From ae8f76a8faf758c005b854ecb86704ab65ca2a35 Mon Sep 17 00:00:00 2001
From: Asif Bacchus <asif@bacchus.cloud>
Date: Fri, 4 Jan 2019 04:44:37 -0700
Subject: [PATCH] updated configuration files and added proxy headers

---
 etc/nginx/conf.d/proxyHeaders.conf    | 12 ++++++++++++
 etc/nginx/conf.d/securityHeaders.conf |  3 ++-
 etc/nginx/conf.d/timeouts.conf        | 12 ++++++++----
 3 files changed, 22 insertions(+), 5 deletions(-)
 create mode 100644 etc/nginx/conf.d/proxyHeaders.conf

diff --git a/etc/nginx/conf.d/proxyHeaders.conf b/etc/nginx/conf.d/proxyHeaders.conf
new file mode 100644
index 0000000..6a105c9
--- /dev/null
+++ b/etc/nginx/conf.d/proxyHeaders.conf
@@ -0,0 +1,12 @@
+#######
+### NGINX configuration - proxy headers
+#######
+
+proxy_set_header Host $host;
+proxy_set_header X-Real-IP $remote_addr;
+proxy_set_header X-Forwarded-Host $host;
+proxy_set_header X-Forwarded-Protocol $scheme;
+proxy_set_header X-Forwarded-For $remote_addr;
+proxy_set_header X-Forwarded-Port $server_port;
+proxy_set_header X-Forwarded-Server $host;
+proxy_set_header Early-Data $ssl_early_data;
diff --git a/etc/nginx/conf.d/securityHeaders.conf b/etc/nginx/conf.d/securityHeaders.conf
index 9dd36ee..5314eb6 100644
--- a/etc/nginx/conf.d/securityHeaders.conf
+++ b/etc/nginx/conf.d/securityHeaders.conf
@@ -8,4 +8,5 @@ add_header X-Download-Options noopen;
 add_header X-Permitted-Cross-Domain-Policies none;
 add_header X-Content-Type-Options "nosniff" always;
 add_header X-XSS-Protection "1; mode=block" always;
-add_header Referrer-Policy "same-origin" always;
+add_header Referrer-Policy "no-referrer" always;
+add_header Feature-Policy "geolocation 'self'";
diff --git a/etc/nginx/conf.d/timeouts.conf b/etc/nginx/conf.d/timeouts.conf
index 8c12c66..ba0a2ec 100644
--- a/etc/nginx/conf.d/timeouts.conf
+++ b/etc/nginx/conf.d/timeouts.conf
@@ -2,7 +2,11 @@
 ### NGINX configurations - timeouts
 #######
 
-client_body_timeout 12s;
-client_header_timeout 12s;
-keepalive_timeout 15s;
-send_timeout 10s;
+client_body_timeout 12;
+client_header_timeout 12;
+keepalive_timeout 15;
+send_timeout 300;
+reset_timedout_connection on;
+proxy_connect_timeout 300s;
+proxy_send_timeout 300s;
+proxy_read_timeout 300s;