titanz/NGINX-Configs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
NGINX-Configs/etc/nginx/snippets/proxy.conf
Tommy 37dcc6ddde
Update ssl_early_data configuration
2025-01-03 23:05:02 -07:00

39 lines
1.1 KiB
Plaintext
Raw Blame History

# Proxy Header Settings
# Use this with all reverse proxy vhosts
# Force http 1.1, anything not supporting it shouldn't be used
proxy_http_version 1.1;
# Signal to upstream whether ssl_early_data is used
proxy_set_header Early-Data $ssl_early_data;
# Restore visitor IP
proxy_set_header X-Real-IP $remote_addr;
# Forward host header
proxy_set_header Host $host;
# Upgrade connection
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
# Enable X-Forwarded headers
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Ssl on;
proxy_set_header X-Forwarded-Port $server_port;
# Hide X-Powered-By
proxy_hide_header X-Powered-By;
# CVE-2018-14773
proxy_set_header X-Original-URL "";
proxy_set_header X-Rewrite-URL "";
# Not the CVE, but is extremely similar
proxy_set_header X-Original-URI "";
# Potentially dangerous: https://github.com/oauth2-proxy/oauth2-proxy/issues/735
proxy_set_header X-Original-Method "";
proxy_set_header X-Forwarded-Method "";
Reference in New Issue View Git Blame Copy Permalink