diff --git a/rootfs/etc/nginx/apps/ssl.conf b/rootfs/etc/nginx/apps/ssl.conf index fd1202c5..10061ff1 100644 --- a/rootfs/etc/nginx/apps/ssl.conf +++ b/rootfs/etc/nginx/apps/ssl.conf @@ -19,7 +19,6 @@ if ($https_redirect_mode = '1_https') { } add_header "Strict-Transport-Security" $https_use_hsts; -add_header "Timing-Allow-Origin" $https_use_timing; if ($https_redirect_mode = '1_http') { set $log_host "http301https.tengine.com"; diff --git a/rootfs/etc/nginx/template/nginx.tmpl b/rootfs/etc/nginx/template/nginx.tmpl index efdce8c0..ea38a7c8 100755 --- a/rootfs/etc/nginx/template/nginx.tmpl +++ b/rootfs/etc/nginx/template/nginx.tmpl @@ -240,9 +240,6 @@ http { client_body_buffer_size {{ $cfg.ClientBodyBufferSize }}; client_body_timeout {{ $cfg.ClientBodyTimeout }}s; - http2_max_field_size {{ $cfg.HTTP2MaxFieldSize }}; - http2_max_header_size {{ $cfg.HTTP2MaxHeaderSize }}; - http2_max_requests {{ $cfg.HTTP2MaxRequests }}; http2_max_concurrent_streams {{ $cfg.HTTP2MaxConcurrentStreams }}; types_hash_max_size 2048; @@ -918,6 +915,8 @@ stream { root /etc/nginx/htdocs; } + + {{ if not (empty $server.AuthTLSError) }} # {{ $server.AuthTLSError }} return 403; @@ -1474,6 +1473,7 @@ stream { {{ end }} } + {{ if eq $path "/" }} location /robots.txt { header_filter_by_lua_block { lua_ingress.header() @@ -1490,7 +1490,6 @@ stream { set $log_host "robots.tengine.com"; proxy_set_header Host $http_host; proxy_set_header X-Request-From {{ $all.Cfg.TengineIngressAppName }}; - add_header Timing-Allow-Origin $https_use_timing; {{ if $all.Cfg.TengineReload }} {{ if not $location.DisableRobots }} @@ -1519,6 +1518,7 @@ stream { } {{ end }} {{ end }} + {{ end }} {{ if eq $server.Hostname "_" }} # health checks in cloud providers require the use of port {{ $all.ListenPorts.HTTP }}