diff --git a/.infra/kube/tusd-kube.yaml b/.infra/kube/tusd-kube.yaml index cffd91f..9b83ccc 100644 --- a/.infra/kube/tusd-kube.yaml +++ b/.infra/kube/tusd-kube.yaml @@ -75,14 +75,6 @@ metadata: annotations: kubernetes.io/tls-acme: "true" kubernetes.io/ingress.class: "nginx" - nginx.ingress.kubernetes.io/configuration-snippet: | - # Security: Don't allow people to upload html and then have browsers parse it - if ($uri ~ \.(?!(jpe?g|gif|png|webp|webm|mp4|mpg|avi|3gp|wav|mp3))$) { - add_header Content-Type application/octet-stream; - add_header Content-Disposition "attachment; filename=$basename"; - add_header X-Download-Options noopen; - add_header X-Content-Type-Options nosniff; - } nginx.ingress.kubernetes.io/proxy-body-size: 0m nginx.ingress.kubernetes.io/proxy-connect-timeout: "300" nginx.ingress.kubernetes.io/proxy-read-timeout: "300" @@ -124,4 +116,4 @@ spec: name: tusd minReplicas: 1 maxReplicas: 5 - targetCPUUtilizationPercentage: 90 \ No newline at end of file + targetCPUUtilizationPercentage: 90 diff --git a/README.md b/README.md index 6f6a41d..cf84adc 100644 --- a/README.md +++ b/README.md @@ -37,7 +37,7 @@ If you meet this criteria, you can clone the git repository and build the binary ```bash git clone git@github.com:tus/tusd.git cd tusd -go build -o tusd cmd/tusd/main +go build -o tusd cmd/tusd/main.go ``` ## Running tusd diff --git a/docs/apache2.conf b/docs/apache2.conf index 9718504..f43a565 100644 --- a/docs/apache2.conf +++ b/docs/apache2.conf @@ -12,9 +12,11 @@ SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key - # Tell tusd that the HTTPS protocol is used, in order to - # allow constructing correct upload URLs. + # In order that tusd can construct correct upload URLs, we tell tusd + # that the HTTPS protocol is used and also forward the original Host + # Header. RequestHeader set X-Forwarded-Proto "https" + ProxyPreserveHost on # Pass requests to tusd server ProxyPass /files http://localhost:1080/files