forked from Ponysearch/Ponysearch
6b59800dc6
The suggested configurations for nginx found in the documentation and templates lead to vulnerabilities allowing host spoofing [1] and path traversal [2], as reported by Gixy [3]. This commit fixes those issues. [1] https://github.com/yandex/gixy/blob/master/docs/en/plugins/hostspoofing.md [2] https://github.com/yandex/gixy/blob/master/docs/en/plugins/aliastraversal.md [3] https://github.com/yandex/gixy
16 lines
526 B
Text
16 lines
526 B
Text
# https://example.org/searx
|
|
|
|
location ${SEARX_URL_PATH} {
|
|
proxy_pass http://127.0.0.1:4004/;
|
|
|
|
proxy_set_header Host \$host;
|
|
proxy_set_header Connection \$http_connection;
|
|
proxy_set_header X-Real-IP \$remote_addr;
|
|
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Scheme \$scheme;
|
|
proxy_set_header X-Script-Name ${SEARX_URL_PATH};
|
|
}
|
|
|
|
location ${SEARX_URL_PATH}/static/ {
|
|
alias ${SEARX_SRC}/searx/static/;
|
|
}
|