Update infra

Signed-off-by: Bensuperpc <bensuperpc@gmail.com>
2025-10-31 09:06:23 +01:00 · 2023-04-16 23:43:40 +02:00
parent 13c2b7df19
commit cd2862a358
8 changed files with 32 additions and 16 deletions
--- a/docker-compose.divers.yml
+++ b/docker-compose.divers.yml
@@ -44,3 +44,5 @@ services:
    restart: unless-stopped
    networks:
      - app-network
    security_opt:
      - no-new-privileges:true
--- a/docker-compose.nginx.yml
+++ b/docker-compose.nginx.yml
@@ -21,4 +21,4 @@ services:
    networks:
      - app-network
    security_opt:
-      - "no-new-privileges:true"
+      - no-new-privileges:true
--- a/docker-compose.wordpress.yml
+++ b/docker-compose.wordpress.yml
@@ -13,6 +13,8 @@ services:
      - dbdata:/var/lib/mysql
    networks:
      - app-network
    security_opt:
      - no-new-privileges:true
  wordpress:
    depends_on: 
@@ -29,8 +31,16 @@ services:
    networks:
      - app-network
    security_opt:
-      - "no-new-privileges:true"
+      - no-new-privileges:true
-
+#    cap_drop:
 #        - ALL
 #    cap_add:
 #      - SETUID
 #      - SETGID
 #      - DAC_OVERRIDE
 #      - NET_BIND_SERVICE
 #      - NET_RAW
 #      - CAP_CHOWN
  phpmyadmin:
    image: phpmyadmin:5.2.0
    container_name: phpmyadmin
@@ -39,12 +49,12 @@ services:
    restart: unless-stopped
    env_file: 
      - env/phpmyadmin.env
 #    ports:
 #      - 8080:80
    depends_on:
      - wp_db
    networks:
      - app-network
    security_opt:
      - no-new-privileges:true
 volumes:
  wordpress:
--- a/nginx/conf.d/jellyfin.conf
+++ b/nginx/conf.d/jellyfin.conf
@@ -50,7 +50,6 @@ server {
        add_header X-Content-Type-Options "nosniff" always;
        add_header Referrer-Policy "no-referrer-when-downgrade" always;
        add_header Content-Security-Policy "default-src * data: 'unsafe-eval' 'unsafe-inline'" always;
        add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
        # Security / XSS Mitigation Headers
        # NOTE: X-Frame-Options may cause issues with the webOS app
@@ -124,6 +123,8 @@ server {
                proxy_cache_lock on;
                add_header X-Cache-Status $upstream_cache_status; # This is only to check if cache is working
        }
        resolver 8.8.8.8;
 }
 # All configuration options are documented at https://jellyfin.org/docs/general/networking/nginx/
--- a/nginx/conf.d/phpmyadmin.conf
+++ b/nginx/conf.d/phpmyadmin.conf
@@ -1,5 +1,3 @@
 #include /etc/nginx/conf.d/sub/cache-proxy.conf;
 upstream phpmyadmin_server {
        # ip_hash;
        server phpmyadmin:80;
@@ -15,12 +13,12 @@ server {
        server_name phpmyadmin.bensuperpc.org www.phpmyadmin.bensuperpc.org;
-        location ~ \.php$ {
+        location / {
-                try_files $uri =404;
+                proxy_pass http://phpmyadmin_server;
-                fastcgi_split_path_info ^(.+\.php)(/.+)$;
+                proxy_redirect off;
-                fastcgi_pass phpmyadmin_server;
+                proxy_set_header X-Forwarded-Host $http_host;
-                fastcgi_index index.php;
+                proxy_set_header X-Forwarded-For  $remote_addr;
        }
-        # resolver 8.8.8.8;
+        resolver 8.8.8.8;
 }
--- a/nginx/conf.d/qbittorrent.conf
+++ b/nginx/conf.d/qbittorrent.conf
@@ -20,5 +20,5 @@ server {
                proxy_set_header X-Forwarded-For  $remote_addr;
        }
-        # resolver 8.8.8.8;
+        resolver 8.8.8.8;
 }
--- a/nginx/conf.d/sub/options-ssl-nginx.conf
+++ b/nginx/conf.d/sub/options-ssl-nginx.conf
@@ -8,6 +8,8 @@ ssl_session_tickets off;
 ssl_protocols TLSv1.3;
 ssl_prefer_server_ciphers off;
 add_header Strict-Transport-Security "max-age=63072000" always;
 # OCSP stapling
 ssl_stapling on;
 ssl_stapling_verify on;
--- a/nginx/conf.d/wordpress.conf
+++ b/nginx/conf.d/wordpress.conf
@@ -123,7 +123,11 @@ server {
 # Main server wordpress_server
 server {
        listen 443 ssl http2;
        #listen 443 http3 reuseport;
        listen [::]:443 ssl http2;
        server_name wordpress.bensuperpc.org www.wordpress.bensuperpc.org bensuperpc.org www.bensuperpc.org;
        root /var/www/wordpress;
@@ -175,7 +179,6 @@ server {
        add_header X-Content-Type-Options "nosniff" always;
        add_header Referrer-Policy "no-referrer-when-downgrade" always;
        add_header Content-Security-Policy "default-src * data: 'unsafe-eval' 'unsafe-inline'" always;
        add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
        location / {
                try_files $uri $uri/ /index.php$is_args$args;