Skip to content

Commit

Permalink
Add additional headers
Browse files Browse the repository at this point in the history
  • Loading branch information
@PhongT16
PhongT16 committed Sep 12, 2024
1 parent 40e11f2 commit de01ae5
Showing 1 changed file with 13 additions and 9 deletions.
22 changes: 13 additions & 9 deletions CILogon/nginx.conf.template
View file
Original file line number Diff line number Diff line change
Expand Up @@ -39,7 +39,7 @@ http {
redirect_uri = "http://${PROXY_FQDN}/redirect_uri",
discovery = "https://cilogon.org/.well-known/openid-configuration",
client_id = "cilogon:/client_id/9c02e8c0e767934c8e0bb60807dfa39",
client_secret = "HqTb451EId3AX9vnqVWap2WqWdqqBqlE0mTKGQ0CyJ7oVIB71UBkdfrXAMklm9vRwoGaAwx-UFJvr6DUbV7-eQ",
client_secret = "${CLIENT_SECRET}",
ssl_verify = "no",
scope = "openid email profile org.cilogon.userinfo",
redirect_uri_scheme = "http",
Expand All @@ -62,14 +62,17 @@ http {
ngx.log(ngx.ERR, "Authentication successful, session created")
}

proxy_set_header Host ${TARGET_FQDN};
# proxy_set_header Host ${TARGET_FQDN};
proxy_set_header Host $host;
proxy_set_header Authorization "Bearer ${PAT}"; # Your PAT
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Original-URI $request_uri;
proxy_set_header X-NginX-Proxy true;
proxy_set_header Connection Keep-Alive;
proxy_cache_bypass $http_pragma;
proxy_no_cache $http_pragma;
proxy_pass https://${TARGET_FQDN};

proxy_set_header Accept-Encoding "";
Expand All @@ -86,9 +89,9 @@ http {
proxy_set_header Upgrade $http_upgrade;
# proxy_set_header Connection "Upgrade";

proxy_hide_header Content-Security-Policy;
#proxy_hide_header Content-Security-Policy;

add_header Content-Security-Policy "default-src 'self' https://wiki.ncsa.illinois.edu 'unsafe-inline' 'unsafe-eval' data:; img-src 'self' https://wiki.ncsa.illinois.edu data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://wiki.ncsa.illinois.edu; style-src 'self' 'unsafe-inline' https://wiki.ncsa.illinois.edu; connect-src 'self' https://wiki.ncsa.illinois.edu https://wiki.ncsa.illinois.edu/synchrony; frame-src 'self' https://wiki.ncsa.illinois.edu;" always;
#add_header Content-Security-Policy "default-src 'self' https://wiki.ncsa.illinois.edu 'unsafe-inline' 'unsafe-eval' data:; img-src 'self' https://wiki.ncsa.illinois.edu data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://wiki.ncsa.illinois.edu; style-src 'self' 'unsafe-inline' https://wiki.ncsa.illinois.edu; connect-src 'self' https://wiki.ncsa.illinois.edu https://wiki.ncsa.illinois.edu/synchrony; frame-src 'self' https://wiki.ncsa.illinois.edu;" always;

add_header Access-Control-Allow-Origin * always;
add_header Access-Control-Allow-Methods "GET, POST, OPTIONS" always;
Expand All @@ -97,7 +100,7 @@ http {
add_header X-Content-Type-Options nosniff always;
add_header X-Frame-Options SAMEORIGIN always;
add_header X-XSS-Protection "1; mode=block" always;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
#add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;

}

Expand All @@ -108,7 +111,7 @@ http {
redirect_uri = "http://${PROXY_FQDN}/redirect_uri",
discovery = "https://cilogon.org/.well-known/openid-configuration",
client_id = "cilogon:/client_id/9c02e8c0e767934c8e0bb60807dfa39",
client_secret = "HqTb451EId3AX9vnqVWap2WqWdqqBqlE0mTKGQ0CyJ7oVIB71UBkdfrXAMklm9vRwoGaAwx-UFJvr6DUbV7-eQ",
client_secret = "${CLIENT_SECRET}",
ssl_verify = "no",
scope = "openid email profile org.cilogon.userinfo",
redirect_uri_scheme = "http",
Expand Down Expand Up @@ -139,6 +142,7 @@ http {
proxy_set_header X-Original-URI $request_uri;
proxy_set_header X-NginX-Proxy true;
proxy_set_header Connection Keep-Alive;
proxy_set_body $request_body;
proxy_pass https://${TARGET_FQDN};

proxy_set_header Accept-Encoding "";
Expand All @@ -155,9 +159,9 @@ http {
proxy_set_header Upgrade $http_upgrade;
# proxy_set_header Connection "Upgrade";

proxy_hide_header Content-Security-Policy;
#proxy_hide_header Content-Security-Policy;

add_header Content-Security-Policy "default-src 'self' https://wiki.ncsa.illinois.edu 'unsafe-inline' 'unsafe-eval' data:; img-src 'self' https://wiki.ncsa.illinois.edu data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://wiki.ncsa.illinois.edu; style-src 'self' 'unsafe-inline' https://wiki.ncsa.illinois.edu; connect-src 'self' https://wiki.ncsa.illinois.edu https://wiki.ncsa.illinois.edu/synchrony; frame-src 'self' https://wiki.ncsa.illinois.edu;" always;
#add_header Content-Security-Policy "default-src 'self' https://wiki.ncsa.illinois.edu 'unsafe-inline' 'unsafe-eval' data:; img-src 'self' https://wiki.ncsa.illinois.edu data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://wiki.ncsa.illinois.edu; style-src 'self' 'unsafe-inline' https://wiki.ncsa.illinois.edu; connect-src 'self' https://wiki.ncsa.illinois.edu https://wiki.ncsa.illinois.edu/synchrony; frame-src 'self' https://wiki.ncsa.illinois.edu;" always;

add_header Access-Control-Allow-Origin * always;
add_header Access-Control-Allow-Methods "GET, POST, OPTIONS" always;
Expand All @@ -166,7 +170,7 @@ http {
add_header X-Content-Type-Options nosniff always;
add_header X-Frame-Options SAMEORIGIN always;
add_header X-XSS-Protection "1; mode=block" always;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
#add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;

}

Expand Down

0 comments on commit de01ae5

Please sign in to comment.