From 1a4ee34df139006b683aa63a7ae2f0f76d1677de Mon Sep 17 00:00:00 2001 From: gbanyan Date: Wed, 22 Apr 2020 04:38:59 +0800 Subject: [PATCH] Add nginx configuration for reverse and proxy pass the code-server --- .../nginx/conf.d/common.conf | 4 + .../nginx/conf.d/common_location.conf | 6 ++ .../nginx/conf.d/proxy_code_server.conf | 6 ++ .../conf.d/sites-available/code-server.conf | 17 ++++ .../conf.d/sites-enabled/code-server.conf | 1 + .../nginx/conf.d/ssl.conf | 12 +++ nginx_reverse+code-server/nginx/mime.types | 96 +++++++++++++++++++ nginx_reverse+code-server/nginx/nginx.conf | 24 +++++ 8 files changed, 166 insertions(+) create mode 100644 nginx_reverse+code-server/nginx/conf.d/common.conf create mode 100644 nginx_reverse+code-server/nginx/conf.d/common_location.conf create mode 100644 nginx_reverse+code-server/nginx/conf.d/proxy_code_server.conf create mode 100644 nginx_reverse+code-server/nginx/conf.d/sites-available/code-server.conf create mode 120000 nginx_reverse+code-server/nginx/conf.d/sites-enabled/code-server.conf create mode 100644 nginx_reverse+code-server/nginx/conf.d/ssl.conf create mode 100644 nginx_reverse+code-server/nginx/mime.types create mode 100644 nginx_reverse+code-server/nginx/nginx.conf diff --git a/nginx_reverse+code-server/nginx/conf.d/common.conf b/nginx_reverse+code-server/nginx/conf.d/common.conf new file mode 100644 index 0000000..b53f51b --- /dev/null +++ b/nginx_reverse+code-server/nginx/conf.d/common.conf @@ -0,0 +1,4 @@ +add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; +add_header X-Frame-Options SAMEORIGIN; +add_header X-Content-Type-Options nosniff; +add_header X-XSS-Protection "1; mode=block"; \ No newline at end of file diff --git a/nginx_reverse+code-server/nginx/conf.d/common_location.conf b/nginx_reverse+code-server/nginx/conf.d/common_location.conf new file mode 100644 index 0000000..a2f48d3 --- /dev/null +++ b/nginx_reverse+code-server/nginx/conf.d/common_location.conf @@ -0,0 +1,6 @@ +proxy_set_header X-Real-IP $remote_addr; +proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; +proxy_set_header X-Forwarded-Proto $scheme; +proxy_set_header Host $host; +proxy_set_header X-Forwarded-Host $host; +proxy_set_header X-Forwarded-Port $server_port; \ No newline at end of file diff --git a/nginx_reverse+code-server/nginx/conf.d/proxy_code_server.conf b/nginx_reverse+code-server/nginx/conf.d/proxy_code_server.conf new file mode 100644 index 0000000..18d56c9 --- /dev/null +++ b/nginx_reverse+code-server/nginx/conf.d/proxy_code_server.conf @@ -0,0 +1,6 @@ +proxy_set_header Host $host; +proxy_set_header Upgrade $http_upgrade; +proxy_set_header Connection upgrade; +proxy_set_header Accept-Encoding gzip; +proxy_set_header X-Real-IP $remote_addr; +proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; \ No newline at end of file diff --git a/nginx_reverse+code-server/nginx/conf.d/sites-available/code-server.conf b/nginx_reverse+code-server/nginx/conf.d/sites-available/code-server.conf new file mode 100644 index 0000000..3c9d4ad --- /dev/null +++ b/nginx_reverse+code-server/nginx/conf.d/sites-available/code-server.conf @@ -0,0 +1,17 @@ +upstream code-server { + server code-server:8080; +} + +server { + listen 443 ssl http2; + server_name code.gbanyan.net; + + #include /etc/nginx/conf.d/common.conf; + include /etc/nginx/conf.d/ssl.conf; + include /etc/nginx/conf.d/proxy_code_server.conf; + + location / { + proxy_pass http://code-server; + #include /etc/nginx/conf.d/common_location.conf; + } +} \ No newline at end of file diff --git a/nginx_reverse+code-server/nginx/conf.d/sites-enabled/code-server.conf b/nginx_reverse+code-server/nginx/conf.d/sites-enabled/code-server.conf new file mode 120000 index 0000000..b0c9d4f --- /dev/null +++ b/nginx_reverse+code-server/nginx/conf.d/sites-enabled/code-server.conf @@ -0,0 +1 @@ +../sites-available/code-server.conf \ No newline at end of file diff --git a/nginx_reverse+code-server/nginx/conf.d/ssl.conf b/nginx_reverse+code-server/nginx/conf.d/ssl.conf new file mode 100644 index 0000000..a2f5296 --- /dev/null +++ b/nginx_reverse+code-server/nginx/conf.d/ssl.conf @@ -0,0 +1,12 @@ +ssl_protocols TLSv1 TLSv1.1 TLSv1.2; +ssl_ecdh_curve secp384r1; +ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384 OLD_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 OLD_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256"; +ssl_prefer_server_ciphers on; +#ssl_dhparam /etc/nginx/dhparams.pem; +ssl_certificate /etc/ssl/private/fullchain.pem; +ssl_certificate_key /etc/ssl/private/privkey.pem; +ssl_session_timeout 10m; +ssl_session_cache shared:SSL:10m; +ssl_session_tickets off; +ssl_stapling on; +ssl_stapling_verify on; \ No newline at end of file diff --git a/nginx_reverse+code-server/nginx/mime.types b/nginx_reverse+code-server/nginx/mime.types new file mode 100644 index 0000000..c230212 --- /dev/null +++ b/nginx_reverse+code-server/nginx/mime.types @@ -0,0 +1,96 @@ +types { + text/html html htm shtml; + text/css css; + text/xml xml; + image/gif gif; + image/jpeg jpeg jpg; + application/javascript js; + application/atom+xml atom; + application/rss+xml rss; + + text/mathml mml; + text/plain txt; + text/vnd.sun.j2me.app-descriptor jad; + text/vnd.wap.wml wml; + text/x-component htc; + + image/png png; + image/svg+xml svg svgz; + image/tiff tif tiff; + image/vnd.wap.wbmp wbmp; + image/webp webp; + image/x-icon ico; + image/x-jng jng; + image/x-ms-bmp bmp; + + font/woff woff; + font/woff2 woff2; + + application/java-archive jar war ear; + application/json json; + application/mac-binhex40 hqx; + application/msword doc; + application/pdf pdf; + application/postscript ps eps ai; + application/rtf rtf; + application/vnd.apple.mpegurl m3u8; + application/vnd.google-earth.kml+xml kml; + application/vnd.google-earth.kmz kmz; + application/vnd.ms-excel xls; + application/vnd.ms-fontobject eot; + application/vnd.ms-powerpoint ppt; + application/vnd.oasis.opendocument.graphics odg; + application/vnd.oasis.opendocument.presentation odp; + application/vnd.oasis.opendocument.spreadsheet ods; + application/vnd.oasis.opendocument.text odt; + application/vnd.openxmlformats-officedocument.presentationml.presentation + pptx; + application/vnd.openxmlformats-officedocument.spreadsheetml.sheet + xlsx; + application/vnd.openxmlformats-officedocument.wordprocessingml.document + docx; + application/vnd.wap.wmlc wmlc; + application/x-7z-compressed 7z; + application/x-cocoa cco; + application/x-java-archive-diff jardiff; + application/x-java-jnlp-file jnlp; + application/x-makeself run; + application/x-perl pl pm; + application/x-pilot prc pdb; + application/x-rar-compressed rar; + application/x-redhat-package-manager rpm; + application/x-sea sea; + application/x-shockwave-flash swf; + application/x-stuffit sit; + application/x-tcl tcl tk; + application/x-x509-ca-cert der pem crt; + application/x-xpinstall xpi; + application/xhtml+xml xhtml; + application/xspf+xml xspf; + application/zip zip; + + application/octet-stream bin exe dll; + application/octet-stream deb; + application/octet-stream dmg; + application/octet-stream iso img; + application/octet-stream msi msp msm; + + audio/midi mid midi kar; + audio/mpeg mp3; + audio/ogg ogg; + audio/x-m4a m4a; + audio/x-realaudio ra; + + video/3gpp 3gpp 3gp; + video/mp2t ts; + video/mp4 mp4; + video/mpeg mpeg mpg; + video/quicktime mov; + video/webm webm; + video/x-flv flv; + video/x-m4v m4v; + video/x-mng mng; + video/x-ms-asf asx asf; + video/x-ms-wmv wmv; + video/x-msvideo avi; +} \ No newline at end of file diff --git a/nginx_reverse+code-server/nginx/nginx.conf b/nginx_reverse+code-server/nginx/nginx.conf new file mode 100644 index 0000000..e92c977 --- /dev/null +++ b/nginx_reverse+code-server/nginx/nginx.conf @@ -0,0 +1,24 @@ +user nginx; ## Default: nobody +worker_processes 5; ## Default: 1 +error_log /etc/nginx/error.log; +pid /var/run/nginx.pid; +worker_rlimit_nofile 8192; + +events { + worker_connections 4096; ## Default: 1024 +} + +http { + include mime.types; + index index.html index.htm index.php; + + default_type application/octet-stream; + log_format main '$remote_addr - $remote_user [$time_local] $status ' + '"$request" $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + access_log access.log main; + sendfile on; + #tcp_nopush on; + server_names_hash_bucket_size 128; # this seems to be required for some vhosts + include /etc/nginx/conf.d/sites-enabled/*.conf; +} \ No newline at end of file