Sākums Izpētīt Palīdzība
Pierakstīties
mirrors
/
wekan
spogulis no https://github.com/wekan/wekan.git
2
0
Atdalīts 0
Faili Problēmas 0 Vikivietne
Pārlūkot izejas kodu

- Add optional Nginx reverse proxy config to docker-compose.yml and nginx directory.

Thanks to MyTheValentinus !
Lauri Ojansivu 6 gadi atpakaļ
vecāks
76c5c283b9
revīzija
c61e44d55b
4 mainītis faili ar 118 papildinājumiem un 3 dzēšanām
Apvienotais skats Rādīt salīdzināšanas statistiku
  1. 7 3
      CHANGELOG.md
  2. 18 0
      docker-compose.yml
  3. 92 0
      nginx/nginx.conf
  4. 1 0
      nginx/ssl/.gitkeep

+ 7 - 3
CHANGELOG.md
Parādīt failu 

@@ -1,10 +1,14 @@
 
 # Upcoming Wekan release
 
 # Upcoming Wekan release
 
 
 
-This release fixes the following bugs:
 
+This release adds the following new features:
 
 
 
-- docker-compose.yml back to MongoDB 3.2.21 because 3.2.22 MongoDB container does not exist yet.
 
+- Add optional Nginx reverse proxy config to docker-compose.yml and nginx directory. Thanks to MyTheValentinus.
 
+
 
+and fixes the following bugs:
 
+
 
+- docker-compose.yml back to MongoDB 3.2.21 because 3.2.22 MongoDB container does not exist yet. Thanks to xet7.
 
     
     
-Thanks to GitHub user xet7 for contributions.
 
+Thanks to above GitHub users for their contributions.
 
 
 
 # v1.97 2018-12-26 Wekan release
 
 # v1.97 2018-12-26 Wekan release

+ 18 - 0
docker-compose.yml
Parādīt failu 

@@ -145,6 +145,7 @@ services:
 
       # Docker outsideport:insideport. Do not add anything extra here.
 
       # Docker outsideport:insideport. Do not add anything extra here.
 
       # For example, if you want to have wekan on port 3001,
 
       # For example, if you want to have wekan on port 3001,
 
       # use 3001:8080 . Do not add any extra address etc here, that way it does not work.
 
       # use 3001:8080 . Do not add any extra address etc here, that way it does not work.
 
+      # remove port mapping if you use nginx reverse proxy, port 8080 is already exposed to wekan-tier network
 
       - 80:8080
 
       - 80:8080
 
     environment:
 
     environment:
 
       - MONGO_URL=mongodb://wekandb:27017/wekan
 
       - MONGO_URL=mongodb://wekandb:27017/wekan
 
@@ -492,6 +493,23 @@ services:
 
 #      ...COPY CONFIG FROM ABOVE TO HERE...
 
 #      ...COPY CONFIG FROM ABOVE TO HERE...
 
 #---------------------------------------------------------------------------------
 
 #---------------------------------------------------------------------------------
 
 
 
+# OPTIONAL NGINX CONFIG FOR REVERSE PROXY
 
+#  nginx:
 
+#    image: nginx
 
+#    container_name: nginx
 
+#    restart: always
 
+#    networks:
 
+#      - wekan-tier
 
+#    depends_on:
 
+#      - wekan
 
+#    ports:
 
+#      - 80:80
 
+#      - 443:443
 
+#    volumes:
 
+#      - ./nginx/ssl:/etc/nginx/ssl/
 
+#      - ./nginx/nginx.conf:/etc/nginx/nginx.conf
 
+
 
+
 
 volumes:
 
 volumes:
 
   wekan-db:
 
   wekan-db:
 
     driver: local
 
     driver: local

+ 92 - 0
nginx/nginx.conf
Parādīt failu 

@@ -0,0 +1,92 @@
 
+user  www-data;
 
+worker_processes  1;
 
+
 
+error_log  /var/log/nginx/error.log warn;
 
+pid        /var/run/nginx.pid;
 
+
 
+events {
 
+    worker_connections  1024;
 
+}
 
+
 
+http {
 
+    include       /etc/nginx/mime.types;
 
+    default_type  application/octet-stream;
 
+
 
+    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
 
+                      '$status $body_bytes_sent "$http_referer" '
 
+                      '"$http_user_agent" "$http_x_forwarded_for"';
 
+
 
+    access_log  /var/log/nginx/access.log  main;
 
+
 
+    sendfile        on;
 
+    #tcp_nopush     on;
 
+
 
+    keepalive_timeout  65;
 
+
 
+    map $http_host $this_host {
 
+        "" $host;
 
+        default $http_host;
 
+    }
 
+
 
+    map $http_x_forwarded_proto $the_scheme {
 
+        default $http_x_forwarded_proto;
 
+        "" $scheme;
 
+    }
 
+
 
+    map $http_x_forwarded_host $the_host {
 
+       default $http_x_forwarded_host;
 
+       "" $this_host;
 
+    }
 
+
 
+    map $http_upgrade $connection_upgrade {
 
+        default upgrade;
 
+        '' close;
 
+    }
 
+
 
+    server {
 
+   	listen 80;
 
+	listen 443 ssl;
 
+
 
+	if ($scheme = http) {
 
+  	    rewrite ^ https://$host$request_uri? permanent;
 
+	}
 
+
 
+
 
+  ssl_certificate /etc/nginx/ssl/server.crt;
 
+	ssl_certificate_key /etc/nginx/ssl/server.key;
 
+
 
+
 
+	ssl_protocols TLSv1.2;	
+	ssl_prefer_server_ciphers on;
 
+	ssl_ciphers EECDH+AESGCM:EECDH+CHACHA20:EECDH+AES;
 
+
 
+	ssl_session_cache shared:SSL:10m;
 
+	ssl_session_timeout 10m;
 
+
 
+	ssl_ecdh_curve sect571r1:secp521r1:brainpoolP512r1:secp384r1;
 
+	add_header Strict-Transport-Security "max-age=31536000; preload";
 
+
 
+        # Add headers to serve security related headers
 
+        add_header X-Content-Type-Options nosniff;
 
+        add_header X-XSS-Protection "1; mode=block";
 
+        add_header X-Robots-Tag none;
 
+        add_header X-Download-Options noopen;
 
+        add_header X-Permitted-Cross-Domain-Policies none;
 
+
 
+	add_header Referrer-Policy "same-origin";
 
+
 
+        root /var/www/html;
 
+        client_max_body_size 10G; # 0=unlimited - set max upload size
 
+        fastcgi_buffers 64 4K;
 
+
 
+        gzip off;
 
+
 
+	location / {
 
+		proxy_pass http://wekan:8080;
 
+		proxy_http_version 1.1;
 
+		proxy_set_header Upgrade $http_upgrade;
 
+		proxy_set_header Connection $connection_upgrade;
 
+		proxy_set_header X-Forwarded-For $remote_addr;
 
+	}
 
+    }
 
+}

+ 1 - 0
nginx/ssl/.gitkeep
Parādīt failu 

@@ -0,0 +1 @@
 
+PLACE YOUR SSL Certificates in this folder