Proxy to my shinobi.video service asking to download gzip

The Apache configuration is incredibly simple. The equivalent is proxy / http://localhost:8080/, I believe.


The first nginx configuration translates literally to the Caddyfile:

my.domain {
  header / Strict-Transport-Security "max-age=63072000; includeSubdomains; preload"
  header / X-Robots-Tag "noindex, nofollow, nosnippet, noarchive"
  proxy / http://10.0.0.10:8083/ {
    header_upstream X-Forwarded-For {remote}
    header_upstream Host {host}
    header_upstream Upgrade {>Upgrade}
    header_upstream Connection {>Connection}
    header_upstream X-NginX-Proxy true
    header_upstream X-Real-IP {remote}
  }
}

The proxy block is functionally identical to the following:

  proxy / http://10.0.0.10:8083/ {
    websocket
    transparent
    header_upstream X-NginX-Proxy true
  }

The only difference between them is that the simplified version also sends X-Forwarded-Proto.


The second nginx configuration translates approximately to the Caddyfile:

rewrite {
  to {path}/ /nodejs
}
proxy /nodejs http://<host>:<port> {
  without /nodejs
  header_upstream Upgrade {>Upgrade}
  header_upstream Connection "upgrade"
  header_upstream Host {host}
}

The proxy block here simplifies to:

proxy /nodejs http://<host>:<port> {
  without /nodejs
  websocket
  header_upstream Host {host} # or just put "transparent" here, which sets Host
}

nginx user 2 also states that including X-Frame-Options is the fix. Your config sets header_upstream X-Frame-Options "SAMEORIGIN", but I suspect that’s not effective; X-Frame-Options is meant to inform browsers rendering the page, not the server. Try using header_downstream X-Frame-Options "SAMEORIGIN" instead, to send that header to the client.


https://caddyserver.com/docs/proxy#presets

1 Like