From ec91a9815744dede41f164084ee2a2a8a4330155 Mon Sep 17 00:00:00 2001 From: bobby <1544881+desimone@users.noreply.github.com> Date: Thu, 1 Oct 2020 16:05:12 -0700 Subject: [PATCH] examples: fix nginx example (#1478) --- examples/nginx/httpbin.conf | 2 +- examples/nginx/pomerium.conf | 2 +- examples/nginx/proxy.conf | 49 ++++++++++++++++++------------------ 3 files changed, 27 insertions(+), 26 deletions(-) diff --git a/examples/nginx/httpbin.conf b/examples/nginx/httpbin.conf index 53bbe834b..6e384f824 100644 --- a/examples/nginx/httpbin.conf +++ b/examples/nginx/httpbin.conf @@ -11,6 +11,6 @@ server { location / { proxy_pass http://httpbin; include /etc/nginx/auth.conf; - include /config/nginx/proxy.conf; + include /etc/nginx/proxy.conf; } } diff --git a/examples/nginx/pomerium.conf b/examples/nginx/pomerium.conf index 164073f90..ac6e5c4a5 100644 --- a/examples/nginx/pomerium.conf +++ b/examples/nginx/pomerium.conf @@ -7,7 +7,7 @@ server { location / { proxy_pass http://pomerium; - include /config/nginx/proxy.conf; + include /etc/nginx/proxy.conf; } } diff --git a/examples/nginx/proxy.conf b/examples/nginx/proxy.conf index d16c844e3..36b51d6bc 100644 --- a/examples/nginx/proxy.conf +++ b/examples/nginx/proxy.conf @@ -1,32 +1,33 @@ -client_body_buffer_size 128k +client_body_buffer_size 128k; #Timeout if the real server is dead -proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 +proxy_next_upstream error timeout invalid_header http_500 http_502 http_503; # Advanced Proxy Config -send_timeout 5m -proxy_read_timeout 360 -proxy_send_timeout 360 -proxy_connect_timeout 360 +send_timeout 5m; +proxy_read_timeout 360; +proxy_send_timeout 360; +proxy_connect_timeout 360; # Basic Proxy Config -proxy_set_header Host $host -proxy_set_header X-Real-IP $remote_addr -proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for -proxy_set_header X-Forwarded-Proto $scheme -proxy_set_header X-Forwarded-Host $http_host -proxy_set_header X-Forwarded-Uri $request_uri -proxy_set_header X-Forwarded-Ssl on -proxy_http_version 1.1 -proxy_set_header Connection "" -proxy_cache_bypass $cookie_session -proxy_no_cache $cookie_session -proxy_buffers 64 256k +proxy_set_header Host $host; +proxy_set_header X-Real-IP $remote_addr; +proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; +proxy_set_header X-Forwarded-Proto $scheme; +proxy_set_header X-Forwarded-Host $http_host; +proxy_set_header X-Forwarded-Uri $request_uri; +proxy_set_header X-Forwarded-Ssl on; +proxy_redirect http:// $scheme://; +proxy_http_version 1.1; +proxy_set_header Connection ""; +proxy_cache_bypass $cookie_session; +proxy_no_cache $cookie_session; +proxy_buffers 64 256k; # If behind reverse proxy, forwards the correct IP -set_real_ip_from 10.0.0.0/8 -set_real_ip_from 172.0.0.0/8 -set_real_ip_from 192.168.0.0/16 -set_real_ip_from fc00::/7 -real_ip_header X-Forwarded-For -real_ip_recursive on +set_real_ip_from 10.0.0.0/8; +set_real_ip_from 172.0.0.0/8; +set_real_ip_from 192.168.0.0/16; +set_real_ip_from fc00::/7; +real_ip_header X-Forwarded-For; +real_ip_recursive on;