Select Git revision
CHANGELOG.md
-
semantic-release-bot authored
## [0.56.2](https://github.com/saltstack-formulas/mysql-formula/compare/v0.56.1...v0.56.2) (2021-09-04) ### Bug Fixes * **centos7:** add correct pymysql package on cent7/saltpy3 ([9722b021](https://github.com/saltstack-formulas/mysql-formula/commit/9722b0218763c56b7bb1096b421058e6898ae55e)) * **ci:** corrected ruby last else ([df2fa300](https://github.com/saltstack-formulas/mysql-formula/commit/df2fa300eff9c07e54967a3ef1366c57896b4eb5)) ### Continuous Integration * **centos:** add centos ci; fix test pillar ([060b43f3](https://github.com/saltstack-formulas/mysql-formula/commit/060b43f3036bbdfd1c0910fe91ff280221ef116c))
semantic-release-bot authored## [0.56.2](https://github.com/saltstack-formulas/mysql-formula/compare/v0.56.1...v0.56.2) (2021-09-04) ### Bug Fixes * **centos7:** add correct pymysql package on cent7/saltpy3 ([9722b021](https://github.com/saltstack-formulas/mysql-formula/commit/9722b0218763c56b7bb1096b421058e6898ae55e)) * **ci:** corrected ruby last else ([df2fa300](https://github.com/saltstack-formulas/mysql-formula/commit/df2fa300eff9c07e54967a3ef1366c57896b4eb5)) ### Continuous Integration * **centos:** add centos ci; fix test pillar ([060b43f3](https://github.com/saltstack-formulas/mysql-formula/commit/060b43f3036bbdfd1c0910fe91ff280221ef116c))
To find the state of this project's repository at the time of any of these versions, check out the tags.
nginx.conf 5.18 KiB
# This file is written by salt. Don't even think about it.
upstream postgrest_{{ instance_name }} {
server localhost:{{ postgrest_port }};
keepalive 64;
}
{% if nginx_conf.http or nginx_conf.redirect_to_https %}
server {
listen {{ nginx_conf.get('http_port', '80') }};
server_name {{ nginx_conf.fqdn }};
{% if nginx_conf.redirect_to_https %}
return 301 https://$server_name$request_uri;
{% elif nginx_conf.http %}
location / {
default_type application/json;
proxy_hide_header Content-Location;
add_header Content-Location /$upstream_http_content_location;
proxy_pass http://postgrest_{{ instance_name }};
proxy_set_header X-Real-IP $remote_addr;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
{% endif %}
}
{% endif %}
{% if nginx_conf.https %}
server {
server_name {{ nginx_conf.fqdn }};
listen {{ nginx_conf.get('https_port', '443') }};
ssl_session_cache shared:SSL:50m;
ssl_session_timeout 5m;
ssl on;
ssl_certificate /etc/hsh-certs/{{ nginx_conf.get('ssl_cert_name', instance_name) }}.pem;
ssl_certificate_key /etc/hsh-certs/{{ nginx_conf.get('ssl_cert_name', instance_name) }}.key;
# Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits
ssl_dhparam /etc/hsh-certs/{{ nginx_conf.get('ssl_cert_name', instance_name) }}.dhparam.pem;
{% if nginx_conf.client_ca is defined %}
ssl_verify_client on;
ssl_client_certificate /etc/hsh-certs/{{ nginx_conf.get('ssl_cert_name'), instance_name }}
{% endif %}
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
# don't send the nginx version number in error pages and Server header
server_tokens off;
# config to don't allow the browser to render the page inside an frame or iframe
# and avoid clickjacking http://en.wikipedia.org/wiki/Clickjacking
# if you need to allow [i]frames, you can use SAMEORIGIN or even set an uri with ALLOW-FROM uri
# https://developer.mozilla.org/en-US/docs/HTTP/X-Frame-Options
add_header X-Frame-Options SAMEORIGIN;
# when serving user-supplied content, include a X-Content-Type-Options: nosniff header along with the Content-Type: header,
# to disable content-type sniffing on some browsers.
# https://www.owasp.org/index.php/List_of_useful_HTTP_headers
# currently suppoorted in IE > 8 http://blogs.msdn.com/b/ie/archive/2008/09/02/ie8-security-part-vi-beta-2-update.aspx
# http://msdn.microsoft.com/en-us/library/ie/gg622941(v=vs.85).aspx
# 'soon' on Firefox https://bugzilla.mozilla.org/show_bug.cgi?id=471020
add_header X-Content-Type-Options nosniff;
# This header enables the Cross-site scripting (XSS) filter built into most recent web browsers.
# It's usually enabled by default anyway, so the role of this header is to re-enable the filter for
# this particular website if it was disabled by the user.
# https://www.owasp.org/index.php/List_of_useful_HTTP_headers
add_header X-XSS-Protection "1; mode=block";
# be as restrictive as possible
add_header Content_Security_Policy "default-src 'none'";
# config to enable HSTS(HTTP Strict Transport Security) https://developer.mozilla.org/en-US/docs/Security/HTTP_Strict_Transport_Security
# to avoid ssl stripping https://en.wikipedia.org/wiki/SSL_stripping#SSL_stripping
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
location / {
default_type application/json;
proxy_hide_header Content-Location;
add_header Content-Location /$upstream_http_content_location;
proxy_pass http://postgrest_{{ instance_name }};
proxy_set_header X-Real-IP $remote_addr;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
{% endif %}