diff --git a/.deploy-infra/deploy-prod.yaml b/.deploy-infra/deploy-prod.yaml index 80caadd..9595f6a 100755 --- a/.deploy-infra/deploy-prod.yaml +++ b/.deploy-infra/deploy-prod.yaml @@ -178,7 +178,7 @@ services: order: start-first gitea: - image: gitea/gitea:1.24.6 + image: gitea/gitea:1.25 networks: - postgres volumes: diff --git a/nginx/nginx-dev/prepare.py b/nginx/nginx-dev/prepare.py index 37a903c..bf70235 100644 --- a/nginx/nginx-dev/prepare.py +++ b/nginx/nginx-dev/prepare.py @@ -30,6 +30,22 @@ except Exception as e: config = "" for host, params in hosts.items(): + websocket = "" + for url in params.get("websocket", []): + websocket += """ + location {url} {{ + resolver 127.0.0.11; + + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + + proxy_read_timeout 86400; + proxy_send_timeout 86400; + + proxy_pass http://{target_host}:{port}; + }} + """.format(url=url, target_host=params["host"], port=params["port"]) config += """ server {{ listen 443 ssl http2; @@ -39,6 +55,7 @@ for host, params in hosts.items(): ssl_certificate /etc/nginx/{host}/fullchain.pem; ssl_certificate_key /etc/nginx/{host}/privkey.pem; + proxy_http_version 1.1; add_header X-Frame-Options "SAMEORIGIN" always; add_header X-XSS-Protection "1; mode=block" always; add_header X-Content-Type-Options "nosniff" always; @@ -48,13 +65,16 @@ for host, params in hosts.items(): proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; + {websocket} + location / {{ resolver 127.0.0.11; - proxy_pass http://{target_host}:{port}$request_uri; + proxy_pass http://{target_host}:{port}; }} + }}\n\n """.format( - host=host, target_host=params["host"], port=params["port"] + host=host, target_host=params["host"], port=params["port"], websocket=websocket ) try: fullchain = minio_client.get_object(