From abd12b7d7b5c12ff59ce9c99072419443decf761 Mon Sep 17 00:00:00 2001 From: danchal Date: Thu, 31 Jan 2019 09:37:21 +0100 Subject: [PATCH] add proxy_cookie_path The __Host prefix mitigates cookie injection vulnerabilities within potential third-party software sharing the same second level domain. This is one of the metrics used in the Nextcloud security scan. The Dockerfile COPY filename was changed from uploadsize.conf to make it more generic in use. Signed-off-by: danchal --- .../mariadb/fpm/proxy/Dockerfile | 2 +- .../mariadb/fpm/proxy/custom.conf | 2 ++ .../mariadb/fpm/proxy/uploadsize.conf | 1 - .../with-nginx-proxy/mariadb-cron-redis/apache/proxy/Dockerfile | 2 +- .../mariadb-cron-redis/apache/proxy/custom.conf | 2 ++ .../mariadb-cron-redis/apache/proxy/uploadsize.conf | 1 - .../with-nginx-proxy/mariadb-cron-redis/fpm/proxy/Dockerfile | 2 +- .../with-nginx-proxy/mariadb-cron-redis/fpm/proxy/custom.conf | 2 ++ .../mariadb-cron-redis/fpm/proxy/uploadsize.conf | 1 - .../with-nginx-proxy/mariadb/apache/proxy/Dockerfile | 2 +- .../with-nginx-proxy/mariadb/apache/proxy/custom.conf | 2 ++ .../with-nginx-proxy/mariadb/apache/proxy/uploadsize.conf | 1 - .../with-nginx-proxy/mariadb/fpm/proxy/Dockerfile | 2 +- .../with-nginx-proxy/mariadb/fpm/proxy/custom.conf | 2 ++ .../with-nginx-proxy/mariadb/fpm/proxy/uploadsize.conf | 1 - .../with-nginx-proxy/postgres/apache/proxy/Dockerfile | 2 +- .../with-nginx-proxy/postgres/apache/proxy/custom.conf | 2 ++ .../with-nginx-proxy/postgres/apache/proxy/uploadsize.conf | 1 - .../with-nginx-proxy/postgres/fpm/proxy/Dockerfile | 2 +- .../with-nginx-proxy/postgres/fpm/proxy/custom.conf | 2 ++ .../with-nginx-proxy/postgres/fpm/proxy/uploadsize.conf | 1 - 21 files changed, 21 insertions(+), 14 deletions(-) create mode 100644 .examples/docker-compose/with-nginx-proxy-self-signed-ssl/mariadb/fpm/proxy/custom.conf delete mode 100644 .examples/docker-compose/with-nginx-proxy-self-signed-ssl/mariadb/fpm/proxy/uploadsize.conf create mode 100644 .examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/apache/proxy/custom.conf delete mode 100644 .examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/apache/proxy/uploadsize.conf create mode 100644 .examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/fpm/proxy/custom.conf delete mode 100644 .examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/fpm/proxy/uploadsize.conf create mode 100644 .examples/docker-compose/with-nginx-proxy/mariadb/apache/proxy/custom.conf delete mode 100644 .examples/docker-compose/with-nginx-proxy/mariadb/apache/proxy/uploadsize.conf create mode 100644 .examples/docker-compose/with-nginx-proxy/mariadb/fpm/proxy/custom.conf delete mode 100644 .examples/docker-compose/with-nginx-proxy/mariadb/fpm/proxy/uploadsize.conf create mode 100644 .examples/docker-compose/with-nginx-proxy/postgres/apache/proxy/custom.conf delete mode 100644 .examples/docker-compose/with-nginx-proxy/postgres/apache/proxy/uploadsize.conf create mode 100644 .examples/docker-compose/with-nginx-proxy/postgres/fpm/proxy/custom.conf delete mode 100644 .examples/docker-compose/with-nginx-proxy/postgres/fpm/proxy/uploadsize.conf diff --git a/.examples/docker-compose/with-nginx-proxy-self-signed-ssl/mariadb/fpm/proxy/Dockerfile b/.examples/docker-compose/with-nginx-proxy-self-signed-ssl/mariadb/fpm/proxy/Dockerfile index 242c84e1..367db622 100644 --- a/.examples/docker-compose/with-nginx-proxy-self-signed-ssl/mariadb/fpm/proxy/Dockerfile +++ b/.examples/docker-compose/with-nginx-proxy-self-signed-ssl/mariadb/fpm/proxy/Dockerfile @@ -1,3 +1,3 @@ FROM jwilder/nginx-proxy:alpine -COPY uploadsize.conf /etc/nginx/conf.d/uploadsize.conf +COPY custom.conf /etc/nginx/conf.d/custom.conf diff --git a/.examples/docker-compose/with-nginx-proxy-self-signed-ssl/mariadb/fpm/proxy/custom.conf b/.examples/docker-compose/with-nginx-proxy-self-signed-ssl/mariadb/fpm/proxy/custom.conf new file mode 100644 index 00000000..38000a6c --- /dev/null +++ b/.examples/docker-compose/with-nginx-proxy-self-signed-ssl/mariadb/fpm/proxy/custom.conf @@ -0,0 +1,2 @@ +client_max_body_size 10G; +proxy_cookie_path / "/; HTTPOnly; Secure"; diff --git a/.examples/docker-compose/with-nginx-proxy-self-signed-ssl/mariadb/fpm/proxy/uploadsize.conf b/.examples/docker-compose/with-nginx-proxy-self-signed-ssl/mariadb/fpm/proxy/uploadsize.conf deleted file mode 100644 index c636de7d..00000000 --- a/.examples/docker-compose/with-nginx-proxy-self-signed-ssl/mariadb/fpm/proxy/uploadsize.conf +++ /dev/null @@ -1 +0,0 @@ -client_max_body_size 10G; diff --git a/.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/apache/proxy/Dockerfile b/.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/apache/proxy/Dockerfile index 242c84e1..367db622 100644 --- a/.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/apache/proxy/Dockerfile +++ b/.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/apache/proxy/Dockerfile @@ -1,3 +1,3 @@ FROM jwilder/nginx-proxy:alpine -COPY uploadsize.conf /etc/nginx/conf.d/uploadsize.conf +COPY custom.conf /etc/nginx/conf.d/custom.conf diff --git a/.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/apache/proxy/custom.conf b/.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/apache/proxy/custom.conf new file mode 100644 index 00000000..38000a6c --- /dev/null +++ b/.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/apache/proxy/custom.conf @@ -0,0 +1,2 @@ +client_max_body_size 10G; +proxy_cookie_path / "/; HTTPOnly; Secure"; diff --git a/.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/apache/proxy/uploadsize.conf b/.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/apache/proxy/uploadsize.conf deleted file mode 100644 index c636de7d..00000000 --- a/.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/apache/proxy/uploadsize.conf +++ /dev/null @@ -1 +0,0 @@ -client_max_body_size 10G; diff --git a/.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/fpm/proxy/Dockerfile b/.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/fpm/proxy/Dockerfile index 242c84e1..367db622 100644 --- a/.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/fpm/proxy/Dockerfile +++ b/.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/fpm/proxy/Dockerfile @@ -1,3 +1,3 @@ FROM jwilder/nginx-proxy:alpine -COPY uploadsize.conf /etc/nginx/conf.d/uploadsize.conf +COPY custom.conf /etc/nginx/conf.d/custom.conf diff --git a/.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/fpm/proxy/custom.conf b/.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/fpm/proxy/custom.conf new file mode 100644 index 00000000..38000a6c --- /dev/null +++ b/.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/fpm/proxy/custom.conf @@ -0,0 +1,2 @@ +client_max_body_size 10G; +proxy_cookie_path / "/; HTTPOnly; Secure"; diff --git a/.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/fpm/proxy/uploadsize.conf b/.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/fpm/proxy/uploadsize.conf deleted file mode 100644 index c636de7d..00000000 --- a/.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/fpm/proxy/uploadsize.conf +++ /dev/null @@ -1 +0,0 @@ -client_max_body_size 10G; diff --git a/.examples/docker-compose/with-nginx-proxy/mariadb/apache/proxy/Dockerfile b/.examples/docker-compose/with-nginx-proxy/mariadb/apache/proxy/Dockerfile index 242c84e1..367db622 100644 --- a/.examples/docker-compose/with-nginx-proxy/mariadb/apache/proxy/Dockerfile +++ b/.examples/docker-compose/with-nginx-proxy/mariadb/apache/proxy/Dockerfile @@ -1,3 +1,3 @@ FROM jwilder/nginx-proxy:alpine -COPY uploadsize.conf /etc/nginx/conf.d/uploadsize.conf +COPY custom.conf /etc/nginx/conf.d/custom.conf diff --git a/.examples/docker-compose/with-nginx-proxy/mariadb/apache/proxy/custom.conf b/.examples/docker-compose/with-nginx-proxy/mariadb/apache/proxy/custom.conf new file mode 100644 index 00000000..38000a6c --- /dev/null +++ b/.examples/docker-compose/with-nginx-proxy/mariadb/apache/proxy/custom.conf @@ -0,0 +1,2 @@ +client_max_body_size 10G; +proxy_cookie_path / "/; HTTPOnly; Secure"; diff --git a/.examples/docker-compose/with-nginx-proxy/mariadb/apache/proxy/uploadsize.conf b/.examples/docker-compose/with-nginx-proxy/mariadb/apache/proxy/uploadsize.conf deleted file mode 100644 index c636de7d..00000000 --- a/.examples/docker-compose/with-nginx-proxy/mariadb/apache/proxy/uploadsize.conf +++ /dev/null @@ -1 +0,0 @@ -client_max_body_size 10G; diff --git a/.examples/docker-compose/with-nginx-proxy/mariadb/fpm/proxy/Dockerfile b/.examples/docker-compose/with-nginx-proxy/mariadb/fpm/proxy/Dockerfile index 242c84e1..367db622 100644 --- a/.examples/docker-compose/with-nginx-proxy/mariadb/fpm/proxy/Dockerfile +++ b/.examples/docker-compose/with-nginx-proxy/mariadb/fpm/proxy/Dockerfile @@ -1,3 +1,3 @@ FROM jwilder/nginx-proxy:alpine -COPY uploadsize.conf /etc/nginx/conf.d/uploadsize.conf +COPY custom.conf /etc/nginx/conf.d/custom.conf diff --git a/.examples/docker-compose/with-nginx-proxy/mariadb/fpm/proxy/custom.conf b/.examples/docker-compose/with-nginx-proxy/mariadb/fpm/proxy/custom.conf new file mode 100644 index 00000000..38000a6c --- /dev/null +++ b/.examples/docker-compose/with-nginx-proxy/mariadb/fpm/proxy/custom.conf @@ -0,0 +1,2 @@ +client_max_body_size 10G; +proxy_cookie_path / "/; HTTPOnly; Secure"; diff --git a/.examples/docker-compose/with-nginx-proxy/mariadb/fpm/proxy/uploadsize.conf b/.examples/docker-compose/with-nginx-proxy/mariadb/fpm/proxy/uploadsize.conf deleted file mode 100644 index c636de7d..00000000 --- a/.examples/docker-compose/with-nginx-proxy/mariadb/fpm/proxy/uploadsize.conf +++ /dev/null @@ -1 +0,0 @@ -client_max_body_size 10G; diff --git a/.examples/docker-compose/with-nginx-proxy/postgres/apache/proxy/Dockerfile b/.examples/docker-compose/with-nginx-proxy/postgres/apache/proxy/Dockerfile index 242c84e1..367db622 100644 --- a/.examples/docker-compose/with-nginx-proxy/postgres/apache/proxy/Dockerfile +++ b/.examples/docker-compose/with-nginx-proxy/postgres/apache/proxy/Dockerfile @@ -1,3 +1,3 @@ FROM jwilder/nginx-proxy:alpine -COPY uploadsize.conf /etc/nginx/conf.d/uploadsize.conf +COPY custom.conf /etc/nginx/conf.d/custom.conf diff --git a/.examples/docker-compose/with-nginx-proxy/postgres/apache/proxy/custom.conf b/.examples/docker-compose/with-nginx-proxy/postgres/apache/proxy/custom.conf new file mode 100644 index 00000000..38000a6c --- /dev/null +++ b/.examples/docker-compose/with-nginx-proxy/postgres/apache/proxy/custom.conf @@ -0,0 +1,2 @@ +client_max_body_size 10G; +proxy_cookie_path / "/; HTTPOnly; Secure"; diff --git a/.examples/docker-compose/with-nginx-proxy/postgres/apache/proxy/uploadsize.conf b/.examples/docker-compose/with-nginx-proxy/postgres/apache/proxy/uploadsize.conf deleted file mode 100644 index c636de7d..00000000 --- a/.examples/docker-compose/with-nginx-proxy/postgres/apache/proxy/uploadsize.conf +++ /dev/null @@ -1 +0,0 @@ -client_max_body_size 10G; diff --git a/.examples/docker-compose/with-nginx-proxy/postgres/fpm/proxy/Dockerfile b/.examples/docker-compose/with-nginx-proxy/postgres/fpm/proxy/Dockerfile index 242c84e1..367db622 100644 --- a/.examples/docker-compose/with-nginx-proxy/postgres/fpm/proxy/Dockerfile +++ b/.examples/docker-compose/with-nginx-proxy/postgres/fpm/proxy/Dockerfile @@ -1,3 +1,3 @@ FROM jwilder/nginx-proxy:alpine -COPY uploadsize.conf /etc/nginx/conf.d/uploadsize.conf +COPY custom.conf /etc/nginx/conf.d/custom.conf diff --git a/.examples/docker-compose/with-nginx-proxy/postgres/fpm/proxy/custom.conf b/.examples/docker-compose/with-nginx-proxy/postgres/fpm/proxy/custom.conf new file mode 100644 index 00000000..38000a6c --- /dev/null +++ b/.examples/docker-compose/with-nginx-proxy/postgres/fpm/proxy/custom.conf @@ -0,0 +1,2 @@ +client_max_body_size 10G; +proxy_cookie_path / "/; HTTPOnly; Secure"; diff --git a/.examples/docker-compose/with-nginx-proxy/postgres/fpm/proxy/uploadsize.conf b/.examples/docker-compose/with-nginx-proxy/postgres/fpm/proxy/uploadsize.conf deleted file mode 100644 index c636de7d..00000000 --- a/.examples/docker-compose/with-nginx-proxy/postgres/fpm/proxy/uploadsize.conf +++ /dev/null @@ -1 +0,0 @@ -client_max_body_size 10G;