Having said that I wasn't happy with the fact that I was forwarding all requests to Indigo so I set myself into improving the security of my setup. First I needed to know what paths I needed to redirect, for which I found this post (10+ years thread but still useful!). Below is a section of my final nginx.conf server section config which I added comments to explain all the different settings I use:
- Code: Select all
server {
# Add Strict-Transport-Security to my domain
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains; preload";
# Reduces information returned on errors
server_tokens off;
# Block any user agents that are not Indigo Touch
if ($http_user_agent !~* (Indigo%20Touch) )
{
# 444 is a non-standard HTTP status code used to instruct nginx to close the connection without sending
# a response to the client, most commonly used to deny suspected malicious or malformed requests
return 444;
}
# Block any methods other than GET, HEAD or POST
if ($request_method !~ ^(GET|HEAD|POST)$ )
{
# 444 is a non-standard HTTP status code used to instruct nginx to close the connection without sending
# a response to the client, most commonly used to deny suspected malicious or malformed requests
return 444;
}
listen 4321 ssl;
# Enforce TSL v1.2 or above
ssl_protocols TLSv1.2 TLSv1.3;
# Reverse proxies for Indigo Touch
location /indigo/ {
proxy_pass http://localhost:1234/indigo/;
}
location /serverrequest {
proxy_pass http://localhost:1234/serverrequest;
}
location /servercommand {
proxy_pass http://localhost:1234/servercommand;
}
For obvious reasons I have changed the port numbers that I use but in the above example I listen publicly on port 4321 and forward to my local machine in port 1234. Also note I use localhost since I am running nginx on the same Mac that Indigo runs but if you had nginx running on another machine this would be your local address of your Indigo Server.
Enjoy!