From ce4c64435015786c7dc4f163d5c09523aa9c3437 Mon Sep 17 00:00:00 2001
From: Ananyobrata Pal <ananyo141@gmail.com>
Date: Sat, 13 Apr 2024 02:46:54 +0530
Subject: [PATCH] fix(nginx): a hotfix to disable setting Host header on /media
 routes

---
 nginx.conf | 175 +++++++++++++++++++++++++++++++++++++++++------------
 1 file changed, 135 insertions(+), 40 deletions(-)

diff --git a/nginx.conf b/nginx.conf
index b2d7be8..452099b 100644
--- a/nginx.conf
+++ b/nginx.conf
@@ -1,5 +1,3 @@
-## NOTE: https://github.com/minio/minio/blob/master/docs/orchestration/docker-compose/nginx.conf
-
 ##
 # You should look at the following URL's in order to grasp a solid understanding
 # of Nginx configuration files in order to fully unleash the power of Nginx.
@@ -20,6 +18,10 @@
 
 # Default server configuration
 #
+
+limit_req_zone $binary_remote_addr zone=mylimit:10m rate=10r/s;
+client_max_body_size 0;
+
 server {
 	listen 80 default_server;
 	listen [::]:80 default_server;
@@ -47,10 +49,40 @@ server {
 
 	server_name _;
 
+
+	    # Rate limit
+    limit_req zone=mylimit burst=20 nodelay;
+    limit_req_status 429;
+    limit_conn_status 429;
+    # To allow special characters in headers
+    ignore_invalid_headers off;
+    # Allow any size file to be uploaded.
+    # To disable buffering
+    proxy_buffering off;
+    proxy_request_buffering off;
+
+    proxy_set_header Host $http_host;
+    proxy_set_header X-Real-IP $remote_addr;
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header X-Forwarded-Proto $scheme;
+
+    proxy_connect_timeout 300;
+    # Default is HTTP/1, keepalive is only enabled in HTTP/1.1
+    proxy_http_version 1.1;
+    proxy_set_header Connection "";
+    chunked_transfer_encoding off;
+
+	# To support websocket
+	proxy_set_header Upgrade $http_upgrade;
+	proxy_set_header Connection "upgrade";
+
 	location / {
 		# First attempt to serve request as file, then
 		# as directory, then fall back to displaying a 404.
-		try_files $uri $uri/ =404;
+		# try_files $uri $uri/ =404;
+
+		proxy_pass http://localhost:8001;
+		#proxy_pass http://34.93.62.62;
 	}
 
 	# pass PHP scripts to FastCGI server
@@ -92,10 +124,8 @@ server {
 #	}
 #}
 
-# Rate limit
-limit_req_zone $binary_remote_addr zone=mylimit:10m rate=10r/s;
-# Set to a value such as 1000m; to restrict file size to a specific value
-client_max_body_size 0;
+
+
 server {
 
 	# SSL configuration
@@ -118,9 +148,10 @@ server {
 
 	# Add index.php to the list if you are using PHP
 	index index.html index.htm index.nginx-debian.html;
-	server_name videosite.ddns.net; # managed by Certbot
+    server_name videosite.ddns.net; # managed by Certbot
 
-    # Rate limit
+
+	    # Rate limit
     limit_req zone=mylimit burst=20 nodelay;
     limit_req_status 429;
     limit_conn_status 429;
@@ -141,44 +172,107 @@ server {
     proxy_http_version 1.1;
     proxy_set_header Connection "";
     chunked_transfer_encoding off;
-  
+
 	# To support websocket
 	proxy_set_header Upgrade $http_upgrade;
 	proxy_set_header Connection "upgrade";
 
+	location /media {
+		# First attempt to serve request as file, then
+		# as directory, then fall back to displaying a 404.
+		# try_files $uri $uri/ =404;
+		    if ($request_method = 'OPTIONS') {
+        add_header 'Access-Control-Allow-Origin' '*';
+        add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, OPTIONS';
+        #
+        # Custom headers and headers various browsers *should* be OK with but aren't
+        #
+	# add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';
+        add_header 'Access-Control-Allow-Headers' '*';
+        #
+        # Tell client that this pre-flight info is valid for 20 days
+        #
+        add_header 'Access-Control-Max-Age' 1728000;
+        add_header 'Content-Type' 'text/plain; charset=utf-8';
+        add_header 'Content-Length' 0;
+        return 204;
+     }
+     if ($request_method = 'POST') {
+        add_header 'Access-Control-Allow-Origin' '*' always;
+        add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS' always;
+	#add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range' always;
+        add_header 'Access-Control-Allow-Headers' '*';
+        add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range' always;
+     }
+     if ($request_method = 'GET') {
+        add_header 'Access-Control-Allow-Origin' '*' always;
+        add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS' always;
+	#add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range' always;
+        add_header 'Access-Control-Allow-Headers' '*';
+        add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range' always;
+     }
+     #proxy_set_header 'Host' 'video-bucket:9000';
+     proxy_pass http://localhost:8001;
+     #proxy_pass http://34.93.62.62;
+	}
 	location / {
-      # https://enable-cors.org/server_nginx.html
-      if ($request_method = 'OPTIONS') {
-          add_header 'Access-Control-Allow-Origin' '*';
-          add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
-          #
-          # Custom headers and headers various browsers *should* be OK with but aren't
-          #
-          # add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';
-          add_header 'Access-Control-Allow-Headers' '*';
-          #
-          # Tell client that this pre-flight info is valid for 20 days
-          #
-          add_header 'Access-Control-Max-Age' 1728000;
-          add_header 'Content-Type' 'text/plain; charset=utf-8';
-          add_header 'Content-Length' 0;
-          return 204;
-      }
-      if ($request_method = 'POST') {
-          add_header 'Access-Control-Allow-Origin' '*' always;
-          add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS' always;
-          add_header 'Access-Control-Allow-Headers' '*' always;
-          add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range' always;
-      }
-      if ($request_method = 'GET') {
-          add_header 'Access-Control-Allow-Origin' '*' always;
-          add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS' always;
-          add_header 'Access-Control-Allow-Headers' '*' always;
-          add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range' always;
-      }
-      proxy_pass http://localhost:8001;
+		# First attempt to serve request as file, then
+		# as directory, then fall back to displaying a 404.
+		# try_files $uri $uri/ =404;
+		    if ($request_method = 'OPTIONS') {
+        add_header 'Access-Control-Allow-Origin' '*';
+        add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, OPTIONS';
+        #
+        # Custom headers and headers various browsers *should* be OK with but aren't
+        #
+	# add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';
+        add_header 'Access-Control-Allow-Headers' '*';
+        #
+        # Tell client that this pre-flight info is valid for 20 days
+        #
+        add_header 'Access-Control-Max-Age' 1728000;
+        add_header 'Content-Type' 'text/plain; charset=utf-8';
+        add_header 'Content-Length' 0;
+        return 204;
+     }
+     if ($request_method = 'POST') {
+        add_header 'Access-Control-Allow-Origin' '*' always;
+        add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS' always;
+	#add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range' always;
+        add_header 'Access-Control-Allow-Headers' '*';
+        add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range' always;
+     }
+     if ($request_method = 'GET') {
+        add_header 'Access-Control-Allow-Origin' '*' always;
+        add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS' always;
+	#add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range' always;
+        add_header 'Access-Control-Allow-Headers' '*';
+        add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range' always;
+     }
+     proxy_set_header 'Host' 'video-bucket:9000';
+     proxy_pass http://localhost:8001;
+     #proxy_pass http://34.93.62.62;
 	}
 
+	# pass PHP scripts to FastCGI server
+	#
+	#location ~ \.php$ {
+	#	include snippets/fastcgi-php.conf;
+	#
+	#	# With php-fpm (or other unix sockets):
+	#	fastcgi_pass unix:/run/php/php7.4-fpm.sock;
+	#	# With php-cgi (or other tcp sockets):
+	#	fastcgi_pass 127.0.0.1:9000;
+	#}
+
+	# deny access to .htaccess files, if Apache's document root
+	# concurs with nginx's one
+	#
+	#location ~ /\.ht {
+	#	deny all;
+	#}
+
+
     listen [::]:443 ssl ipv6only=on; # managed by Certbot
     listen 443 ssl; # managed by Certbot
     ssl_certificate /etc/letsencrypt/live/videosite.ddns.net/fullchain.pem; # managed by Certbot
@@ -187,6 +281,7 @@ server {
     ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
 
 }
+
 server {
     if ($host = videosite.ddns.net) {
         return 301 https://$host$request_uri;