body injection feature and add authelia to documentation
This commit is contained in:
parent
c894c8370e
commit
cec47f3a75
|
@ -0,0 +1 @@
|
|||
sub_filter '</body>' '{{ INJECT_BODY }}</body>';
|
|
@ -166,8 +166,13 @@ server {
|
|||
|
||||
# authelia
|
||||
{% if USE_AUTHELIA == "yes" %}
|
||||
include {{ NGINX_PREFIX}}authelia-upstream.conf;
|
||||
include {{ NGINX_PREFIX}}authelia-auth-request.conf;
|
||||
include {{ NGINX_PREFIX }}authelia-upstream.conf;
|
||||
include {{ NGINX_PREFIX }}authelia-auth-request.conf;
|
||||
{% endif %}
|
||||
|
||||
# inject into body
|
||||
{% if INJECT_BODY != "" %}
|
||||
include {{ NGINX_PREFIX}}inject-body.conf;
|
||||
{% endif %}
|
||||
|
||||
# reverse proxy
|
||||
|
|
|
@ -99,6 +99,12 @@ Default value : 2048
|
|||
Context : *global*
|
||||
Sets the value of the [worker_rlimit_nofile](https://nginx.org/en/docs/ngx_core_module.html#worker_rlimit_nofile) directive.
|
||||
|
||||
`INJECT_BODY`
|
||||
Values : *\<any HTML code\>*
|
||||
Default value :
|
||||
Context : *global*, *multisite*
|
||||
Use this variable to inject any HTML code you want before the \</body\> tag (e.g. : `\<script src="https://..."\>`)
|
||||
|
||||
### Information leak
|
||||
|
||||
`SERVER_TOKENS`
|
||||
|
@ -860,23 +866,43 @@ Context : *global*, *multisite*
|
|||
List of HTTP status codes considered as "suspicious".
|
||||
|
||||
`BAD_BEHAVIOR_THRESHOLD`
|
||||
Values : *<any positive integer>*
|
||||
Values : *\<any positive integer\>*
|
||||
Default value : *10*
|
||||
Context : *global*, *multisite*
|
||||
The number of "suspicious" HTTP status code before the corresponding IP is banned.
|
||||
|
||||
`BAD_BEHAVIOR_BAN_TIME`
|
||||
Values : *<any positive integer>*
|
||||
Values : *\<any positive integer\>*
|
||||
Default value : *86400*
|
||||
Context : *global*, *multisite*
|
||||
The duration time (in seconds) of a ban when the corresponding IP has reached the `BAD_BEHAVIOR_THRESHOLD`.
|
||||
|
||||
`BAD_BEHAVIOR_COUNT_TIME`
|
||||
Values : *<any positive integer>*
|
||||
Values : *\<any positive integer\>*
|
||||
Default value : *60*
|
||||
Context : *global*, *multisite*
|
||||
The duration time (in seconds) before the counter of "suspicious" HTTP is reset.
|
||||
|
||||
## Authelia
|
||||
|
||||
`USE_AUTHELIA`
|
||||
Values : *yes* | *no*
|
||||
Default value : *no*
|
||||
Context : *global*, *multisite*
|
||||
Enable or disable [Authelia](https://www.authelia.com/) support. See the [authelia example](https://github.com/bunkerity/bunkerized-nginx/tree/master/examples/authelia) for more information on how to setup Authelia with bunkerized-nginx.
|
||||
|
||||
`AUTHELIA_BACKEND`
|
||||
Values : *\<any valid http(s) address\>*
|
||||
Default value :
|
||||
Context : *global*, *multisite*
|
||||
The public Authelia address that users will be redirect to when they will be asked to login (e.g. : `https://auth.example.com`).
|
||||
|
||||
`AUTHELIA_UPSTREAM`
|
||||
Values : *\<any valid http(s) address\>*
|
||||
Default value :
|
||||
Context : *global*, *multisite*
|
||||
The private Authelia address when doing requests from nginx (e.g. : http://my-authelia.local:9091).
|
||||
|
||||
## misc
|
||||
|
||||
`SWARM_MODE`
|
||||
|
|
|
@ -935,6 +935,15 @@
|
|||
"label": "Serve files",
|
||||
"regex": "^(yes|no)$",
|
||||
"type": "checkbox"
|
||||
},
|
||||
{
|
||||
"context": "multisite",
|
||||
"default": "",
|
||||
"env": "INJECT_BODY",
|
||||
"id": "inject-body",
|
||||
"label": "Custom code to inject into the page before closing the body",
|
||||
"regex": ".*",
|
||||
"type": "text"
|
||||
}
|
||||
]
|
||||
},
|
||||
|
|
Loading…
Reference in New Issue