From 32f98763078cfb3091ed77dfaa93505f8ac00627 Mon Sep 17 00:00:00 2001 From: Tom Wiesing Date: Wed, 17 Nov 2021 11:27:19 +0100 Subject: [PATCH] Update nginx timeout to match max_execution_time --- .../resources/compose/web/docker-compose.yml | 1 + distillery/resources/compose/web/global.conf | 1 - distillery/resources/compose/web/proxy.conf | 19 +++++++++++++++++++ 3 files changed, 20 insertions(+), 1 deletion(-) create mode 100644 distillery/resources/compose/web/proxy.conf diff --git a/distillery/resources/compose/web/docker-compose.yml b/distillery/resources/compose/web/docker-compose.yml index 8bac63c..b9352d5 100644 --- a/distillery/resources/compose/web/docker-compose.yml +++ b/distillery/resources/compose/web/docker-compose.yml @@ -11,6 +11,7 @@ services: volumes: - "vhost:/etc/nginx/vhost.d" - "./global.conf:/etc/nginx/conf.d/global.conf:ro" + - "./proxy.conf:/etc/nginx/proxy.conf:ro" - "htpasswd:/etc/nginx/htpasswd" - "html:/usr/share/nginx/html" - "/var/run/docker.sock:/tmp/docker.sock:ro" diff --git a/distillery/resources/compose/web/global.conf b/distillery/resources/compose/web/global.conf index 6add46a..2f73621 100644 --- a/distillery/resources/compose/web/global.conf +++ b/distillery/resources/compose/web/global.conf @@ -2,4 +2,3 @@ # These should match with distillery/resources/compose/barrel/conf/wisski.ini. client_max_body_size 1000m; -proxy_read_timeout 3000; \ No newline at end of file diff --git a/distillery/resources/compose/web/proxy.conf b/distillery/resources/compose/web/proxy.conf new file mode 100644 index 0000000..59fec40 --- /dev/null +++ b/distillery/resources/compose/web/proxy.conf @@ -0,0 +1,19 @@ +# HTTP 1.1 support +proxy_http_version 1.1; +proxy_buffering off; +proxy_set_header Host $http_host; +proxy_set_header Upgrade $http_upgrade; +proxy_set_header Connection $proxy_connection; +proxy_set_header X-Real-IP $remote_addr; +proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; +proxy_set_header X-Forwarded-Proto $proxy_x_forwarded_proto; +proxy_set_header X-Forwarded-Ssl $proxy_x_forwarded_ssl; +proxy_set_header X-Forwarded-Port $proxy_x_forwarded_port; + +# Mitigate httpoxy attack (see README for details) +proxy_set_header Proxy ""; + +# Timeouts for the proxy connection - in sync with the appropriate max_execution time. +proxy_connect_timeout 3000s; +proxy_read_timeout 3000s; +proxy_send_timeout 3000s;