Forwarded-Host $host; | ||||
proxy_set_header X-Forwarded-Proto $scheme; | proxy_set_header X-Forwarded-Proto $scheme; | ||||
proxy_no_cache 1; | proxy_no_cache 1; | ||||
proxy_cache_bypass 1; | proxy_cache_bypass 1; | ||||
} | } | ||||
# FIXME do we need to whitelist certain requests that are unauthenticated? | |||||
machniak: Looking at syncroton code all requests are being authenticated. | |||||
mollekopfAuthorUnsubmitted Done Inline ActionsI think outlook on android tried to do some unauthenticated stuff, but as you say, syncroton doesn't support that anyways, so I guess that should be fine. mollekopf: I think outlook on android tried to do some unauthenticated stuff, but as you say, syncroton… | |||||
location /Microsoft-Server-ActiveSync { | location /Microsoft-Server-ActiveSync { | ||||
#auth_request /auth; | auth_request /auth; | ||||
#auth_request_set $auth_status $upstream_status; | #auth_request_set $auth_status $upstream_status; | ||||
proxy_pass http://127.0.0.1:9080; | proxy_pass http://127.0.0.1:9080; | ||||
proxy_set_header Host $host; | proxy_set_header Host $host; | ||||
proxy_set_header X-Real-IP $remote_addr; | proxy_set_header X-Real-IP $remote_addr; | ||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | ||||
proxy_send_timeout 910s; | proxy_send_timeout 910s; | ||||
proxy_read_timeout 910s; | proxy_read_timeout 910s; | ||||
fastcgi_send_timeout 910s; | fastcgi_send_timeout 910s; | ||||
fastcgi_read_timeout 910s; | fastcgi_read_timeout 910s; | ||||
} | } | ||||
location ~* ^/\\.well-known/(caldav|carddav) { | location ~* ^/\\.well-known/(caldav|carddav) { | ||||
#auth_request /auth; | |||||
#auth_request_set $auth_status $upstream_status; | |||||
proxy_pass http://127.0.0.1:9080; | proxy_pass http://127.0.0.1:9080; | ||||
proxy_set_header Host $host; | proxy_set_header Host $host; | ||||
proxy_set_header X-Real-IP $remote_addr; | proxy_set_header X-Real-IP $remote_addr; | ||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | ||||
} | } | ||||
location /iRony { | location /iRony { | ||||
#auth_request /auth; | auth_request /auth; | ||||
#auth_request_set $auth_status $upstream_status; | #auth_request_set $auth_status $upstream_status; | ||||
proxy_pass http://127.0.0.1:9080; | proxy_pass http://127.0.0.1:9080; | ||||
proxy_set_header Host $host; | proxy_set_header Host $host; | ||||
proxy_set_header X-Real-IP $remote_addr; | proxy_set_header X-Real-IP $remote_addr; | ||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | ||||
} | } | ||||
location = /auth { | location = /auth { | ||||
internal; | internal; | ||||
proxy_pass http://127.0.0.1:8000/api/webhooks/nginx; | proxy_pass http://127.0.0.1:8000/api/webhooks/nginx-httpauth; | ||||
proxy_pass_request_body off; | proxy_pass_request_body off; | ||||
proxy_set_header Host services.APP_WEBSITE_DOMAIN; | proxy_set_header Host services.APP_WEBSITE_DOMAIN; | ||||
proxy_set_header Content-Length ""; | proxy_set_header Content-Length ""; | ||||
proxy_set_header X-Original-URI $request_uri; | proxy_set_header X-Original-URI $request_uri; | ||||
proxy_set_header X-Real-IP $remote_addr; | proxy_set_header X-Real-IP $remote_addr; | ||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | ||||
proxy_set_header X-Forwarded-Proto $scheme; | proxy_set_header X-Forwarded-Proto $scheme; | ||||
Show All 12 Lines |
Looking at syncroton code all requests are being authenticated.