mirror of
https://github.com/bensuperpc/infrastructure.git
synced 2024-12-22 00:34:26 +01:00
Update infra
Signed-off-by: Bensuperpc <bensuperpc@gmail.com>
This commit is contained in:
parent
13c2b7df19
commit
cd2862a358
@ -44,3 +44,5 @@ services:
|
||||
restart: unless-stopped
|
||||
networks:
|
||||
- app-network
|
||||
security_opt:
|
||||
- no-new-privileges:true
|
@ -21,4 +21,4 @@ services:
|
||||
networks:
|
||||
- app-network
|
||||
security_opt:
|
||||
- "no-new-privileges:true"
|
||||
- no-new-privileges:true
|
||||
|
@ -13,6 +13,8 @@ services:
|
||||
- dbdata:/var/lib/mysql
|
||||
networks:
|
||||
- app-network
|
||||
security_opt:
|
||||
- no-new-privileges:true
|
||||
|
||||
wordpress:
|
||||
depends_on:
|
||||
@ -29,8 +31,16 @@ services:
|
||||
networks:
|
||||
- app-network
|
||||
security_opt:
|
||||
- "no-new-privileges:true"
|
||||
|
||||
- no-new-privileges:true
|
||||
# cap_drop:
|
||||
# - ALL
|
||||
# cap_add:
|
||||
# - SETUID
|
||||
# - SETGID
|
||||
# - DAC_OVERRIDE
|
||||
# - NET_BIND_SERVICE
|
||||
# - NET_RAW
|
||||
# - CAP_CHOWN
|
||||
phpmyadmin:
|
||||
image: phpmyadmin:5.2.0
|
||||
container_name: phpmyadmin
|
||||
@ -39,12 +49,12 @@ services:
|
||||
restart: unless-stopped
|
||||
env_file:
|
||||
- env/phpmyadmin.env
|
||||
# ports:
|
||||
# - 8080:80
|
||||
depends_on:
|
||||
- wp_db
|
||||
networks:
|
||||
- app-network
|
||||
security_opt:
|
||||
- no-new-privileges:true
|
||||
|
||||
volumes:
|
||||
wordpress:
|
||||
|
@ -50,7 +50,6 @@ server {
|
||||
add_header X-Content-Type-Options "nosniff" always;
|
||||
add_header Referrer-Policy "no-referrer-when-downgrade" always;
|
||||
add_header Content-Security-Policy "default-src * data: 'unsafe-eval' 'unsafe-inline'" always;
|
||||
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
|
||||
|
||||
# Security / XSS Mitigation Headers
|
||||
# NOTE: X-Frame-Options may cause issues with the webOS app
|
||||
@ -124,6 +123,8 @@ server {
|
||||
proxy_cache_lock on;
|
||||
add_header X-Cache-Status $upstream_cache_status; # This is only to check if cache is working
|
||||
}
|
||||
|
||||
resolver 8.8.8.8;
|
||||
}
|
||||
|
||||
# All configuration options are documented at https://jellyfin.org/docs/general/networking/nginx/
|
@ -1,5 +1,3 @@
|
||||
#include /etc/nginx/conf.d/sub/cache-proxy.conf;
|
||||
|
||||
upstream phpmyadmin_server {
|
||||
# ip_hash;
|
||||
server phpmyadmin:80;
|
||||
@ -15,12 +13,12 @@ server {
|
||||
|
||||
server_name phpmyadmin.bensuperpc.org www.phpmyadmin.bensuperpc.org;
|
||||
|
||||
location ~ \.php$ {
|
||||
try_files $uri =404;
|
||||
fastcgi_split_path_info ^(.+\.php)(/.+)$;
|
||||
fastcgi_pass phpmyadmin_server;
|
||||
fastcgi_index index.php;
|
||||
location / {
|
||||
proxy_pass http://phpmyadmin_server;
|
||||
proxy_redirect off;
|
||||
proxy_set_header X-Forwarded-Host $http_host;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
}
|
||||
|
||||
# resolver 8.8.8.8;
|
||||
resolver 8.8.8.8;
|
||||
}
|
||||
|
@ -20,5 +20,5 @@ server {
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
}
|
||||
|
||||
# resolver 8.8.8.8;
|
||||
resolver 8.8.8.8;
|
||||
}
|
||||
|
@ -8,6 +8,8 @@ ssl_session_tickets off;
|
||||
ssl_protocols TLSv1.3;
|
||||
ssl_prefer_server_ciphers off;
|
||||
|
||||
add_header Strict-Transport-Security "max-age=63072000" always;
|
||||
|
||||
# OCSP stapling
|
||||
ssl_stapling on;
|
||||
ssl_stapling_verify on;
|
||||
|
@ -123,7 +123,11 @@ server {
|
||||
# Main server wordpress_server
|
||||
server {
|
||||
listen 443 ssl http2;
|
||||
#listen 443 http3 reuseport;
|
||||
|
||||
listen [::]:443 ssl http2;
|
||||
|
||||
|
||||
server_name wordpress.bensuperpc.org www.wordpress.bensuperpc.org bensuperpc.org www.bensuperpc.org;
|
||||
|
||||
root /var/www/wordpress;
|
||||
@ -175,7 +179,6 @@ server {
|
||||
add_header X-Content-Type-Options "nosniff" always;
|
||||
add_header Referrer-Policy "no-referrer-when-downgrade" always;
|
||||
add_header Content-Security-Policy "default-src * data: 'unsafe-eval' 'unsafe-inline'" always;
|
||||
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
|
||||
|
||||
location / {
|
||||
try_files $uri $uri/ /index.php$is_args$args;
|
||||
|
Loading…
Reference in New Issue
Block a user