initial commit of file from CVS for smeserver-onlyoffice on Sat Sep 7 20:48:46 AEST 2024
This commit is contained in:
Trevor Batley
@@ -0,0 +1 @@
|
||||
enabled
|
||||
@@ -0,0 +1 @@
|
||||
service
|
||||
@@ -0,0 +1 @@
|
||||
enabled
|
||||
@@ -0,0 +1 @@
|
||||
service
|
||||
@@ -0,0 +1 @@
|
||||
enabled
|
||||
@@ -0,0 +1 @@
|
||||
service
|
||||
@@ -0,0 +1 @@
|
||||
8082
|
||||
@@ -0,0 +1 @@
|
||||
local
|
||||
@@ -0,0 +1 @@
|
||||
onlyoffice
|
||||
@@ -0,0 +1 @@
|
||||
onlyoffice
|
||||
@@ -0,0 +1 @@
|
||||
enabled
|
||||
@@ -0,0 +1 @@
|
||||
configuration
|
||||
27
root/etc/e-smith/db/configuration/migrate/50onlyoffice
Normal file
27
root/etc/e-smith/db/configuration/migrate/50onlyoffice
Normal file
@@ -0,0 +1,27 @@
|
||||
{
|
||||
my $onlyoffice = $DB->get('onlyoffice') || $DB->new_record('onlyoffice', {type => 'configuration'});
|
||||
my $token = $onlyoffice->prop('token') || '';
|
||||
my $secretString = $onlyoffice->prop('secretString') || '';
|
||||
# If the management interface is already defined, return nothing
|
||||
|
||||
if ($token eq '') {
|
||||
# Else, we generate a random password
|
||||
my $pass=`/usr/bin/openssl rand -base64 32 | tr -c -d '[:alnum:]'`;
|
||||
$onlyoffice->set_prop('token',"$pass");
|
||||
}
|
||||
|
||||
if ($secretString eq '') {
|
||||
# Else, we generate a random password
|
||||
my $pass=`/usr/bin/openssl rand -base64 60 | tr -c -d '[:alnum:]'`;
|
||||
$onlyoffice->set_prop('secretString',"$pass");
|
||||
}
|
||||
|
||||
|
||||
#dbpass
|
||||
my $dbpass = $onlyoffice->prop('dbpass') || '';
|
||||
if ($dbpass eq '') {
|
||||
my $pass=`/usr/bin/openssl rand -base64 60 | tr -c -d '[:alnum:]'`;
|
||||
$onlyoffice->set_prop('dbpass',"$pass");
|
||||
}
|
||||
|
||||
}
|
||||
165
root/etc/e-smith/events/actions/smeserver-onlyoffice-conf
Normal file
165
root/etc/e-smith/events/actions/smeserver-onlyoffice-conf
Normal file
@@ -0,0 +1,165 @@
|
||||
#!/bin/bash
|
||||
|
||||
[ -f /etc/nginx/conf.d/onlyoffice-documentserver.conf ] && rm -f /etc/nginx/conf.d/onlyoffice-documentserver.conf
|
||||
[ -f /etc/nginx/includes/onlyoffice-http.conf ] && rm -f /etc/nginx/includes/onlyoffice-http.conf
|
||||
[ -e /etc/nginx/includes/ds-example.conf ] && rm -f /etc/nginx/includes/ds-example.conf
|
||||
|
||||
# NB if token less than 32 webtop will fail
|
||||
|
||||
# get fqdn and dshost
|
||||
export fqdn=$(/sbin/e-smith/config getprop onlyoffice VirtualHost || echo `config get SystemName`.`config get DomainName`)
|
||||
export dshost=$fqdn
|
||||
export dsport=$(/sbin/e-smith/config getprop onlyoffice TCPPort || echo "8082")
|
||||
secretString=$(/sbin/e-smith/config getprop onlyoffice secretString || /usr/bin/openssl rand -base64 60 | tr -c -d '[:alnum:]' )
|
||||
fulladdress="$dshost:$dsport"
|
||||
[ $(/sbin/e-smith/config getprop onlyoffice VirtualHost) ] && fulladdress=$(/sbin/e-smith/config getprop onlyoffice VirtualHost)
|
||||
|
||||
# configure onlyoffice
|
||||
DIR="/var/www/onlyoffice"
|
||||
DEFAULT_CONFIG="/etc/onlyoffice/documentserver/default.json"
|
||||
EXAMPLE_CONFIG="/etc/onlyoffice/documentserver-example/default.json"
|
||||
SAVED_DEFAULT_CONFIG="$DEFAULT_CONFIG.rpmsave"
|
||||
PSQL=""
|
||||
CREATEDB=""
|
||||
DS_PORT=${DS_PORT:-$dsport}
|
||||
# DOCSERVICE_PORT=${DOCSERVICE_PORT:-8000}
|
||||
# SPELLCHECKER_PORT=${SPELLCHECKER_PORT:-8080}
|
||||
# EXAMPLE_PORT=${EXAMPLE_PORT:-3000}
|
||||
JWT_ENABLED=${JWT_ENABLED:-true}
|
||||
JWT_SECRET=${JWT_SECRET:-secret}
|
||||
JWT_HEADER=${JWT_HEADER:-Authorization}
|
||||
JWT_SECRET=`/sbin/e-smith/config getprop onlyoffice token`
|
||||
|
||||
# get reject unauthorized ssl config
|
||||
REJECT_UNAUTHORIZED=`/sbin/e-smith/config getprop onlyoffice RejectUnauthorized || echo "true"`
|
||||
verify_peer_off="false";
|
||||
if [[ "$REJECT_UNAUTHORIZED" == "false" ]]; then verify_peer_off="true"; fi
|
||||
|
||||
# create database if not exist
|
||||
export PGPASSWORD=`/sbin/e-smith/config getprop onlyoffice dbpass || echo 'onlyoffice'`
|
||||
PGUSER=`/sbin/e-smith/config getprop onlyoffice dbuser || echo 'onlyoffice'`
|
||||
PGNAME=`/sbin/e-smith/config getprop onlyoffice dbname || echo 'onlyoffice'`
|
||||
CONNECTION_PARAMS="-hlocalhost -U$PGUSER -w"
|
||||
psql="/usr/pgsql-13/bin/psql"
|
||||
PSQL="$psql -q $CONNECTION_PARAMS"
|
||||
CREATEDB="createdb -q $CONNECTION_PARAMS"
|
||||
|
||||
su - postgres -c "$psql -lqt | cut -d \| -f 1 | grep -q -w $PGNAME"
|
||||
if [ $? -eq 1 ]; then # database do not exists
|
||||
su - postgres -c "$psql -c \"CREATE DATABASE $PGNAME;\""
|
||||
su - postgres -c "$psql -c \"CREATE USER $PGUSER WITH password '$PGPASSWORD';\""
|
||||
su - postgres -c "$psql -c \"GRANT ALL privileges ON DATABASE $PGNAME TO $PGUSER;\""
|
||||
else
|
||||
su - postgres -c "$psql -c \"ALTER USER $PGUSER WITH password '$PGPASSWORD';\""
|
||||
fi
|
||||
|
||||
# check if db works correctly
|
||||
$PSQL -c ";" >/dev/null 2>&1 || { echo "FAILURE"; exit 1; }
|
||||
|
||||
# db schema
|
||||
$PSQL -d "$PGNAME" -f "$DIR/documentserver/server/schema/postgresql/createdb.sql" >/dev/null 2>&1
|
||||
|
||||
# change port 8080 to 48080 for spellchecker to not conflict with tomcat
|
||||
jq -r ".SpellChecker.server.port = 48080" $DEFAULT_CONFIG > temp.json && mv -f temp.json $DEFAULT_CONFIG
|
||||
|
||||
# change port 8000 to 48000 for coauth to not conflict with webvirtmgr
|
||||
jq -r ".services.CoAuthoring.server.port = 48000" $DEFAULT_CONFIG > temp.json && mv -f temp.json $DEFAULT_CONFIG
|
||||
|
||||
# postgres db settings
|
||||
jq -r ".services.CoAuthoring.sql.dbHost = \"localhost\"" $DEFAULT_CONFIG > temp.json && mv -f temp.json $DEFAULT_CONFIG
|
||||
jq -r ".services.CoAuthoring.sql.dbName= \"onlyoffice\"" $DEFAULT_CONFIG > temp.json && mv -f temp.json $DEFAULT_CONFIG
|
||||
jq -r ".services.CoAuthoring.sql.dbUser = \"onlyoffice\"" $DEFAULT_CONFIG > temp.json && mv -f temp.json $DEFAULT_CONFIG
|
||||
jq -r ".services.CoAuthoring.sql.dbPass = \"${PGPASSWORD}\"" $DEFAULT_CONFIG > temp.json && mv -f temp.json $DEFAULT_CONFIG
|
||||
|
||||
# RabbitMQ
|
||||
jq -r ".rabbitmq.url = \"amqp://guest:guest@localhost\"" $DEFAULT_CONFIG > temp.json && mv -f temp.json $DEFAULT_CONFIG
|
||||
|
||||
# redis
|
||||
jq -r ".services.CoAuthoring.redis.host = \"localhost\"" $DEFAULT_CONFIG > temp.json && mv -f temp.json $DEFAULT_CONFIG
|
||||
|
||||
# enable jwt token for browser, inbox and outbox
|
||||
jq -r ".services.CoAuthoring.token.enable.browser = ${JWT_ENABLED}" $DEFAULT_CONFIG > temp.json && mv -f temp.json $DEFAULT_CONFIG
|
||||
jq -r ".services.CoAuthoring.token.enable.request.inbox = ${JWT_ENABLED}" $DEFAULT_CONFIG > temp.json && mv -f temp.json $DEFAULT_CONFIG
|
||||
jq -r ".services.CoAuthoring.token.enable.request.outbox = ${JWT_ENABLED}" $DEFAULT_CONFIG > temp.json && mv -f temp.json $DEFAULT_CONFIG
|
||||
|
||||
# set secret for session, inbox and outbox
|
||||
jq -r ".services.CoAuthoring.secret.inbox.string = \"${JWT_SECRET}\"" $DEFAULT_CONFIG > temp.json && mv -f temp.json $DEFAULT_CONFIG
|
||||
jq -r ".services.CoAuthoring.secret.outbox.string = \"${JWT_SECRET}\"" $DEFAULT_CONFIG > temp.json && mv -f temp.json $DEFAULT_CONFIG
|
||||
jq -r ".services.CoAuthoring.secret.session.string = \"${JWT_SECRET}\"" $DEFAULT_CONFIG > temp.json && mv -f temp.json $DEFAULT_CONFIG
|
||||
|
||||
# set header, define in JWT_HEADER
|
||||
jq -r ".services.CoAuthoring.token.inbox.header = \"${JWT_HEADER}\"" $DEFAULT_CONFIG > temp.json && mv -f temp.json $DEFAULT_CONFIG
|
||||
jq -r ".services.CoAuthoring.token.outbox.header = \"${JWT_HEADER}\"" $DEFAULT_CONFIG > temp.json && mv -f temp.json $DEFAULT_CONFIG
|
||||
|
||||
# Allow unauthorized SSL if enabled
|
||||
jq -r ".services.CoAuthoring.requestDefaults.rejectUnauthorized = ${REJECT_UNAUTHORIZED}" $DEFAULT_CONFIG > temp.json && mv -f temp.json $DEFAULT_CONFIG
|
||||
|
||||
#add very secret string https://forum.onlyoffice.com/t/onlyoffice-7-2-secure-link-secret-error/2806/4
|
||||
jq -r ".storage.fs.secretString = \"${secretString}\"" $DEFAULT_CONFIG > temp.json && mv -f temp.json $DEFAULT_CONFIG
|
||||
|
||||
# configure nextcloud
|
||||
if [ -f /usr/share/nextcloud/occ ]; then # check if nextcloud is installed
|
||||
# Install onlyoffice app
|
||||
/usr/bin/occ app:install onlyoffice
|
||||
|
||||
# Set DocumentServerUrl
|
||||
/usr/bin/occ config:app:set onlyoffice DocumentServerUrl --value="https://$fulladdress/"
|
||||
|
||||
# Set token secret
|
||||
/usr/bin/occ config:app:set onlyoffice jwt_secret --value="$JWT_SECRET"
|
||||
|
||||
# Enable onlyoffice app
|
||||
/usr/bin/occ app:enable onlyoffice
|
||||
|
||||
# allow self-signed cert make it conditional
|
||||
/usr/bin/occ config:app:set onlyoffice verify_peer_off --value="$verify_peer_off"
|
||||
fi
|
||||
|
||||
# check if webtop5 db is present to add onlyoffice config and restart webtop
|
||||
su - postgres -c "$psql -lqt | cut -d \| -f 1 | grep -q -w webtop5"
|
||||
if [ $? -eq 0 ]; then
|
||||
su - postgres -c "$psql webtop5" <<EOF
|
||||
INSERT INTO core.settings(service_id, key, value)
|
||||
SELECT 'com.sonicle.webtop.core', 'documentserver.secret.in', '$JWT_SECRET'
|
||||
WHERE NOT EXISTS (
|
||||
SELECT 1 FROM core.settings WHERE key='documentserver.secret.in'
|
||||
);
|
||||
|
||||
INSERT INTO core.settings(service_id, key, value)
|
||||
SELECT 'com.sonicle.webtop.core', 'documentserver.secret.out', '$JWT_SECRET'
|
||||
WHERE NOT EXISTS (
|
||||
SELECT 1 FROM core.settings WHERE key='documentserver.secret.out'
|
||||
);
|
||||
|
||||
INSERT INTO core.settings(service_id, key, value)
|
||||
SELECT 'com.sonicle.webtop.core', 'documentserver.loopback.url', 'https://$fqdn/webtop'
|
||||
WHERE NOT EXISTS (
|
||||
SELECT 1 FROM core.settings WHERE key='documentserver.loopback.url'
|
||||
);
|
||||
|
||||
INSERT INTO core.settings(service_id, key, value)
|
||||
SELECT 'com.sonicle.webtop.core', 'documentserver.public.url', 'https://$fulladdress'
|
||||
WHERE NOT EXISTS (
|
||||
SELECT 1 FROM core.settings WHERE key='documentserver.public.url'
|
||||
);
|
||||
|
||||
INSERT INTO core.settings(service_id, key, value)
|
||||
SELECT 'com.sonicle.webtop.core', 'documentserver.enabled', 'true'
|
||||
WHERE NOT EXISTS (
|
||||
SELECT 1 FROM core.settings WHERE key='documentserver.enabled'
|
||||
);
|
||||
|
||||
UPDATE core.settings SET service_id='com.sonicle.webtop.core', key='documentserver.secret.in', value='$JWT_SECRET' WHERE key='documentserver.secret.in';
|
||||
UPDATE core.settings SET service_id='com.sonicle.webtop.core', key='documentserver.secret.out', value='$JWT_SECRET' WHERE key='documentserver.secret.out';
|
||||
UPDATE core.settings SET service_id='com.sonicle.webtop.core', key='documentserver.loopback.url', value='https://$fqdn/webtop' WHERE key='documentserver.loopback.url';
|
||||
UPDATE core.settings SET service_id='com.sonicle.webtop.core', key='documentserver.public.url', value='https://$fulladdress' WHERE key='documentserver.public.url';
|
||||
UPDATE core.settings SET service_id='com.sonicle.webtop.core', key='documentserver.enabled', value='true' WHERE key='documentserver.enabled';
|
||||
EOF
|
||||
|
||||
systemctl restart tomcat8@webtop
|
||||
|
||||
fi
|
||||
|
||||
# set owner of config file to onlyoffice
|
||||
|
||||
chown ds:ds $DEFAULT_CONFIG
|
||||
@@ -0,0 +1,4 @@
|
||||
TEMPLATE_PATH="/home/e-smith/ssl.pem"
|
||||
OUTPUT_FILENAME="/etc/nginx/certificate.crt"
|
||||
GID="nginx"
|
||||
PERMS=0640
|
||||
@@ -0,0 +1,10 @@
|
||||
{
|
||||
use esmith::DomainsDB;
|
||||
# Convert the passed hash for the domain object back into an object.
|
||||
$domain = bless \%domain, 'esmith::DB::db::Record';
|
||||
|
||||
# Make scalars from some of the properties of the domain
|
||||
$virtualHost = $domain->key;
|
||||
$virtualHostContent = $domain->prop('Content');
|
||||
$OUT = "";
|
||||
}
|
||||
@@ -0,0 +1,66 @@
|
||||
{
|
||||
|
||||
#return "# onlyoffice proxy disabled, no domain set" unless $onlyoffice{'VirtualHost'};
|
||||
if (($port eq "80") ){
|
||||
$OUT = <<"_EOL";
|
||||
# PORT FORWARD FROM 80 TO: 443
|
||||
ServerName $onlyoffice{'VirtualHost'}
|
||||
_EOL
|
||||
|
||||
$OUT .= <<_EOL;
|
||||
ServerAlias
|
||||
SSLProxyEngine On
|
||||
RewriteEngine on
|
||||
RewriteCond %\{REQUEST_URI\} !^/.well-known/acme-challenge [NC]
|
||||
RewriteCond %\{HTTPS\} off
|
||||
RewriteRule ^/(.*) https://%\{HTTP_HOST\}/$1 [NC,R,L]
|
||||
_EOL
|
||||
|
||||
}
|
||||
else {
|
||||
|
||||
use esmith::DomainsDB;
|
||||
my $domains = esmith::DomainsDB->open_ro;
|
||||
my $ssl_file_crt = $domains->get_prop($virtualHost, "DomainSSLCertificateFile") || "disabled";
|
||||
my $ssl_file_key = $domains->get_prop($virtualHost, "DomainSSLCertificateKeyFile") || "disabled";
|
||||
my $ssl_file_chain = $domains->get_prop($virtualHost, "DomainSSLCertificateChainFile") || "disabled";
|
||||
|
||||
|
||||
$OUT = <<"_EOL";
|
||||
ServerName $onlyoffice{'VirtualHost'}
|
||||
SSLEngine On
|
||||
SSLCompression off
|
||||
_EOL
|
||||
|
||||
$OUT .= " SSLCertificateFile $ssl_file_crt\n" unless $ssl_file_crt eq 'disabled';
|
||||
$OUT .= " SSLCertificateChainFile $ssl_file_chain\n" unless $ssl_file_chain eq 'disabled';
|
||||
$OUT .= " SSLCertificateKeyFile $ssl_file_key\n" unless ( $ssl_file_key eq 'disabled' || ! -e $ssl_file_chain );
|
||||
|
||||
$OUT .= <<_EOL;
|
||||
RewriteEngine on
|
||||
RewriteRule ^(/)?\$ /welcome/ [NC,R,L]
|
||||
|
||||
SetEnvIf Host "^(.*)\$" THE_HOST=\$1
|
||||
#needs apache 2.4.7
|
||||
#RequestHeader setifempty X-Forwarded-Proto https
|
||||
#RequestHeader setifempty X-Forwarded-Host \%{THE_HOST}e
|
||||
RequestHeader set X-Forwarded-Proto https
|
||||
RequestHeader set X-Forwarded-Host \%{THE_HOST}e
|
||||
ProxyAddHeaders Off
|
||||
|
||||
ProxyPass /.well-known/acme-challenge !
|
||||
_EOL
|
||||
|
||||
my $OOport = 48000;
|
||||
$OUT .= <<"_EOL";
|
||||
#ProxyPassMatch (.*)(\/websocket)\$ "ws://localhost:$OOport/\$1\$2"
|
||||
RewriteCond %\{HTTP:Upgrade\} websocket [NC]
|
||||
RewriteCond %\{HTTP:Connection\} upgrade [NC]
|
||||
RewriteRule ^/?(.*) "ws://localhost:$OOport/\$1" [P,L]
|
||||
ProxyPass / "http://localhost:$OOport/"
|
||||
ProxyPassReverse / "http://localhost:$OOport/"
|
||||
_EOL
|
||||
|
||||
}
|
||||
|
||||
}
|
||||
@@ -0,0 +1,2 @@
|
||||
|
||||
<VirtualHost {$ipAddress}:{$port}>
|
||||
@@ -0,0 +1,2 @@
|
||||
</VirtualHost>
|
||||
|
||||
49
root/etc/e-smith/templates/etc/nginx/conf.d/ds.conf/10base
Normal file
49
root/etc/e-smith/templates/etc/nginx/conf.d/ds.conf/10base
Normal file
@@ -0,0 +1,49 @@
|
||||
include /etc/nginx/includes/http-common.conf;
|
||||
|
||||
## HTTPS host
|
||||
server \{
|
||||
{
|
||||
$OUT .= " listen 127.0.0.1:8083;\n";
|
||||
$OUT .= " listen 0.0.0.0:$onlyoffice{'TCPPort'} ssl;\n";
|
||||
$OUT .= " listen [::]:$onlyoffice{'TCPPort'} ssl default_server;\n";
|
||||
}
|
||||
server_tokens off;
|
||||
root /usr/share/nginx/html;
|
||||
|
||||
## Strong SSL Security
|
||||
## https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html
|
||||
ssl_certificate /etc/nginx/certificate.crt;
|
||||
ssl_certificate_key /etc/nginx/certificate.crt;
|
||||
ssl_verify_client off;
|
||||
|
||||
ssl_ciphers "ECDHE-RSA-AES128-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA128:DHE-RSA-AES128-GCM-SHA384:DHE-RSA-AES128-GCM-SHA128:ECDHE-RSA-AES128-SHA384:ECDHE-RSA-AES128-SHA128:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA128:DHE-RSA-AES128-SHA128:DHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA384:AES128-GCM-SHA128:AES128-SHA128:AES128-SHA128:AES128-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
|
||||
|
||||
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
|
||||
ssl_session_cache builtin:1000 shared:SSL:10m;
|
||||
|
||||
ssl_prefer_server_ciphers on;
|
||||
|
||||
add_header Strict-Transport-Security max-age=31536000;
|
||||
# add_header X-Frame-Options SAMEORIGIN;
|
||||
add_header X-Content-Type-Options nosniff;
|
||||
|
||||
## [Optional] If your certficate has OCSP, enable OCSP stapling to reduce the overhead and latency of running SSL.
|
||||
## Replace with your ssl_trusted_certificate. For more info see:
|
||||
## - https://medium.com/devops-programming/4445f4862461
|
||||
## - https://www.ruby-forum.com/topic/4419319
|
||||
## - https://www.digitalocean.com/community/tutorials/how-to-configure-ocsp-stapling-on-apache-and-nginx
|
||||
# ssl_stapling on;
|
||||
# ssl_stapling_verify on;
|
||||
# ssl_trusted_certificate /etc/nginx/ssl/stapling.trusted.crt;
|
||||
# resolver 208.67.222.222 208.67.222.220 valid=300s; # Can change to your DNS resolver if desired
|
||||
# resolver_timeout 10s;
|
||||
|
||||
## [Optional] Generate a stronger DHE parameter:
|
||||
## cd /etc/ssl/certs
|
||||
## sudo openssl dhparam -out dhparam.pem 4096
|
||||
##
|
||||
# ssl_dhparam /etc/ssl/certs/dhparam.pem;
|
||||
set $secure_link_secret { $onlyoffice{'secretString'} || "how-to-configure-ocsp-stapling-on-apache" };
|
||||
include /etc/nginx/includes/ds-*.conf;
|
||||
|
||||
\}
|
||||
@@ -0,0 +1,38 @@
|
||||
upstream docservice \{
|
||||
server localhost:48000;
|
||||
\}
|
||||
|
||||
upstream spellchecker \{
|
||||
server localhost:48080;
|
||||
\}
|
||||
|
||||
upstream example \{
|
||||
server localhost:3000;
|
||||
\}
|
||||
|
||||
map $http_host $this_host \{
|
||||
"" $host;
|
||||
default $http_host;
|
||||
\}
|
||||
|
||||
map $http_x_forwarded_proto $the_scheme \{
|
||||
default $http_x_forwarded_proto;
|
||||
"" $scheme;
|
||||
\}
|
||||
|
||||
map $http_x_forwarded_host $the_host \{
|
||||
default $http_x_forwarded_host;
|
||||
"" $this_host;
|
||||
\}
|
||||
|
||||
map $http_upgrade $proxy_connection \{
|
||||
default upgrade;
|
||||
"" close;
|
||||
\}
|
||||
|
||||
proxy_set_header Host $http_host;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection $proxy_connection;
|
||||
proxy_set_header X-Forwarded-Host $the_host;
|
||||
proxy_set_header X-Forwarded-Proto $the_scheme;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
@@ -0,0 +1,2 @@
|
||||
host all all 127.0.0.1/32 trust
|
||||
host all all ::1/128 trust
|
||||
Reference in New Issue
Block a user