Fix mimetype filter @kvz
This commit is contained in:
parent
ca69a48f69
commit
755e892e30
|
@ -40,7 +40,8 @@ spec:
|
||||||
requests:
|
requests:
|
||||||
memory: "1Gi"
|
memory: "1Gi"
|
||||||
ports:
|
ports:
|
||||||
- containerPort: 8080
|
- name: tusd-web
|
||||||
|
containerPort: 8080
|
||||||
securityContext:
|
securityContext:
|
||||||
runAsUser: 0
|
runAsUser: 0
|
||||||
fsGroup: 0
|
fsGroup: 0
|
||||||
|
@ -59,7 +60,8 @@ metadata:
|
||||||
namespace: tus
|
namespace: tus
|
||||||
spec:
|
spec:
|
||||||
ports:
|
ports:
|
||||||
- port: 80
|
- name: tusd-web
|
||||||
|
port: 80
|
||||||
targetPort: 8080
|
targetPort: 8080
|
||||||
protocol: TCP
|
protocol: TCP
|
||||||
selector:
|
selector:
|
||||||
|
@ -73,6 +75,14 @@ metadata:
|
||||||
annotations:
|
annotations:
|
||||||
kubernetes.io/tls-acme: "true"
|
kubernetes.io/tls-acme: "true"
|
||||||
kubernetes.io/ingress.class: "nginx"
|
kubernetes.io/ingress.class: "nginx"
|
||||||
|
nginx.ingress.kubernetes.io/configuration-snippet: |
|
||||||
|
# Security: Don't allow people to upload html and then have browsers parse it
|
||||||
|
if ($uri ~ \.(?!(jpe?g|gif|png|webp|webm|mp4|mpg|avi|3gp|wav|mp3))$) {
|
||||||
|
add_header Content-Type application/octet-stream;
|
||||||
|
add_header Content-Disposition "attachment; filename=$basename";
|
||||||
|
add_header X-Download-Options noopen;
|
||||||
|
add_header X-Content-Type-Options nosniff;
|
||||||
|
}
|
||||||
nginx.ingress.kubernetes.io/proxy-body-size: 0m
|
nginx.ingress.kubernetes.io/proxy-body-size: 0m
|
||||||
nginx.ingress.kubernetes.io/proxy-connect-timeout: "300"
|
nginx.ingress.kubernetes.io/proxy-connect-timeout: "300"
|
||||||
nginx.ingress.kubernetes.io/proxy-read-timeout: "300"
|
nginx.ingress.kubernetes.io/proxy-read-timeout: "300"
|
||||||
|
|
Loading…
Reference in New Issue