mirror of
https://github.com/bensuperpc/infrastructure.git
synced 2024-12-22 00:34:26 +01:00
Update infra
Signed-off-by: Bensuperpc <bensuperpc@gmail.com>
This commit is contained in:
parent
13c2b7df19
commit
cd2862a358
@ -44,3 +44,5 @@ services:
|
|||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
networks:
|
networks:
|
||||||
- app-network
|
- app-network
|
||||||
|
security_opt:
|
||||||
|
- no-new-privileges:true
|
@ -21,4 +21,4 @@ services:
|
|||||||
networks:
|
networks:
|
||||||
- app-network
|
- app-network
|
||||||
security_opt:
|
security_opt:
|
||||||
- "no-new-privileges:true"
|
- no-new-privileges:true
|
||||||
|
@ -13,6 +13,8 @@ services:
|
|||||||
- dbdata:/var/lib/mysql
|
- dbdata:/var/lib/mysql
|
||||||
networks:
|
networks:
|
||||||
- app-network
|
- app-network
|
||||||
|
security_opt:
|
||||||
|
- no-new-privileges:true
|
||||||
|
|
||||||
wordpress:
|
wordpress:
|
||||||
depends_on:
|
depends_on:
|
||||||
@ -29,8 +31,16 @@ services:
|
|||||||
networks:
|
networks:
|
||||||
- app-network
|
- app-network
|
||||||
security_opt:
|
security_opt:
|
||||||
- "no-new-privileges:true"
|
- no-new-privileges:true
|
||||||
|
# cap_drop:
|
||||||
|
# - ALL
|
||||||
|
# cap_add:
|
||||||
|
# - SETUID
|
||||||
|
# - SETGID
|
||||||
|
# - DAC_OVERRIDE
|
||||||
|
# - NET_BIND_SERVICE
|
||||||
|
# - NET_RAW
|
||||||
|
# - CAP_CHOWN
|
||||||
phpmyadmin:
|
phpmyadmin:
|
||||||
image: phpmyadmin:5.2.0
|
image: phpmyadmin:5.2.0
|
||||||
container_name: phpmyadmin
|
container_name: phpmyadmin
|
||||||
@ -39,12 +49,12 @@ services:
|
|||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
env_file:
|
env_file:
|
||||||
- env/phpmyadmin.env
|
- env/phpmyadmin.env
|
||||||
# ports:
|
|
||||||
# - 8080:80
|
|
||||||
depends_on:
|
depends_on:
|
||||||
- wp_db
|
- wp_db
|
||||||
networks:
|
networks:
|
||||||
- app-network
|
- app-network
|
||||||
|
security_opt:
|
||||||
|
- no-new-privileges:true
|
||||||
|
|
||||||
volumes:
|
volumes:
|
||||||
wordpress:
|
wordpress:
|
||||||
|
@ -50,7 +50,6 @@ server {
|
|||||||
add_header X-Content-Type-Options "nosniff" always;
|
add_header X-Content-Type-Options "nosniff" always;
|
||||||
add_header Referrer-Policy "no-referrer-when-downgrade" always;
|
add_header Referrer-Policy "no-referrer-when-downgrade" always;
|
||||||
add_header Content-Security-Policy "default-src * data: 'unsafe-eval' 'unsafe-inline'" always;
|
add_header Content-Security-Policy "default-src * data: 'unsafe-eval' 'unsafe-inline'" always;
|
||||||
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
|
|
||||||
|
|
||||||
# Security / XSS Mitigation Headers
|
# Security / XSS Mitigation Headers
|
||||||
# NOTE: X-Frame-Options may cause issues with the webOS app
|
# NOTE: X-Frame-Options may cause issues with the webOS app
|
||||||
@ -124,6 +123,8 @@ server {
|
|||||||
proxy_cache_lock on;
|
proxy_cache_lock on;
|
||||||
add_header X-Cache-Status $upstream_cache_status; # This is only to check if cache is working
|
add_header X-Cache-Status $upstream_cache_status; # This is only to check if cache is working
|
||||||
}
|
}
|
||||||
|
|
||||||
|
resolver 8.8.8.8;
|
||||||
}
|
}
|
||||||
|
|
||||||
# All configuration options are documented at https://jellyfin.org/docs/general/networking/nginx/
|
# All configuration options are documented at https://jellyfin.org/docs/general/networking/nginx/
|
@ -1,5 +1,3 @@
|
|||||||
#include /etc/nginx/conf.d/sub/cache-proxy.conf;
|
|
||||||
|
|
||||||
upstream phpmyadmin_server {
|
upstream phpmyadmin_server {
|
||||||
# ip_hash;
|
# ip_hash;
|
||||||
server phpmyadmin:80;
|
server phpmyadmin:80;
|
||||||
@ -15,12 +13,12 @@ server {
|
|||||||
|
|
||||||
server_name phpmyadmin.bensuperpc.org www.phpmyadmin.bensuperpc.org;
|
server_name phpmyadmin.bensuperpc.org www.phpmyadmin.bensuperpc.org;
|
||||||
|
|
||||||
location ~ \.php$ {
|
location / {
|
||||||
try_files $uri =404;
|
proxy_pass http://phpmyadmin_server;
|
||||||
fastcgi_split_path_info ^(.+\.php)(/.+)$;
|
proxy_redirect off;
|
||||||
fastcgi_pass phpmyadmin_server;
|
proxy_set_header X-Forwarded-Host $http_host;
|
||||||
fastcgi_index index.php;
|
proxy_set_header X-Forwarded-For $remote_addr;
|
||||||
}
|
}
|
||||||
|
|
||||||
# resolver 8.8.8.8;
|
resolver 8.8.8.8;
|
||||||
}
|
}
|
||||||
|
@ -20,5 +20,5 @@ server {
|
|||||||
proxy_set_header X-Forwarded-For $remote_addr;
|
proxy_set_header X-Forwarded-For $remote_addr;
|
||||||
}
|
}
|
||||||
|
|
||||||
# resolver 8.8.8.8;
|
resolver 8.8.8.8;
|
||||||
}
|
}
|
||||||
|
@ -8,6 +8,8 @@ ssl_session_tickets off;
|
|||||||
ssl_protocols TLSv1.3;
|
ssl_protocols TLSv1.3;
|
||||||
ssl_prefer_server_ciphers off;
|
ssl_prefer_server_ciphers off;
|
||||||
|
|
||||||
|
add_header Strict-Transport-Security "max-age=63072000" always;
|
||||||
|
|
||||||
# OCSP stapling
|
# OCSP stapling
|
||||||
ssl_stapling on;
|
ssl_stapling on;
|
||||||
ssl_stapling_verify on;
|
ssl_stapling_verify on;
|
||||||
|
@ -123,7 +123,11 @@ server {
|
|||||||
# Main server wordpress_server
|
# Main server wordpress_server
|
||||||
server {
|
server {
|
||||||
listen 443 ssl http2;
|
listen 443 ssl http2;
|
||||||
|
#listen 443 http3 reuseport;
|
||||||
|
|
||||||
listen [::]:443 ssl http2;
|
listen [::]:443 ssl http2;
|
||||||
|
|
||||||
|
|
||||||
server_name wordpress.bensuperpc.org www.wordpress.bensuperpc.org bensuperpc.org www.bensuperpc.org;
|
server_name wordpress.bensuperpc.org www.wordpress.bensuperpc.org bensuperpc.org www.bensuperpc.org;
|
||||||
|
|
||||||
root /var/www/wordpress;
|
root /var/www/wordpress;
|
||||||
@ -175,7 +179,6 @@ server {
|
|||||||
add_header X-Content-Type-Options "nosniff" always;
|
add_header X-Content-Type-Options "nosniff" always;
|
||||||
add_header Referrer-Policy "no-referrer-when-downgrade" always;
|
add_header Referrer-Policy "no-referrer-when-downgrade" always;
|
||||||
add_header Content-Security-Policy "default-src * data: 'unsafe-eval' 'unsafe-inline'" always;
|
add_header Content-Security-Policy "default-src * data: 'unsafe-eval' 'unsafe-inline'" always;
|
||||||
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
|
|
||||||
|
|
||||||
location / {
|
location / {
|
||||||
try_files $uri $uri/ /index.php$is_args$args;
|
try_files $uri $uri/ /index.php$is_args$args;
|
||||||
|
Loading…
Reference in New Issue
Block a user