Skip to content

Instantly share code, notes, and snippets.

@tjvr

tjvr/nginx.conf

Last active September 10, 2019 08:31
Show Gist options
  • Save tjvr/80b066b35930d6ee21bb4be2bcfe89c1 to your computer and use it in GitHub Desktop.
Save tjvr/80b066b35930d6ee21bb4be2bcfe89c1 to your computer and use it in GitHub Desktop.
Download ZIP

Revisions

  1. tjvr renamed this gist Nov 24, 2016. 1 changed file with 0 additions and 0 deletions.
    0 cors.conf → nginx.conf
    View file
    File renamed without changes.
  2. tjvr created this gist Nov 24, 2016.
    81 changes: 81 additions & 0 deletions cors.conf
    View file
    Original file line number Diff line number Diff line change
    @@ -0,0 +1,81 @@
    server {
    listen 80;
    server_name cors.tjvr.org;

    root /usr/share/nginx/html;
    index index.html;

    client_max_body_size 1m;
    client_body_buffer_size 64k;

    error_log /var/log/nginx/error-d.log debug;

    if ($request_method ~ ^OPTIONS$) {
    rewrite ^.*$ /__OPTIONS last;
    }

    location ~* ^/http(s?)\:\/(.*)$ {
    # use filtered(?) OpenDNS
    resolver 208.67.222.123;
    # I think bad domains will get 403 ?

    # CORS :-)
    add_header Access-Control-Allow-Origin *;

    # Disable casual browswing
    if ($http_origin = "") {
    return 412;
    }

    # TODO redirect if CORS is already present

    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header Cookie '';
    proxy_pass http$1://$2;
    proxy_redirect off;

    # optimise downloads
    proxy_connect_timeout 30;
    proxy_send_timeout 30;
    proxy_read_timeout 30;
    proxy_max_temp_file_size 0; # don't buffer responses to disk
    proxy_buffering off;

    # TODO limit download size

    # don't forward weird headers
    proxy_hide_header Access-Control-Allow-Origin;
    proxy_hide_header Set-Cookie;
    proxy_hide_header X-Frame-Options; # controversial!!
    proxy_hide_header X-XSS-Protection;

    # if ($sent_http_content_length ~ "[0-9]{7}") {
    # return 403;
    # }
    }

    location = /__OPTIONS {
    if ($request_method != OPTIONS ) {
    return 405;
    }
    add_header Access-Control-Allow-Origin *;
    add_header Access-Control-Allow-Methods "GET, OPTIONS, POST, PUT, DELETE";
    add_header Access-Control-Allow-Headers $http_access_control_request_headers;
    add_header Access-Control-Allow-Credentials true;
    add_header Content-Length 0;
    add_header Content-Type text/plain;
    return 200;
    }

    location = /index.html {
    expires 1d;
    access_log off;
    add_header Cache-Control "public";
    }
    location = /favicon.ico {
    expires 1M;
    access_log off;
    add_header Cache-Control "public";
    }

    }