Hugging Face's logo

Spaces:
mantrakp
/
sheer
Running

App Files Community
barreloflube commited on
Commit
b2069e9
·
1 Parent(s): bafb6c9

chore: Improve Nginx configuration and Dockerfile security

Browse files
Files changed (2) hide show
  1. Dockerfile +15 -3
  2. nginx.conf +39 -17
Dockerfile CHANGED
@@ -1,8 +1,20 @@
1
  FROM nginx:alpine
2
 
3
- # Create a custom nginx configuration
4
- RUN rm /etc/nginx/conf.d/default.conf
5
- COPY nginx.conf /etc/nginx/conf.d/
 
 
 
 
 
 
 
 
 
 
 
 
6
 
7
  # Expose port 7860
8
  EXPOSE 7860
 
1
  FROM nginx:alpine
2
 
3
+ # Create directories and set permissions first
4
+ RUN mkdir -p /var/cache/nginx/client_temp /var/cache/nginx/proxy_temp \
5
+ /var/cache/nginx/fastcgi_temp /var/cache/nginx/uwsgi_temp /var/cache/nginx/scgi_temp \
6
+ && chmod 700 /var/cache/nginx/* \
7
+ && chown -R nginx:nginx /var/cache/nginx
8
+
9
+ # Copy our custom nginx.conf to replace the default one
10
+ COPY nginx.conf /etc/nginx/nginx.conf
11
+ RUN chown -R nginx:nginx /etc/nginx
12
+
13
+ # Clean up default conf
14
+ RUN rm -f /etc/nginx/conf.d/default.conf
15
+
16
+ # Switch to non-root user
17
+ USER nginx
18
 
19
  # Expose port 7860
20
  EXPOSE 7860
nginx.conf CHANGED
@@ -1,22 +1,44 @@
1
- server {
2
- listen 7860;
3
- server_name localhost;
4
 
5
- location / {
6
- proxy_pass https://sheer-8kp.pages.dev/;
7
- proxy_set_header Host sheer-8kp.pages.dev;
8
- proxy_set_header X-Real-IP $remote_addr;
9
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
10
- proxy_set_header X-Forwarded-Proto $scheme;
11
- proxy_ssl_server_name on;
12
 
13
- # Additional useful headers
14
- proxy_set_header Upgrade $http_upgrade;
15
- proxy_set_header Connection "upgrade";
16
 
17
- # Timeout settings
18
- proxy_read_timeout 90;
19
- proxy_connect_timeout 90;
20
- proxy_send_timeout 90;
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
21
  }
22
  }
 
1
+ worker_processes auto;
2
+ pid /tmp/nginx.pid;
 
3
 
4
+ events {
5
+ worker_connections 1024;
6
+ }
 
 
 
 
7
 
8
+ http {
9
+ include /etc/nginx/mime.types;
10
+ default_type application/octet-stream;
11
 
12
+ # Define temp file paths with permissions we can write to
13
+ client_body_temp_path /var/cache/nginx/client_temp;
14
+ proxy_temp_path /var/cache/nginx/proxy_temp;
15
+ fastcgi_temp_path /var/cache/nginx/fastcgi_temp;
16
+ uwsgi_temp_path /var/cache/nginx/uwsgi_temp;
17
+ scgi_temp_path /var/cache/nginx/scgi_temp;
18
+
19
+ sendfile on;
20
+ keepalive_timeout 65;
21
+
22
+ server {
23
+ listen 7860;
24
+ server_name localhost;
25
+
26
+ location / {
27
+ proxy_pass https://sheer-8kp.pages.dev/;
28
+ proxy_set_header Host sheer-8kp.pages.dev;
29
+ proxy_set_header X-Real-IP $remote_addr;
30
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
31
+ proxy_set_header X-Forwarded-Proto $scheme;
32
+ proxy_ssl_server_name on;
33
+
34
+ # Additional useful headers
35
+ proxy_set_header Upgrade $http_upgrade;
36
+ proxy_set_header Connection "upgrade";
37
+
38
+ # Timeout settings
39
+ proxy_read_timeout 90;
40
+ proxy_connect_timeout 90;
41
+ proxy_send_timeout 90;
42
+ }
43
  }
44
  }