mirror of https://github.com/it-security-kassel-nordhessen/meetup.git
parent: 8282d88b | patch | commit | ignore whitespace
secf00tprint
16.29.2020 c1de94b3a273520edeba1b8bd028afbdca626e60 
add talks nginx-id-provider and oss-bug-bounty-ox
4 files added
110 ■■■■■ changed files
2020_07_15_51st/bug_bounty_ox/BugBountyOSS.pdf 3 ●●●●● patch | view | raw | blame | history
2020_07_15_51st/nginx_id_provider/NGINX.pdf 3 ●●●●● patch | view | raw | blame | history
2020_07_15_51st/nginx_id_provider/gatekeeper.yaml 44 ●●●●● patch | view | raw | blame | history
2020_07_15_51st/nginx_id_provider/nginx.conf 60 ●●●●● patch | view | raw | blame | history 
 2020_07_15_51st/bug_bounty_ox/BugBountyOSS.pdf


New file


@@ -0,0 +1,3 @@


version https://git-lfs.github.com/spec/v1


oid sha256:4ff178fc5a8d5f938a0a2e452a2fad79cd29707984c028cde80f7059bb770a9a


size 122241




 2020_07_15_51st/nginx_id_provider/NGINX.pdf


New file


@@ -0,0 +1,3 @@


version https://git-lfs.github.com/spec/v1


oid sha256:a42c0ea9b251494e8c49cec9e773b9afdb845fe69cbdce63f9a9f53a6ff8c8a3


size 271609




 2020_07_15_51st/nginx_id_provider/gatekeeper.yaml


New file


@@ -0,0 +1,44 @@


$ cat /opt/keycloak-gatekeeper/gatekeeper.yaml 




client-id: docs.heiland.io


client-secret: XXX


discovery-url: https://auth.heiland.io/realms/master




tls-cert: /etc/ssl/certs/heiland.io.cert.pem


tls-private-key: /etc/ssl/private/heiland.io.key.pem




enable-default-deny: true


enable-refresh-tokens: true


preserve-host: true


enable-login-handler: true


http-only-cookie: true


enable-token-header: false


enable-authorization-cookies: false




upstream-timeout: 90s


upstream-keepalive-timeout: 90s


server-read-timeout: 90s


server-idle-timeout: 90s


upstream-response-header-timeout: 90s




encryption-key: XXX


listen: 127.0.0.1:3000


redirection-url: https://docs.heiland.io/


upstream-url: http://127.0.0.1:4181




resources:


  - uri: /*


    roles:


      - docs


  - uri: /admin/*


    methods:


    - GET


    - POST


    roles:


    - openvpn:vpn-user


    - trust_level:highest


    - device_type:managed


    groups:


    - admins


#  headers:


#    X-Example: foobar




 2020_07_15_51st/nginx_id_provider/nginx.conf


New file


@@ -0,0 +1,60 @@


server {


    listen 80;


    listen [::]:80;




    server_name docs.heiland.io;


    server_tokens off;




    include snippets/prod_headers.conf;


    include snippets/prod_headers_hsts.conf;


    include snippets/prod_http10.conf;




    return 301 https://$host$request_uri;


}




server {


    listen 443 ssl http2;


    listen [::]:443 ssl http2;




    server_name docs.heiland.io;


    server_tokens off;


    gzip off;




    include snippets/prod_tls.conf;


    include snippets/prod_headers.conf;


    include snippets/prod_headers_hsts.conf;


    include snippets/prod_headers_hpkp.conf;


    include snippets/prod_http10.conf;




    error_log /var/log/nginx/external_error.log warn;




    location / {


    proxy_pass https://127.0.0.1:3000/;




        include snippets/prod_headers_proxy.conf;




        client_max_body_size 30M;


        proxy_read_timeout 90s;


    }


}




server {


    listen 127.0.0.1:4181;


    listen [::1]:4181;




    server_name docs.heiland.io;




    include snippets/prod_http10.conf;




    error_log /var/log/nginx/internal_error.log warn;




    location / {


        proxy_pass http://127.0.0.1:8000;




        include snippets/prod_headers_proxy.conf;




        proxy_set_header X-Alt-Referer "";


        client_max_body_size 30M;


        proxy_read_timeout 90s;


    }


}