From 52711085d513d68d392960e3c7a3d93b1bcec2ed Mon Sep 17 00:00:00 2001
From: AlexBa16 <alexbachinger56+GitHub@gmail.com>
Date: Mon, 1 Jun 2026 16:47:01 +0200
Subject: [PATCH] C9

---
 docker-compose.yml      |  1 +
 proxy/nginx.broken.conf |  6 +--
 proxy/nginx.conf.bak    | 88 +++++++++++++++++++++++++++++++++++++++++
 3 files changed, 92 insertions(+), 3 deletions(-)
 create mode 100644 proxy/nginx.conf.bak

diff --git a/docker-compose.yml b/docker-compose.yml
index ccc2a81..55afce0 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -11,6 +11,7 @@ services:
       - backend-c
     ports:
       - "8080:80"
+      - "8443:443"
     volumes:
       - ./proxy/nginx.conf:/etc/nginx/nginx.conf:ro,z
       - ./proxy/html:/usr/share/nginx/html:ro,z
diff --git a/proxy/nginx.broken.conf b/proxy/nginx.broken.conf
index f5b8d1a..e519aee 100644
--- a/proxy/nginx.broken.conf
+++ b/proxy/nginx.broken.conf
@@ -8,8 +8,8 @@ http {
   sendfile on;
   server_tokens off;
 
-  upstream backend_a_typo {
-    server backend-a:8080;
+  upstream backend_a {
+    server backend-a:80;
   }
 
   upstream backend_b {
@@ -33,7 +33,7 @@ http {
     }
 
     location /service/b {
-      proxy_pass http://backend_b;
+      proxy_pass http://backend_b/;
       proxy_set_header Host $host;
       proxy_set_header X-Forwarded-Proto http;
       proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
diff --git a/proxy/nginx.conf.bak b/proxy/nginx.conf.bak
new file mode 100644
index 0000000..fc700de
--- /dev/null
+++ b/proxy/nginx.conf.bak
@@ -0,0 +1,88 @@
+events {
+  worker_connections 1024;
+}
+
+http {
+  include /etc/nginx/mime.types;
+  default_type application/octet-stream;
+  sendfile on;
+  server_tokens off;
+
+  log_format workshop '$remote_addr - $request '
+                      'status=$status upstream=$upstream_addr '
+                      'rt=$request_time urt=$upstream_response_time';
+
+  access_log /var/log/nginx/access.log workshop;  
+
+  upstream backend_a {
+    server backend-a:80;
+    server backend-a2:80;
+  }
+
+  upstream backend_b {
+    server backend-b:80;
+  }
+
+  upstream backend_c {
+    server backend-c:80;
+  }
+
+  server {
+    listen 80;
+    server_name _;
+
+    add_header X-Content-Type-Options "nosniff" always;
+    add_header X-Frame-Options "DENY" always;
+    add_header Referrer-Policy "strict-origin-when-cross-origin" always;
+    add_header Permissions-Policy "camera=(), microphone=(), geolocation=()" always;
+    add_header Cross-Origin-Opener-Policy "same-origin" always;
+    add_header Cross-Origin-Resource-Policy "same-origin" always;
+
+    location / {
+      root /usr/share/nginx/html;
+      try_files $uri $uri/ /index.html;
+    }
+
+    location = /service/a {
+      proxy_pass http://backend_a/;
+      proxy_set_header Host $host;
+      proxy_set_header X-Forwarded-Proto http;
+      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+      proxy_hide_header ETag;
+    }
+
+    location = /demo/a {
+      proxy_pass http://backend_a/;
+    }
+
+    location = /service/b {
+      proxy_pass http://backend_b/;
+      proxy_set_header Host $host;
+      proxy_set_header X-Forwarded-Proto http;
+      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    }
+
+    location = /service/c {
+      proxy_pass http://backend_c/;
+      proxy_set_header Host $host;
+      proxy_set_header X-Forwarded-Proto http;
+      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    }
+
+    location = /healthz {
+      default_type text/plain;
+      return 200 "ok\n";
+    }
+
+    location = /internal/status {
+      access_log off;
+      default_type text/plain;
+
+      if ($remote_addr != 127.0.0.1) {
+        return 403;
+      }
+      
+      return 200 "internal ok\n";
+    }
+  }
+}