From 116ab3b1c229ac9d4b33111e3f7d29d82152fe9a Mon Sep 17 00:00:00 2001 From: Kaloyan Nikolow Date: Mon, 29 Sep 2025 17:09:32 +0300 Subject: [PATCH 1/4] Sync Nginx config with upstream docs Signed-off-by: Kaloyan Nikolow --- .examples/docker-compose/insecure/mariadb/fpm/web/nginx.conf | 4 +--- .examples/docker-compose/insecure/postgres/fpm/web/nginx.conf | 4 +--- .../with-nginx-proxy/postgres/fpm/web/nginx.conf | 4 +--- 3 files changed, 3 insertions(+), 9 deletions(-) diff --git a/.examples/docker-compose/insecure/mariadb/fpm/web/nginx.conf b/.examples/docker-compose/insecure/mariadb/fpm/web/nginx.conf index 0d67b8b0e..32c58209b 100644 --- a/.examples/docker-compose/insecure/mariadb/fpm/web/nginx.conf +++ b/.examples/docker-compose/insecure/mariadb/fpm/web/nginx.conf @@ -83,7 +83,6 @@ http { add_header X-Frame-Options "SAMEORIGIN" always; add_header X-Permitted-Cross-Domain-Policies "none" always; add_header X-Robots-Tag "noindex, nofollow" always; - add_header X-XSS-Protection "1; mode=block" always; # Remove X-Powered-By, which is an information leak fastcgi_hide_header X-Powered-By; @@ -162,7 +161,7 @@ http { fastcgi_pass php-handler; fastcgi_intercept_errors on; - fastcgi_request_buffering off; + fastcgi_request_buffering on; # Required as PHP-FPM does not support chunked transfer encoding and requires a valid ContentLength header. fastcgi_max_temp_file_size 0; } @@ -176,7 +175,6 @@ http { add_header X-Frame-Options "SAMEORIGIN" always; add_header X-Permitted-Cross-Domain-Policies "none" always; add_header X-Robots-Tag "noindex, nofollow" always; - add_header X-XSS-Protection "1; mode=block" always; access_log off; # Optional: Don't log access to assets location ~ \.wasm$ { diff --git a/.examples/docker-compose/insecure/postgres/fpm/web/nginx.conf b/.examples/docker-compose/insecure/postgres/fpm/web/nginx.conf index 0d67b8b0e..32c58209b 100644 --- a/.examples/docker-compose/insecure/postgres/fpm/web/nginx.conf +++ b/.examples/docker-compose/insecure/postgres/fpm/web/nginx.conf @@ -83,7 +83,6 @@ http { add_header X-Frame-Options "SAMEORIGIN" always; add_header X-Permitted-Cross-Domain-Policies "none" always; add_header X-Robots-Tag "noindex, nofollow" always; - add_header X-XSS-Protection "1; mode=block" always; # Remove X-Powered-By, which is an information leak fastcgi_hide_header X-Powered-By; @@ -162,7 +161,7 @@ http { fastcgi_pass php-handler; fastcgi_intercept_errors on; - fastcgi_request_buffering off; + fastcgi_request_buffering on; # Required as PHP-FPM does not support chunked transfer encoding and requires a valid ContentLength header. fastcgi_max_temp_file_size 0; } @@ -176,7 +175,6 @@ http { add_header X-Frame-Options "SAMEORIGIN" always; add_header X-Permitted-Cross-Domain-Policies "none" always; add_header X-Robots-Tag "noindex, nofollow" always; - add_header X-XSS-Protection "1; mode=block" always; access_log off; # Optional: Don't log access to assets location ~ \.wasm$ { diff --git a/.examples/docker-compose/with-nginx-proxy/postgres/fpm/web/nginx.conf b/.examples/docker-compose/with-nginx-proxy/postgres/fpm/web/nginx.conf index f3f90640e..0d736d8c8 100644 --- a/.examples/docker-compose/with-nginx-proxy/postgres/fpm/web/nginx.conf +++ b/.examples/docker-compose/with-nginx-proxy/postgres/fpm/web/nginx.conf @@ -83,7 +83,6 @@ http { add_header X-Frame-Options "SAMEORIGIN" always; add_header X-Permitted-Cross-Domain-Policies "none" always; add_header X-Robots-Tag "noindex, nofollow" always; - add_header X-XSS-Protection "1; mode=block" always; # Remove X-Powered-By, which is an information leak fastcgi_hide_header X-Powered-By; @@ -162,7 +161,7 @@ http { fastcgi_pass php-handler; fastcgi_intercept_errors on; - fastcgi_request_buffering off; + fastcgi_request_buffering on; # Required as PHP-FPM does not support chunked transfer encoding and requires a valid ContentLength header. fastcgi_max_temp_file_size 0; } @@ -176,7 +175,6 @@ http { add_header X-Frame-Options "SAMEORIGIN" always; add_header X-Permitted-Cross-Domain-Policies "none" always; add_header X-Robots-Tag "noindex, nofollow" always; - add_header X-XSS-Protection "1; mode=block" always; access_log off; # Optional: Don't log access to assets location ~ \.wasm$ { From f1be88dc62fe4e4ace77861ce5e31c0525ca275a Mon Sep 17 00:00:00 2001 From: Kaloyan Nikolow Date: Mon, 29 Sep 2025 17:14:18 +0300 Subject: [PATCH 2/4] Sync Nginx config with upstream docs Signed-off-by: Kaloyan Nikolow --- .../with-nginx-proxy/mariadb/fpm/web/nginx.conf | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/.examples/docker-compose/with-nginx-proxy/mariadb/fpm/web/nginx.conf b/.examples/docker-compose/with-nginx-proxy/mariadb/fpm/web/nginx.conf index f3f90640e..0d736d8c8 100644 --- a/.examples/docker-compose/with-nginx-proxy/mariadb/fpm/web/nginx.conf +++ b/.examples/docker-compose/with-nginx-proxy/mariadb/fpm/web/nginx.conf @@ -83,7 +83,6 @@ http { add_header X-Frame-Options "SAMEORIGIN" always; add_header X-Permitted-Cross-Domain-Policies "none" always; add_header X-Robots-Tag "noindex, nofollow" always; - add_header X-XSS-Protection "1; mode=block" always; # Remove X-Powered-By, which is an information leak fastcgi_hide_header X-Powered-By; @@ -162,7 +161,7 @@ http { fastcgi_pass php-handler; fastcgi_intercept_errors on; - fastcgi_request_buffering off; + fastcgi_request_buffering on; # Required as PHP-FPM does not support chunked transfer encoding and requires a valid ContentLength header. fastcgi_max_temp_file_size 0; } @@ -176,7 +175,6 @@ http { add_header X-Frame-Options "SAMEORIGIN" always; add_header X-Permitted-Cross-Domain-Policies "none" always; add_header X-Robots-Tag "noindex, nofollow" always; - add_header X-XSS-Protection "1; mode=block" always; access_log off; # Optional: Don't log access to assets location ~ \.wasm$ { From 63214083cdc31450a0c99cc35905fcd4d1ef6e4f Mon Sep 17 00:00:00 2001 From: Kaloyan Nikolow Date: Mon, 29 Sep 2025 17:19:03 +0300 Subject: [PATCH 3/4] Sync Nginx config with upstream docs Signed-off-by: Kaloyan Nikolow --- .examples/docker-compose/insecure/mariadb/fpm/web/nginx.conf | 4 ---- .examples/docker-compose/insecure/postgres/fpm/web/nginx.conf | 4 ---- .../with-nginx-proxy/mariadb/fpm/web/nginx.conf | 4 ---- .../with-nginx-proxy/postgres/fpm/web/nginx.conf | 4 ---- 4 files changed, 16 deletions(-) diff --git a/.examples/docker-compose/insecure/mariadb/fpm/web/nginx.conf b/.examples/docker-compose/insecure/mariadb/fpm/web/nginx.conf index 32c58209b..7d517b89e 100644 --- a/.examples/docker-compose/insecure/mariadb/fpm/web/nginx.conf +++ b/.examples/docker-compose/insecure/mariadb/fpm/web/nginx.conf @@ -176,10 +176,6 @@ http { add_header X-Permitted-Cross-Domain-Policies "none" always; add_header X-Robots-Tag "noindex, nofollow" always; access_log off; # Optional: Don't log access to assets - - location ~ \.wasm$ { - default_type application/wasm; - } } location ~ \.(otf|woff2?)$ { diff --git a/.examples/docker-compose/insecure/postgres/fpm/web/nginx.conf b/.examples/docker-compose/insecure/postgres/fpm/web/nginx.conf index 32c58209b..7d517b89e 100644 --- a/.examples/docker-compose/insecure/postgres/fpm/web/nginx.conf +++ b/.examples/docker-compose/insecure/postgres/fpm/web/nginx.conf @@ -176,10 +176,6 @@ http { add_header X-Permitted-Cross-Domain-Policies "none" always; add_header X-Robots-Tag "noindex, nofollow" always; access_log off; # Optional: Don't log access to assets - - location ~ \.wasm$ { - default_type application/wasm; - } } location ~ \.(otf|woff2?)$ { diff --git a/.examples/docker-compose/with-nginx-proxy/mariadb/fpm/web/nginx.conf b/.examples/docker-compose/with-nginx-proxy/mariadb/fpm/web/nginx.conf index 0d736d8c8..eb18b4cf0 100644 --- a/.examples/docker-compose/with-nginx-proxy/mariadb/fpm/web/nginx.conf +++ b/.examples/docker-compose/with-nginx-proxy/mariadb/fpm/web/nginx.conf @@ -176,10 +176,6 @@ http { add_header X-Permitted-Cross-Domain-Policies "none" always; add_header X-Robots-Tag "noindex, nofollow" always; access_log off; # Optional: Don't log access to assets - - location ~ \.wasm$ { - default_type application/wasm; - } } location ~ \.(otf|woff2?)$ { diff --git a/.examples/docker-compose/with-nginx-proxy/postgres/fpm/web/nginx.conf b/.examples/docker-compose/with-nginx-proxy/postgres/fpm/web/nginx.conf index 0d736d8c8..eb18b4cf0 100644 --- a/.examples/docker-compose/with-nginx-proxy/postgres/fpm/web/nginx.conf +++ b/.examples/docker-compose/with-nginx-proxy/postgres/fpm/web/nginx.conf @@ -176,10 +176,6 @@ http { add_header X-Permitted-Cross-Domain-Policies "none" always; add_header X-Robots-Tag "noindex, nofollow" always; access_log off; # Optional: Don't log access to assets - - location ~ \.wasm$ { - default_type application/wasm; - } } location ~ \.(otf|woff2?)$ { From 172ec434510e57eb5fec0101686609db6073ec98 Mon Sep 17 00:00:00 2001 From: Kaloyan Nikolow Date: Mon, 29 Sep 2025 17:23:59 +0300 Subject: [PATCH 4/4] Sync Nginx config with upstream docs Signed-off-by: Kaloyan Nikolow --- .examples/docker-compose/insecure/mariadb/fpm/web/nginx.conf | 2 ++ .examples/docker-compose/insecure/postgres/fpm/web/nginx.conf | 2 ++ .../docker-compose/with-nginx-proxy/mariadb/fpm/web/nginx.conf | 2 ++ .../docker-compose/with-nginx-proxy/postgres/fpm/web/nginx.conf | 2 ++ 4 files changed, 8 insertions(+) diff --git a/.examples/docker-compose/insecure/mariadb/fpm/web/nginx.conf b/.examples/docker-compose/insecure/mariadb/fpm/web/nginx.conf index 7d517b89e..7fd0ea8c8 100644 --- a/.examples/docker-compose/insecure/mariadb/fpm/web/nginx.conf +++ b/.examples/docker-compose/insecure/mariadb/fpm/web/nginx.conf @@ -14,6 +14,8 @@ http { default_type application/octet-stream; types { text/javascript mjs; + application/wasm wasm; + } } log_format main '$remote_addr - $remote_user [$time_local] "$request" ' diff --git a/.examples/docker-compose/insecure/postgres/fpm/web/nginx.conf b/.examples/docker-compose/insecure/postgres/fpm/web/nginx.conf index 7d517b89e..7fd0ea8c8 100644 --- a/.examples/docker-compose/insecure/postgres/fpm/web/nginx.conf +++ b/.examples/docker-compose/insecure/postgres/fpm/web/nginx.conf @@ -14,6 +14,8 @@ http { default_type application/octet-stream; types { text/javascript mjs; + application/wasm wasm; + } } log_format main '$remote_addr - $remote_user [$time_local] "$request" ' diff --git a/.examples/docker-compose/with-nginx-proxy/mariadb/fpm/web/nginx.conf b/.examples/docker-compose/with-nginx-proxy/mariadb/fpm/web/nginx.conf index eb18b4cf0..4c4cd7350 100644 --- a/.examples/docker-compose/with-nginx-proxy/mariadb/fpm/web/nginx.conf +++ b/.examples/docker-compose/with-nginx-proxy/mariadb/fpm/web/nginx.conf @@ -14,6 +14,8 @@ http { default_type application/octet-stream; types { text/javascript mjs; + application/wasm wasm; + } } log_format main '$remote_addr - $remote_user [$time_local] "$request" ' diff --git a/.examples/docker-compose/with-nginx-proxy/postgres/fpm/web/nginx.conf b/.examples/docker-compose/with-nginx-proxy/postgres/fpm/web/nginx.conf index eb18b4cf0..4c4cd7350 100644 --- a/.examples/docker-compose/with-nginx-proxy/postgres/fpm/web/nginx.conf +++ b/.examples/docker-compose/with-nginx-proxy/postgres/fpm/web/nginx.conf @@ -14,6 +14,8 @@ http { default_type application/octet-stream; types { text/javascript mjs; + application/wasm wasm; + } } log_format main '$remote_addr - $remote_user [$time_local] "$request" '