search

mediacms-io / mediacms

MediaCMS is a modern, fully featured open source video and media CMS, written in Python/Django and React, featuring a REST API.
https://mediacms.io
GNU Affero General Public License v3.0
2.74k stars 507 forks source link

Reverse proxy configuration #983

Open SKJoy opened 6 months ago

SKJoy commented 6 months ago

Note: Not really an issue rather a help request.

Context: I am implementing MediaCMS for one of my clients and they want it through a reverse proxy, NginX in this case. The application works just fine without issues.

Argument: The client has an argument that the view count is not reflecting while NginX reverse proxy is being used! My opinion: This really not possible, right? No intermediate cache server is being used either.

Points

Current NginX configuration:

server {
    listen                          *:443 ssl;

    ssl_certificate                 /etc/letsencrypt/live/DOMAIN.TLD/fullchain.pem;
    ssl_certificate_key             /etc/letsencrypt/live/DOMAIN.TLD/privkey.pem;
    ssl_protocols                   TLSv1.2;
    ssl_ciphers                     EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA!RC4:EECDH:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS;
    ssl_prefer_server_ciphers       on;
    ssl_session_cache               shared:SSL:10m;
    ssl_session_timeout             60m;

    add_header                      Strict-Transport-Security "max-age=31536000";
    add_header                      X-Cache "HIT from Backend";
    add_header                      X-XSS-Protection "1; mode=block" always;
    add_header                      X-Content-Type-Options "nosniff" always;

    proxy_headers_hash_max_size     1024;
    proxy_headers_hash_bucket_size  512; 
    proxy_redirect                  off;
    proxy_set_header                Host $host;
    proxy_set_header                X-Real-IP $remote_addr;
    proxy_set_header                X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header                X-Forwarded-Server $host;
    proxy_set_header                X-Forwarded-Proto $scheme;
    proxy_set_header                X-Forwarded-Host $host;
    proxy_set_header                X-Forwarded-Port $server_port;
    proxy_http_version              1.1;
    proxy_set_header                Upgrade $http_upgrade;
    proxy_set_header                Connection "Upgrade";

    client_max_body_size            100M;
    server_name                     DOMAIN.TLD;

    location / {proxy_pass http://APPLICATION_SERVER_IP_ADDRESS:80/;}

    access_log                      /WWW/DOMAIN.TLD/log/nginx/access.log combined;
    error_log                       /WWW/DOMAIN.TLD/log/nginx/error.log error;
}

Thanks in advance :) This is a WONDERFUL piece of software :)