diff --git a/angie/conf.dist/http-response-headers.conf.j2 b/angie/autoconf.dist/http-response-headers.conf.j2 similarity index 100% rename from angie/conf.dist/http-response-headers.conf.j2 rename to angie/autoconf.dist/http-response-headers.conf.j2 diff --git a/angie/conf.dist/http-quic-gso.conf b/angie/conf.dist/http-quic-gso.conf deleted file mode 100644 index 2b55f0e..0000000 --- a/angie/conf.dist/http-quic-gso.conf +++ /dev/null @@ -1,3 +0,0 @@ -quic_gso on; - -proxy_quic_gso on; \ No newline at end of file diff --git a/angie/conf.dist/http-quic-gso.conf.j2 b/angie/conf.dist/http-quic-gso.conf.j2 new file mode 100644 index 0000000..78464ea --- /dev/null +++ b/angie/conf.dist/http-quic-gso.conf.j2 @@ -0,0 +1,5 @@ +quic_gso on; + +{%- if env.NGX_HTTP_NO_PROXY == '0' %} +proxy_quic_gso on; +{%- endif %} \ No newline at end of file diff --git a/angie/conf.dist/http3/param.conf b/angie/conf.dist/http3/param.conf.j2 similarity index 69% rename from angie/conf.dist/http3/param.conf rename to angie/conf.dist/http3/param.conf.j2 index a20caca..a15fac2 100644 --- a/angie/conf.dist/http3/param.conf +++ b/angie/conf.dist/http3/param.conf.j2 @@ -2,6 +2,8 @@ http3_max_concurrent_streams 128; #default http3_stream_buffer_size 64k; #default quic_active_connection_id_limit 3; +{%- if env.NGX_HTTP_NO_PROXY == '0' %} proxy_http3_max_concurrent_streams 128; #default proxy_http3_stream_buffer_size 64k; #default -proxy_quic_active_connection_id_limit 3; \ No newline at end of file +proxy_quic_active_connection_id_limit 3; +{%- endif %} \ No newline at end of file diff --git a/angie/j2cfg.dist/headers-response-common.yml.j2 b/angie/j2cfg.dist/headers-response-common.yml.j2 new file mode 100644 index 0000000..b2d7cac --- /dev/null +++ b/angie/j2cfg.dist/headers-response-common.yml.j2 @@ -0,0 +1,9 @@ +{% if env.NGX_HTTP_TRANSPARENT_PROXY == '0' %} +response_headers: + Permissions-Policy: "accelerometer=(), autoplay=(), browsing-topics=(), camera=(), clipboard-read=(), clipboard-write=(), geolocation=(), gyroscope=(), hid=(), interest-cohort=(), magnetometer=(), microphone=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), sync-xhr=(), usb=()" + Referrer-Policy: "no-referrer-when-downgrade" + Strict-Transport-Security: "max-age=15724800; includeSubDomains; preload" + X-Content-Type-Options: "nosniff" + X-Frame-Options: "SAMEORIGIN" + X-XSS-Protection: "1; mode=block" +{% endif %} \ No newline at end of file diff --git a/angie/j2cfg.dist/headers-response.yml b/angie/j2cfg.dist/headers-response.yml deleted file mode 100644 index 4a2466e..0000000 --- a/angie/j2cfg.dist/headers-response.yml +++ /dev/null @@ -1,7 +0,0 @@ -response_headers: - Permissions-Policy: "microphone=(), camera=(), geolocation=(), interest-cohort=()" - Referrer-Policy: "no-referrer-when-downgrade" - Strict-Transport-Security: "max-age=15724800; includeSubDomains; preload" - X-Content-Type-Options: "nosniff" - X-Frame-Options: "SAMEORIGIN" - X-XSS-Protection: "1; mode=block" \ No newline at end of file diff --git a/image-entry.d/21-http-modules.envsh b/image-entry.d/21-http-modules.envsh index a9450dd..c02de83 100755 --- a/image-entry.d/21-http-modules.envsh +++ b/image-entry.d/21-http-modules.envsh @@ -4,6 +4,7 @@ if [ "${NGX_HTTP}" = 0 ] ; then unset NGX_HTTP_NO_PROXY NGX_HTTP_WITH_MODSECURITY else NGX_HTTP_NO_PROXY=$(gobool_to_int "${NGX_HTTP_NO_PROXY:-0}" 0) + export NGX_HTTP_NO_PROXY if [ "${NGX_HTTP_NO_PROXY}" = 0 ] ; then NGX_HTTP_CONFLOAD=$(append_list "${NGX_HTTP_CONFLOAD}" proxy) fi