feat(nginx): add hardened nginx app with security improvements

- Rate limiting (10 req/s per IP, burst 20) - Modern security headers (X-Frame-Options, X-Content-Type-Options, Referrer-Policy, Permissions-Policy) - Request body size limits (50m) - Fixed header inheritance bug in static files location block - Removed unused form fields (NGINX_INTERNAL_PORT, NGINX_ENABLE_ACCESS_LOG) - SSL handled by Runtipi reverse proxy Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-12 11:00:24 +01:00
parent 698bccf49d
commit 430f6e2baa
10 changed files with 422 additions and 0 deletions
--- a/apps/nginx/config.json
+++ b/apps/nginx/config.json
@@ -0,0 +1,28 @@
+{
+  "$schema": "https://schemas.runtipi.io/config.json",
+  "name": "Nginx Custom",
+  "id": "nginx-custom",
+  "available": true,
+  "short_desc": "Serveur web Nginx avec configuration personnalisable",
+  "author": "Nginx Inc.",
+  "port": 8080,
+  "exposable": true,
+  "dynamic_config": true,
+  "min_tipi_version": "4.5.0",
+  "version": "1.0.0",
+  "tipiVersion": 1,
+  "categories": ["utilities", "network"],
+  "description": "Nginx est un serveur web haute performance avec des volumes montés pour la configuration et le contenu des sites.",
+  "website": "https://nginx.org",
+  "supported_architectures": ["amd64", "arm64"],
+  "form_fields": [
+    {
+      "type": "text",
+      "label": "Nom du serveur (server_name)",
+      "hint": "Ex: monsite.local ou localhost",
+      "required": false,
+      "env_variable": "NGINX_SERVER_NAME",
+      "default": "localhost"
+    }
+  ]
+}