Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[FEATURE] Support loading nginx template files from a directory #1666

Open
1 task done
CrustyAvocado opened this issue Nov 6, 2024 · 0 comments
Open
1 task done

[FEATURE] Support loading nginx template files from a directory #1666

CrustyAvocado opened this issue Nov 6, 2024 · 0 comments
Labels
enhancement New feature or request

Comments

@CrustyAvocado
Copy link

CrustyAvocado commented Nov 6, 2024
edited
Loading

What's needed and why?

While there's a lot of configs possible with bunkerweb via environmental variables and the ui/db there's still configurations that aren't accessible even though they are supported in nginx.

Similar to how vanilla nginx and open-appsec-nginx work it'd be nice to have a clear and documented path to have bunkerweb nginx load template files on start.

This would make it so much easier for people to migrate their configs and use Bunkerweb. Like it takes no time at all to copy *.template files from nginx to open-appsec-nginx or any other nginx-based app and have everything configured the same and up and running using template files.

Implementations ideas (optional)

Implementation would ideally be similar to how vanilla NGINX currently works, any file in the /etc/nginx/templates/ directory is processed at start and added to the nginx config

docker-config-nginx.yml example:

services:
    nginx:
        container_name: nginx
        environment:
            - NGINX_ENVSUBST_TEMPLATE_DIR=/etc/nginx/templates
        volumes:
            - /home/docker/configs/nginx/config:/config
            - /home/docker/configs/nginx/etc/nginx/templates:/etc/nginx/templates
        image: nginx:latest

plex.conf.template example

    server {

        listen *:80;
        listen [::]:80;
        listen *:443 ssl;
        listen [::]:443 ssl;
        listen 32400 ssl;
        listen [::]:32400 ssl;

        http2  on;

        server_name plex .plex.domain.com;

        set $plex https://172.17.17.17:32400;

        error_page 400 401 402 403 404 405 406 407 http://www.google.com;

        #######################################
        ####           logs                ####
        #######################################

        access_log                          /var/log/nginx/plex_access.log;
        error_log                           /var/log/nginx/plex_error.log;


        #######################################
        ####            ssl                ####
        #######################################

        ssl_ciphers                         ALL:!aNULL:!eNULL:!ADH:@STRENGTH;
        ssl_certificate                     /etc/ssl/private/fullchain.pem;
        ssl_certificate_key                 /etc/ssl/private/privkey.pem;
        ssl_trusted_certificate             /etc/ssl/private/chain.pem;
        ssl_protocols                       SSLv3 SSLv2 TLSv1.3 TLSv1.2;
        ssl_session_cache                   shared:SSL:10m;
        ssl_ecdh_curve                      auto;
        ssl_session_timeout                 1d;
        ssl_session_tickets                 on;
        ssl_prefer_server_ciphers           on;
        ssl_stapling                        on;
        ssl_stapling_verify                 on;


        #######################################
        ####          headers              ####
        #######################################

        add_header              X-Frame-Options                 "" always;
        add_header              X-Content-Type-Options          nosniff;
        add_header              X-Robots-Tag                    "noindex, nofollow, nosnippet, noarchive";

        proxy_pass_header       Authorization;

        proxy_set_header        X-Real-IP                       $remote_addr;
        proxy_set_header        X-Forwarded-For                 $proxy_add_x_forwarded_for;
        proxy_set_header        X-Forwarded-Proto               $scheme;
        proxy_set_header        X-Forwarded-Port                $server_port;
        proxy_set_header        X-Forwarded-Host                $host;

        proxy_cookie_path       /web/                           /;
        proxy_set_header        Cookie                          $http_cookie;
        proxy_set_header        Accept-Encoding                 "";

        proxy_set_header        Sec-WebSocket-Key               $http_sec_websocket_key;
        proxy_set_header        Sec-WebSocket-Version           $http_sec_websocket_version;
        proxy_set_header        Sec-WebSocket-Extensions        $http_sec_websocket_extensions;

        proxy_set_header        X-Plex-Platform                 $http_x_plex_platform;
        proxy_set_header        X-Plex-Platform-Version         $http_x_plex_platform_version;
        proxy_set_header        X-Plex-Client-Platform          $http_x_plex_client_platform;
        proxy_set_header        X-Plex-Client-Identifier        $http_x_plex_client_identifier;

        proxy_set_header        X-Plex-Device                   $http_x_plex_device;
        proxy_set_header        X-Plex-Device-Name              $http_x_plex_device_name;
        proxy_set_header        X-Plex-Device-Vendor            $http_x_plex_device_vendor;
        proxy_set_header        X-Plex-Device-Screen-Density    $http_x_plex_device_screen_density;
        proxy_set_header        X-Plex-Device-Screen-Resolution $http_x_plex_device_screen_resolution;

        proxy_set_header        X-Plex-Features                 $http_x_plex_features;
        proxy_set_header        X-Plex-Product                  $http_x_plex_product;
        proxy_set_header        X-Plex-Token                    $http_x_plex_token;
        proxy_set_header        X-Plex-Version                  $http_x_plex_version;
        proxy_set_header        X-Plex-Nocache                  $http_x_plex_nocache;
        proxy_set_header        X-Plex-Provides                 $http_x_plex_provides;
        proxy_set_header        X-Plex-Model                    $http_x_plex_model;
        proxy_set_header        X-Plex-Container-Size           $http_x_plex_container_size;
        proxy_set_header        X-Plex-Advertising-Identifier   $http_x_plex_advertising_identifier;


        #######################################
        ####       proxy directives        ####
        #######################################

        proxy_ssl_verify                    off;
        proxy_ssl_session_reuse             on;
        proxy_ssl_server_name               on;
        proxy_socket_keepalive              on;
        proxy_send_timeout                  86400;
        proxy_read_timeout                  86400;
        proxy_request_buffering             off;

        proxy_http_version                  1.1;
        proxy_set_header Upgrade            $http_upgrade;
        proxy_set_header Connection         "";
        proxy_ignore_client_abort           on;

        proxy_store                         off;                #### keep this disabled for plex
        proxy_buffering                     off;                #### keep this disabled for plex
        proxy_redirect                      off;                #### keep this disabled for plex

        proxy_hide_header                   X-Powered-By;
        proxy_headers_hash_max_size         2048;
        proxy_headers_hash_bucket_size      128;

        #######################################
        ####         if blocks             ####
        #######################################

        if ($http_user_agent ~ "Indy\sLibrary|Morfeus Fucking Scanner|MSIE [0-6]\.\d+") {
          return 418;
          }
        if ($http_user_agent ~ ^Mozilla/[\d\.]+$) {
          return 418;
          }

        #######################################
        ####        location blocks        ####
        #######################################

        location ~* (wp-content|wpcontent|wpadmin|wp-admin|phpmyadmin) {
          return 403;
          }
        location ~ (wp-content|wpcontent|wpadmin|wp-admin|phpmyadmin) {
          return 403;
          }
        location /RequestDenied {
          internal;
          return 403;
          }
        location /robots.txt {
          alias /config/robots.txt;
        }

        #######################################
        ####         locations             ####
        #######################################

        location / {

          set $test "";
          if ($http_x_plex_device_name = '') {
            set $test A;
            }
          if ($arg_X-Plex-Device-Name = '') {
            set $test "${test}B";
            }
          if ($test = AB) {
            rewrite ^/$ https://$http_host/web/index.html;
            }

          proxy_pass                          $plex;
          }
    }

Code of Conduct

  • I agree to follow this project's Code of Conduct
@CrustyAvocado CrustyAvocado added the enhancement New feature or request label Nov 6, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@CrustyAvocado