Martin/proxmox-infrastruktur
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Security Hardening und Dokumentation

Browse Source 
Aenderungen:
- nginx: http2 Direktive aktualisiert (deprecated Syntax)
- nginx: proxy_max_temp_file_size entfernt (Windows-inkompatibel)
- nginx: Rate Limiting aktiviert

Dokumentation:
- Stolperfallen und Lessons Learned hinzugefuegt
- Changelog aktualisiert mit allen Security-Massnahmen

Getestet:
- Alle Services erreichbar (Vaultwarden, Nextcloud, Gitea, Websites)
- nginx Config validiert
- Rate Limiting aktiv

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
Martin Eckardt
2025-12-28 17:56:31 +01:00
parent 364e058b8c
commit 5607b338ba
3 changed files with 147 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
configs/nginx/nginx.conf
View File

@@ -65,7 +65,8 @@ http {
# eckardt-vault.duckdns.org - Main Services
# ============================================
server {
listen 443 ssl http2;
listen 443 ssl;
http2 on;
server_name eckardt-vault.duckdns.org;
ssl_certificate C:/nginx/ssl/eckardt-vault.duckdns.org-chain.pem;
@@ -123,7 +124,8 @@ http {
# eckardt-cloud.duckdns.org - Nextcloud
# ============================================
server {
listen 443 ssl http2;
listen 443 ssl;
http2 on;
server_name eckardt-cloud.duckdns.org;
ssl_certificate C:/nginx/ssl/eckardt-cloud.duckdns.org-chain.pem;
@@ -141,7 +143,6 @@ http {
proxy_set_header X-Forwarded-Proto $scheme;
# Nextcloud specific
proxy_max_temp_file_size 10240m;
proxy_connect_timeout 300;
proxy_send_timeout 300;
proxy_read_timeout 300;
@@ -152,7 +153,8 @@ http {
# eckardt-git.duckdns.org - Gitea
# ============================================
server {
listen 443 ssl http2;
listen 443 ssl;
http2 on;
server_name eckardt-git.duckdns.org;
ssl_certificate C:/nginx/ssl/eckardt-git.duckdns.org-chain.pem;