From 297a0a00de6ef4cfd1b7e517d1cef520711829da Mon Sep 17 00:00:00 2001 From: K3vin <156478092+8b1th3r0@users.noreply.github.com> Date: Mon, 26 Jan 2026 16:20:34 -0500 Subject: [PATCH] Fixing Nginx configuration for 1.11.0 installs (#11207) --- install/termix-install.sh | 262 ++++++++++++++++++++++++++++++++++++-- 1 file changed, 253 insertions(+), 9 deletions(-) diff --git a/install/termix-install.sh b/install/termix-install.sh index c125945fd..e49914c4e 100644 --- a/install/termix-install.sh +++ b/install/termix-install.sh @@ -71,18 +71,31 @@ events { http { include /etc/nginx/mime.types; default_type application/octet-stream; + access_log /opt/termix/nginx/logs/access.log; client_body_temp_path /opt/termix/nginx/client_body; proxy_temp_path /opt/termix/nginx/proxy_temp; + fastcgi_temp_path /opt/termix/nginx/fastcgi_temp; + uwsgi_temp_path /opt/termix/nginx/uwsgi_temp; + scgi_temp_path /opt/termix/nginx/scgi_temp; sendfile on; keepalive_timeout 65; client_header_timeout 300s; + set_real_ip_from 127.0.0.1; + real_ip_header X-Forwarded-For; + + ssl_protocols TLSv1.2 TLSv1.3; + ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384; + ssl_prefer_server_ciphers off; + ssl_session_cache shared:SSL:10m; + ssl_session_timeout 10m; + server { listen 80; - server_name _; + server_name localhost; add_header X-Content-Type-Options nosniff always; add_header X-XSS-Protection "1; mode=block" always; @@ -96,10 +109,25 @@ http { location / { root /opt/termix/html; - index index.html; + index index.html index.htm; try_files $uri $uri/ /index.html; } + location ~* \.map$ { + return 404; + access_log off; + log_not_found off; + } + + location ~ ^/users/sessions(/.*)?$ { + proxy_pass http://127.0.0.1:30001; + proxy_http_version 1.1; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + } + location ~ ^/users(/.*)?$ { proxy_pass http://127.0.0.1:30001; proxy_http_version 1.1; @@ -109,7 +137,7 @@ http { proxy_set_header X-Forwarded-Proto $scheme; } - location ~ ^/(version|releases|alerts|rbac|credentials|snippets|terminal|encryption)(/.*)?$ { + location ~ ^/version(/.*)?$ { proxy_pass http://127.0.0.1:30001; proxy_http_version 1.1; proxy_set_header Host $host; @@ -118,39 +146,153 @@ http { proxy_set_header X-Forwarded-Proto $scheme; } - location ~ ^/(database|db)(/.*)?$ { - client_max_body_size 5G; - client_body_timeout 300s; + location ~ ^/releases(/.*)?$ { proxy_pass http://127.0.0.1:30001; proxy_http_version 1.1; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + } + + location ~ ^/alerts(/.*)?$ { + proxy_pass http://127.0.0.1:30001; + proxy_http_version 1.1; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + } + + location ~ ^/rbac(/.*)?$ { + proxy_pass http://127.0.0.1:30001; + proxy_http_version 1.1; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + } + + location ~ ^/credentials(/.*)?$ { + proxy_pass http://127.0.0.1:30001; + proxy_http_version 1.1; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_connect_timeout 60s; proxy_send_timeout 300s; proxy_read_timeout 300s; + } + + location ~ ^/snippets(/.*)?$ { + proxy_pass http://127.0.0.1:30001; + proxy_http_version 1.1; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + } + + location ~ ^/terminal(/.*)?$ { + proxy_pass http://127.0.0.1:30001; + proxy_http_version 1.1; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + } + + location ~ ^/database(/.*)?$ { + client_max_body_size 5G; + client_body_timeout 300s; + + proxy_pass http://127.0.0.1:30001; + proxy_http_version 1.1; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + + proxy_connect_timeout 60s; + proxy_send_timeout 300s; + proxy_read_timeout 300s; + proxy_request_buffering off; proxy_buffering off; } + location ~ ^/db(/.*)?$ { + client_max_body_size 5G; + client_body_timeout 300s; + + proxy_pass http://127.0.0.1:30001; + proxy_http_version 1.1; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + + proxy_connect_timeout 60s; + proxy_send_timeout 300s; + proxy_read_timeout 300s; + + proxy_request_buffering off; + proxy_buffering off; + } + + location ~ ^/encryption(/.*)?$ { + proxy_pass http://127.0.0.1:30001; + proxy_http_version 1.1; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + } + + location /ssh/quick-connect { + proxy_pass http://127.0.0.1:30001; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection 'upgrade'; + proxy_set_header Host $host; + proxy_cache_bypass $http_upgrade; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + } + location /ssh/ { proxy_pass http://127.0.0.1:30001; proxy_http_version 1.1; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; } location /ssh/websocket/ { proxy_pass http://127.0.0.1:30002/; proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_set_header Host $host; proxy_cache_bypass $http_upgrade; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_read_timeout 86400s; proxy_send_timeout 86400s; + proxy_connect_timeout 10s; + proxy_buffering off; proxy_request_buffering off; + + proxy_next_upstream error timeout invalid_header http_500 http_502 http_503; } location /ssh/tunnel/ { @@ -158,59 +300,153 @@ http { proxy_http_version 1.1; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + } + + location /ssh/file_manager/recent { + proxy_pass http://127.0.0.1:30001; + proxy_http_version 1.1; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + } + + location /ssh/file_manager/pinned { + proxy_pass http://127.0.0.1:30001; + proxy_http_version 1.1; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + } + + location /ssh/file_manager/shortcuts { + proxy_pass http://127.0.0.1:30001; + proxy_http_version 1.1; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + } + + location /ssh/file_manager/sudo-password { + proxy_pass http://127.0.0.1:30004; + proxy_http_version 1.1; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; } location /ssh/file_manager/ssh/ { client_max_body_size 5G; client_body_timeout 300s; + proxy_pass http://127.0.0.1:30004; proxy_http_version 1.1; proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_connect_timeout 60s; proxy_send_timeout 300s; proxy_read_timeout 300s; + proxy_request_buffering off; proxy_buffering off; } - location ~ ^/ssh/file_manager/(recent|pinned|shortcuts)$ { + location ~ ^/network-topology(/.*)?$ { proxy_pass http://127.0.0.1:30001; proxy_http_version 1.1; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; } location /health { proxy_pass http://127.0.0.1:30001; proxy_http_version 1.1; proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; } - location ~ ^/(status|metrics)(/.*)?$ { + location ~ ^/status(/.*)?$ { proxy_pass http://127.0.0.1:30005; proxy_http_version 1.1; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; } - location ~ ^/(uptime|activity)(/.*)?$ { + location ~ ^/metrics(/.*)?$ { + proxy_pass http://127.0.0.1:30005; + proxy_http_version 1.1; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + + proxy_connect_timeout 60s; + proxy_send_timeout 60s; + proxy_read_timeout 60s; + } + + location ~ ^/uptime(/.*)?$ { proxy_pass http://127.0.0.1:30006; proxy_http_version 1.1; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + } + + location ~ ^/activity(/.*)?$ { + proxy_pass http://127.0.0.1:30006; + proxy_http_version 1.1; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + } + + location ~ ^/dashboard/preferences(/.*)?$ { + proxy_pass http://127.0.0.1:30006; + proxy_http_version 1.1; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; } location ^~ /docker/console/ { proxy_pass http://127.0.0.1:30008/; proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_set_header Host $host; proxy_cache_bypass $http_upgrade; + + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_read_timeout 86400s; proxy_send_timeout 86400s; + proxy_connect_timeout 10s; + proxy_buffering off; proxy_request_buffering off; + + proxy_next_upstream error timeout invalid_header http_500 http_502 http_503; } location ~ ^/docker(/.*)?$ { @@ -218,10 +454,18 @@ http { proxy_http_version 1.1; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_connect_timeout 60s; proxy_send_timeout 300s; proxy_read_timeout 300s; } + + error_page 500 502 503 504 /50x.html; + location = /50x.html { + root /opt/termix/html; + } } } EOF