C12

C11
C10
2026-06-01 17:29:40 +02:00 · 2026-06-01 17:26:19 +02:00 · 2026-06-01 17:21:51 +02:00 · 2026-06-01 16:47:01 +02:00 · 2026-06-01 16:31:24 +02:00
4 changed files with 125 additions and 19 deletions
@@ -11,9 +11,11 @@ services:
      - backend-c
    ports:
      - "8080:80"
+      - "8443:443"
    volumes:
      - ./proxy/nginx.conf:/etc/nginx/nginx.conf:ro,z
      - ./proxy/html:/usr/share/nginx/html:ro,z
+      - ./certs/live:/etc/nginx/certs:ro,z

  backend-a:
    image: nginx:1.27-alpine
@@ -8,8 +8,8 @@ http {
  sendfile on;
  server_tokens off;

-  upstream backend_a_typo {
-    server backend-a:8080;
+  upstream backend_a {
+    server backend-a:80;
  }

  upstream backend_b {
@@ -33,7 +33,7 @@ http {
    }

    location /service/b {
-      proxy_pass http://backend_b;
+      proxy_pass http://backend_b/;
      proxy_set_header Host $host;
      proxy_set_header X-Forwarded-Proto http;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
@@ -31,6 +31,37 @@ http {
    listen 80;
    server_name _;

+    location / {
+      return 301 https://$host:8443$request_uri;
+    }
+
+     location = /healthz {
+      default_type text/plain;
+      return 200 "ok\n";
+    }
+
+    location = /internal/status {
+      access_log off;
+      default_type text/plain;
+
+      if ($remote_addr != 127.0.0.1) {
+        return 403;
+      }
+      
+      return 200 "internal ok\n";
+    }
+  }
+
+  server {
+    listen 443 ssl;
+    server_name localhost;
+    ssl_certificate /etc/nginx/certs/localhost.crt;
+    ssl_certificate_key /etc/nginx/certs/localhost.key;
+
+    ssl_protocols TLSv1.2 TLSv1.3;
+    ssl_prefer_server_ciphers on;
+    add_header Strict-Transport-Security "max-age=3600; includeSubDomains" always;
+
    add_header X-Content-Type-Options "nosniff" always;
    add_header X-Frame-Options "DENY" always;
    add_header Referrer-Policy "strict-origin-when-cross-origin" always;
@@ -48,6 +79,7 @@ http {
      proxy_set_header Host $host;
      proxy_set_header X-Forwarded-Proto http;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+      proxy_hide_header ETag;
    }

    location = /demo/a {
@@ -67,21 +99,5 @@ http {
      proxy_set_header X-Forwarded-Proto http;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }
-
-    location = /healthz {
-      default_type text/plain;
-      return 200 "ok\n";
-    }
-
-    location = /internal/status {
-      access_log off;
-      default_type text/plain;
-
-      if ($remote_addr != 127.0.0.1) {
-        return 403;
-      }
-      
-      return 200 "internal ok\n";
-    }
  }
 }
@@ -0,0 +1,88 @@
+events {
+  worker_connections 1024;
+}
+
+http {
+  include /etc/nginx/mime.types;
+  default_type application/octet-stream;
+  sendfile on;
+  server_tokens off;
+
+  log_format workshop '$remote_addr - $request '
+                      'status=$status upstream=$upstream_addr '
+                      'rt=$request_time urt=$upstream_response_time';
+
+  access_log /var/log/nginx/access.log workshop;  
+
+  upstream backend_a {
+    server backend-a:80;
+    server backend-a2:80;
+  }
+
+  upstream backend_b {
+    server backend-b:80;
+  }
+
+  upstream backend_c {
+    server backend-c:80;
+  }
+
+  server {
+    listen 80;
+    server_name _;
+
+    add_header X-Content-Type-Options "nosniff" always;
+    add_header X-Frame-Options "DENY" always;
+    add_header Referrer-Policy "strict-origin-when-cross-origin" always;
+    add_header Permissions-Policy "camera=(), microphone=(), geolocation=()" always;
+    add_header Cross-Origin-Opener-Policy "same-origin" always;
+    add_header Cross-Origin-Resource-Policy "same-origin" always;
+
+    location / {
+      root /usr/share/nginx/html;
+      try_files $uri $uri/ /index.html;
+    }
+
+    location = /service/a {
+      proxy_pass http://backend_a/;
+      proxy_set_header Host $host;
+      proxy_set_header X-Forwarded-Proto http;
+      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+      proxy_hide_header ETag;
+    }
+
+    location = /demo/a {
+      proxy_pass http://backend_a/;
+    }
+
+    location = /service/b {
+      proxy_pass http://backend_b/;
+      proxy_set_header Host $host;
+      proxy_set_header X-Forwarded-Proto http;
+      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    }
+
+    location = /service/c {
+      proxy_pass http://backend_c/;
+      proxy_set_header Host $host;
+      proxy_set_header X-Forwarded-Proto http;
+      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    }
+
+    location = /healthz {
+      default_type text/plain;
+      return 200 "ok\n";
+    }
+
+    location = /internal/status {
+      access_log off;
+      default_type text/plain;
+
+      if ($remote_addr != 127.0.0.1) {
+        return 403;
+      }
+      
+      return 200 "internal ok\n";
+    }
+  }
+}
Author	SHA1	Message	Date
AlexBa16	f6f035f4fa	C12	2026-06-01 17:29:40 +02:00
AlexBa16	f3d437826e	C11	2026-06-01 17:26:19 +02:00
AlexBa16	23e985d33a	C10	2026-06-01 17:21:51 +02:00
AlexBa16	52711085d5	C9	2026-06-01 16:47:01 +02:00
AlexBa16	025f92569f	C8	2026-06-01 16:31:24 +02:00