Commit e90c7d8e authored by Mattia Rizzolo's avatar Mattia Rizzolo

nginx: move the include proxy_params inside the location context

proxy_set_headers are inherited from the parent contexts IFF there are
no proxy_set_header in the current context.
Given that we are adding extra headers due to SSL, move everything in
there.
Signed-off-by: Mattia Rizzolo's avatarMattia Rizzolo <mapreri@ubuntu.com>
parent 755ea37e
# proxy settings
include proxy_params; # directly coming from the nginx package, they are sane
proxy_set_header X-Forwarded-Server $hostname;
# security/privacy settings # security/privacy settings
add_header X-Frame-Options "SAMEORIGIN"; add_header X-Frame-Options "SAMEORIGIN";
add_header X-Xss-Protection "1; mode=block"; add_header X-Xss-Protection "1; mode=block";
......
...@@ -22,8 +22,10 @@ server { ...@@ -22,8 +22,10 @@ server {
ssl_certificate_key {{ ssl_home }}/localcerts/{{ item.key }}/privkey.pem; ssl_certificate_key {{ ssl_home }}/localcerts/{{ item.key }}/privkey.pem;
location / { location / {
proxy_set_header Host {{ item.key }}; # proxy settings
proxy_set_header X-Forwarded-Host {{ item.key }}; include proxy_params; # directly coming from the nginx package, they are sane
proxy_set_header X-Forwarded-Server $hostname;
proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header X-Forwarded-Port 443; proxy_set_header X-Forwarded-Port 443;
proxy_set_header X-Forwarded-Ssl on; proxy_set_header X-Forwarded-Ssl on;
proxy_pass http://{{ item.value }}/; proxy_pass http://{{ item.value }}/;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment