-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathnginx-proxy.conf
27 lines (22 loc) · 1.02 KB
/
nginx-proxy.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
proxy_http_version 1.1;
proxy_buffering on;
proxy_buffers 4 256k;
proxy_buffer_size 128k;
proxy_busy_buffers_size 256k;
proxy_set_header Host $http_host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $proxy_connection;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $proxy_x_forwarded_proto;
proxy_set_header X-Forwarded-Ssl $proxy_x_forwarded_ssl;
proxy_set_header X-Forwarded-Port $proxy_x_forwarded_port;
# Mitigate httpoxy attack (see README for details)
# NOTE: The following configuration blocks the Proxy HTTP request header from
# being sent to downstream servers. This prevents attackers from using the
# so-called httpoxy attack. There is no legitimate reason for a client to send
# this header, and there are many vulnerable languages / platforms
# (CVE-2016-5385, CVE-2016-5386, CVE-2016-5387, CVE-2016-5388, CVE-2016-1000109,
# CVE-2016-1000110, CERT-VU#797896).
proxy_set_header Proxy "";
client_max_body_size 0;