sr2/ansible-collection-apps
4
0
Fork 0
Code Issues 11 Pull requests Projects Releases Packages Wiki Activity Actions

fix(podman_link): correct headers to allow CSRF protection to work

Browse source
This commit is contained in:
Iain Learmonth 2025-12-20 13:31:14 +00:00
parent d1707adb0c
commit 2d2e44e3c8
2 changed files with 44 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

1
roles/podman_link/templates/home/config/containers/systemd/common-zammad.env
View file

@ -10,4 +10,5 @@ ELASTICSEARCH_USER=admin
ELASTICSEARCH_PASS={{ podman_link_opensearch_password }}
ELASTICSEARCH_SCHEMA=https
ELASTICSEARCH_REINDEX=false
NGINX_SERVER_SCHEME=https
TZ=Etc/UTC

50
roles/podman_link/templates/home/nginx.conf
View file

@ -61,11 +61,47 @@ server {
add_header X-Content-Type-Options "nosniff" always;
add_header X-XSS-Protection "1; mode=block" always;
location / {
proxy_pass http://zammad;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Port 443;
}
client_max_body_size 50M;
# legacy web socket server
location /ws {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $http_host;
proxy_set_header CLIENT_IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_read_timeout 86400;
proxy_pass http://zammad;
}
# action cable
location /cable {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $http_host;
proxy_set_header CLIENT_IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_read_timeout 86400;
proxy_pass http://zammad;
}
location / {
proxy_set_header Host $http_host;
proxy_set_header CLIENT_IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-User "";
proxy_read_timeout 180;
proxy_pass http://zammad;
gzip on;
gzip_types text/plain text/xml text/css image/svg+xml application/javascript application/x-javascript application/json application/xml;
gzip_proxied any;
}
}