AlexBa16/htl-reverse-proxy-tls-lab
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: AlexBa16/htl-reverse-proxy-tls-lab:930a4ef124fb4b89146d9cdada20d14985206e48
Branches Tags
AlexBa16/htl-reverse-proxy-tls-lab:main
...
compare: AlexBa16/htl-reverse-proxy-tls-lab:main
Branches Tags
AlexBa16/htl-reverse-proxy-tls-lab:main

7 Commits
930a4ef124 ... main

Author SHA1 Message Date
AlexBa16 f6f035f4fa C12 2026-06-01 17:29:40 +02:00
AlexBa16 f3d437826e C11 2026-06-01 17:26:19 +02:00
AlexBa16 23e985d33a C10 2026-06-01 17:21:51 +02:00
AlexBa16 52711085d5 C9 2026-06-01 16:47:01 +02:00
AlexBa16 025f92569f C8 2026-06-01 16:31:24 +02:00
AlexBa16 4d2b1f9c75 C7 2026-06-01 16:28:18 +02:00
AlexBa16 68d44714ac C6 2026-06-01 16:23:30 +02:00
4 changed files with 142 additions and 22 deletions
Expand all files Collapse all files
docker-compose.yml
+9
View File
@@ -6,13 +6,16 @@ services:
container_name: workshop-proxy container_name: workshop-proxy
depends_on: depends_on:
- backend-a - backend-a
- backend-a2
- backend-b - backend-b
- backend-c - backend-c
ports: ports:
- "8080:80" - "8080:80"
- "8443:443"
volumes: volumes:
- ./proxy/nginx.conf:/etc/nginx/nginx.conf:ro,z - ./proxy/nginx.conf:/etc/nginx/nginx.conf:ro,z
- ./proxy/html:/usr/share/nginx/html:ro,z - ./proxy/html:/usr/share/nginx/html:ro,z
- ./certs/live:/etc/nginx/certs:ro,z
backend-a: backend-a:
image: nginx:1.27-alpine image: nginx:1.27-alpine
@@ -20,6 +23,12 @@ services:
volumes: volumes:
- ./backends/a:/usr/share/nginx/html:ro,z - ./backends/a:/usr/share/nginx/html:ro,z
backend-a2:
image: nginx:1.27-alpine
container_name: workshop-backend-a2
volumes:
- ./backends/a2:/usr/share/nginx/html:ro,z
backend-b: backend-b:
image: nginx:1.27-alpine image: nginx:1.27-alpine
container_name: workshop-backend-b container_name: workshop-backend-b
proxy/nginx.broken.conf
+3 -3
View File
@@ -8,8 +8,8 @@ http {
sendfile on; sendfile on;
server_tokens off; server_tokens off;
upstream backend_a_typo { upstream backend_a {
server backend-a:8080; server backend-a:80;
} }
upstream backend_b { upstream backend_b {
@@ -33,7 +33,7 @@ http {
} }
location /service/b { location /service/b {
proxy_pass http://backend_b; proxy_pass http://backend_b/;
proxy_set_header Host $host; proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto http; proxy_set_header X-Forwarded-Proto http;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy/nginx.conf
+42 -19
View File
@@ -8,8 +8,15 @@ http {
sendfile on; sendfile on;
server_tokens off; server_tokens off;
log_format workshop '$remote_addr - $request '
'status=$status upstream=$upstream_addr '
'rt=$request_time urt=$upstream_response_time';
access_log /var/log/nginx/access.log workshop;
upstream backend_a { upstream backend_a {
server backend-a:80; server backend-a:80;
server backend-a2:80;
} }
upstream backend_b { upstream backend_b {
@@ -24,6 +31,37 @@ http {
listen 80; listen 80;
server_name _; server_name _;
location / {
return 301 https://$host:8443$request_uri;
}
location = /healthz {
default_type text/plain;
return 200 "ok\n";
}
location = /internal/status {
access_log off;
default_type text/plain;
if ($remote_addr != 127.0.0.1) {
return 403;
}
return 200 "internal ok\n";
}
}
server {
listen 443 ssl;
server_name localhost;
ssl_certificate /etc/nginx/certs/localhost.crt;
ssl_certificate_key /etc/nginx/certs/localhost.key;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
add_header Strict-Transport-Security "max-age=3600; includeSubDomains" always;
add_header X-Content-Type-Options "nosniff" always; add_header X-Content-Type-Options "nosniff" always;
add_header X-Frame-Options "DENY" always; add_header X-Frame-Options "DENY" always;
add_header Referrer-Policy "strict-origin-when-cross-origin" always; add_header Referrer-Policy "strict-origin-when-cross-origin" always;
@@ -36,45 +74,30 @@ http {
try_files $uri $uri/ /index.html; try_files $uri $uri/ /index.html;
} }
location /service/a { location = /service/a {
proxy_pass http://backend_a/; proxy_pass http://backend_a/;
proxy_set_header Host $host; proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto http; proxy_set_header X-Forwarded-Proto http;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_hide_header ETag;
} }
location = /demo/a { location = /demo/a {
proxy_pass http://backend_a/; proxy_pass http://backend_a/;
} }
location /service/b { location = /service/b {
proxy_pass http://backend_b/; proxy_pass http://backend_b/;
proxy_set_header Host $host; proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto http; proxy_set_header X-Forwarded-Proto http;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
} }
location /service/c { location = /service/c {
proxy_pass http://backend_c/; proxy_pass http://backend_c/;
proxy_set_header Host $host; proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto http; proxy_set_header X-Forwarded-Proto http;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
} }
location = /healthz {
default_type text/plain;
return 200 "ok\n";
}
location /internal/status {
access_log off;
default_type text/plain;
if ($remote_addr != 127.0.0.1) {
return 403;
}
return 200 "internal ok\n";
}
} }
} }
proxy/nginx.conf.bak
+88
View File
@@ -0,0 +1,88 @@
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
sendfile on;
server_tokens off;
log_format workshop '$remote_addr - $request '
'status=$status upstream=$upstream_addr '
'rt=$request_time urt=$upstream_response_time';
access_log /var/log/nginx/access.log workshop;
upstream backend_a {
server backend-a:80;
server backend-a2:80;
}
upstream backend_b {
server backend-b:80;
}
upstream backend_c {
server backend-c:80;
}
server {
listen 80;
server_name _;
add_header X-Content-Type-Options "nosniff" always;
add_header X-Frame-Options "DENY" always;
add_header Referrer-Policy "strict-origin-when-cross-origin" always;
add_header Permissions-Policy "camera=(), microphone=(), geolocation=()" always;
add_header Cross-Origin-Opener-Policy "same-origin" always;
add_header Cross-Origin-Resource-Policy "same-origin" always;
location / {
root /usr/share/nginx/html;
try_files $uri $uri/ /index.html;
}
location = /service/a {
proxy_pass http://backend_a/;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto http;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_hide_header ETag;
}
location = /demo/a {
proxy_pass http://backend_a/;
}
location = /service/b {
proxy_pass http://backend_b/;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto http;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location = /service/c {
proxy_pass http://backend_c/;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto http;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location = /healthz {
default_type text/plain;
return 200 "ok\n";
}
location = /internal/status {
access_log off;
default_type text/plain;
if ($remote_addr != 127.0.0.1) {
return 403;
}
return 200 "internal ok\n";
}
}
}