From f056b9dc7f94118b5d6ccb54661f466c2a0e3566 Mon Sep 17 00:00:00 2001 From: Daniel Porter Date: Tue, 13 Apr 2021 19:59:49 +0100 Subject: [PATCH 1/2] Move 'Force SSL' definitions to host root configuration This fixes issues with these settings not applying to custom locations defined under hosts. --- backend/templates/dead_host.conf | 2 +- backend/templates/proxy_host.conf | 2 +- backend/templates/redirection_host.conf | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/backend/templates/dead_host.conf b/backend/templates/dead_host.conf index da282a1..be53f6d 100644 --- a/backend/templates/dead_host.conf +++ b/backend/templates/dead_host.conf @@ -5,6 +5,7 @@ server { {% include "_listen.conf" %} {% include "_certificates.conf" %} {% include "_hsts.conf" %} +{% include "_forced_ssl.conf" %} access_log /data/logs/dead_host-{{ id }}.log standard; @@ -12,7 +13,6 @@ server { {% if use_default_location %} location / { -{% include "_forced_ssl.conf" %} {% include "_hsts.conf" %} return 404; } diff --git a/backend/templates/proxy_host.conf b/backend/templates/proxy_host.conf index 17a5210..738cdcb 100644 --- a/backend/templates/proxy_host.conf +++ b/backend/templates/proxy_host.conf @@ -11,6 +11,7 @@ server { {% include "_assets.conf" %} {% include "_exploits.conf" %} {% include "_hsts.conf" %} +{% include "_forced_ssl.conf" %} access_log /data/logs/proxy_host-{{ id }}.log proxy; @@ -43,7 +44,6 @@ server { {% endif %} -{% include "_forced_ssl.conf" %} {% include "_hsts.conf" %} {% if allow_websocket_upgrade == 1 or allow_websocket_upgrade == true %} diff --git a/backend/templates/redirection_host.conf b/backend/templates/redirection_host.conf index 55e7280..f42e146 100644 --- a/backend/templates/redirection_host.conf +++ b/backend/templates/redirection_host.conf @@ -7,6 +7,7 @@ server { {% include "_assets.conf" %} {% include "_exploits.conf" %} {% include "_hsts.conf" %} +{% include "_forced_ssl.conf" %} access_log /data/logs/redirection_host-{{ id }}.log standard; @@ -14,7 +15,6 @@ server { {% if use_default_location %} location / { -{% include "_forced_ssl.conf" %} {% include "_hsts.conf" %} {% if preserve_path == 1 or preserve_path == true %} From 421934efedd12ba047f78243fb25388a613e29f8 Mon Sep 17 00:00:00 2001 From: Daniel Porter Date: Tue, 13 Apr 2021 20:04:35 +0100 Subject: [PATCH 2/2] Move 'Allow Websockets' definitions to host root configuration This fixes issues with these settings not applying to custom locations defined under hosts. --- backend/templates/proxy_host.conf | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/backend/templates/proxy_host.conf b/backend/templates/proxy_host.conf index 738cdcb..e547968 100644 --- a/backend/templates/proxy_host.conf +++ b/backend/templates/proxy_host.conf @@ -13,6 +13,13 @@ server { {% include "_hsts.conf" %} {% include "_forced_ssl.conf" %} +{% if allow_websocket_upgrade == 1 or allow_websocket_upgrade == true %} +proxy_set_header Upgrade $http_upgrade; +proxy_set_header Connection $http_connection; +proxy_http_version 1.1; +{% endif %} + + access_log /data/logs/proxy_host-{{ id }}.log proxy; {{ advanced_config }} @@ -46,12 +53,6 @@ server { {% include "_hsts.conf" %} - {% if allow_websocket_upgrade == 1 or allow_websocket_upgrade == true %} - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection $http_connection; - proxy_http_version 1.1; - {% endif %} - # Proxy! include conf.d/include/proxy.conf; }