Support/runtipi-appstore
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

feat(nginx): add hardened nginx app with security improvements
Some checks failed
Test / test (push) Has been cancelled
Details

Browse Source 
- Rate limiting (10 req/s per IP, burst 20)
- Modern security headers (X-Frame-Options, X-Content-Type-Options, Referrer-Policy, Permissions-Policy)
- Request body size limits (50m)
- Fixed header inheritance bug in static files location block
- Removed unused form fields (NGINX_INTERNAL_PORT, NGINX_ENABLE_ACCESS_LOG)
- SSL handled by Runtipi reverse proxy

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Gui-Gos
2026-02-12 11:00:24 +01:00
parent 698bccf49d
commit 430f6e2baa
10 changed files with 422 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

60
apps/nginx/docker-compose.json Normal file
View File

@@ -0,0 +1,60 @@
{
"schemaVersion": 2,
"$schema": "https://schemas.runtipi.io/dynamic-compose.json",
"services": [
{
"name": "nginx-custom",
"image": "nginx:latest",
"isMain": true,
"internalPort": 80,
"volumes": [
{
"hostPath": "${APP_DATA_DIR}/conf.d",
"containerPath": "/etc/nginx/conf.d",
"readOnly": false
},
{
"hostPath": "${APP_DATA_DIR}/nginx.conf",
"containerPath": "/etc/nginx/nginx.conf",
"readOnly": false
},
{
"hostPath": "${APP_DATA_DIR}/www",
"containerPath": "/var/www",
"readOnly": false
},
{
"hostPath": "${APP_DATA_DIR}/html",
"containerPath": "/usr/share/nginx/html",
"readOnly": false
},
{
"hostPath": "${APP_DATA_DIR}/logs",
"containerPath": "/var/log/nginx",
"readOnly": false
},
{
"hostPath": "${APP_DATA_DIR}/ssl",
"containerPath": "/etc/nginx/ssl",
"readOnly": true
}
],
"environment": [
{
"key": "NGINX_HOST",
"value": "${NGINX_SERVER_NAME:-localhost}"
},
{
"key": "TZ",
"value": "${TZ:-Europe/Paris}"
}
],
"healthCheck": {
"test": "curl --fail http://localhost:80 || exit 1",
"interval": "30s",
"timeout": "10s",
"retries": 3
}
}
]
}