From b58a5e377b0d61c0e85cb01f9f399b84458adbdf Mon Sep 17 00:00:00 2001 From: Marius Date: Thu, 22 Feb 2018 08:48:44 +0100 Subject: [PATCH 1/3] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 6f6a41d..cf84adc 100644 --- a/README.md +++ b/README.md @@ -37,7 +37,7 @@ If you meet this criteria, you can clone the git repository and build the binary ```bash git clone git@github.com:tus/tusd.git cd tusd -go build -o tusd cmd/tusd/main +go build -o tusd cmd/tusd/main.go ``` ## Running tusd From f5826fa84fe785b161fc41cfd2fef3dc0bce04bb Mon Sep 17 00:00:00 2001 From: Marius Date: Thu, 22 Feb 2018 21:16:14 +0100 Subject: [PATCH 2/3] Add ProxyPreserveHose to apache2 example See https://github.com/tus/tusd/issues/86#issuecomment-367271450 --- docs/apache2.conf | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/docs/apache2.conf b/docs/apache2.conf index 9718504..f43a565 100644 --- a/docs/apache2.conf +++ b/docs/apache2.conf @@ -12,9 +12,11 @@ SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key - # Tell tusd that the HTTPS protocol is used, in order to - # allow constructing correct upload URLs. + # In order that tusd can construct correct upload URLs, we tell tusd + # that the HTTPS protocol is used and also forward the original Host + # Header. RequestHeader set X-Forwarded-Proto "https" + ProxyPreserveHost on # Pass requests to tusd server ProxyPass /files http://localhost:1080/files From d39e9eac8ab145b181dc02fb01580d3c6baccd3d Mon Sep 17 00:00:00 2001 From: Marius Date: Thu, 22 Feb 2018 21:28:45 +0100 Subject: [PATCH 3/3] Remove unnecessary URL matcher See https://github.com/tus/tusd/commit/755e892e3039f333f2738d44749e6934af8c189e#r27614413, @kvz and @kiloreux --- .infra/kube/tusd-kube.yaml | 10 +--------- 1 file changed, 1 insertion(+), 9 deletions(-) diff --git a/.infra/kube/tusd-kube.yaml b/.infra/kube/tusd-kube.yaml index cffd91f..9b83ccc 100644 --- a/.infra/kube/tusd-kube.yaml +++ b/.infra/kube/tusd-kube.yaml @@ -75,14 +75,6 @@ metadata: annotations: kubernetes.io/tls-acme: "true" kubernetes.io/ingress.class: "nginx" - nginx.ingress.kubernetes.io/configuration-snippet: | - # Security: Don't allow people to upload html and then have browsers parse it - if ($uri ~ \.(?!(jpe?g|gif|png|webp|webm|mp4|mpg|avi|3gp|wav|mp3))$) { - add_header Content-Type application/octet-stream; - add_header Content-Disposition "attachment; filename=$basename"; - add_header X-Download-Options noopen; - add_header X-Content-Type-Options nosniff; - } nginx.ingress.kubernetes.io/proxy-body-size: 0m nginx.ingress.kubernetes.io/proxy-connect-timeout: "300" nginx.ingress.kubernetes.io/proxy-read-timeout: "300" @@ -124,4 +116,4 @@ spec: name: tusd minReplicas: 1 maxReplicas: 5 - targetCPUUtilizationPercentage: 90 \ No newline at end of file + targetCPUUtilizationPercentage: 90