add talks nginx-id-provider and oss-bug-bounty-ox

it-security-kassel-nordhessen · Jul 16, 2020 · c1de94b · c1de94b
1 parent 8282d88
commit c1de94b
Show file tree

Hide file tree

Showing 4 changed files with 104 additions and 0 deletions.
diff --git a/2020_07_15_51st/bug_bounty_ox/BugBountyOSS.pdf b/2020_07_15_51st/bug_bounty_ox/BugBountyOSS.pdf
diff --git a/2020_07_15_51st/nginx_id_provider/NGINX.pdf b/2020_07_15_51st/nginx_id_provider/NGINX.pdf
diff --git a/2020_07_15_51st/nginx_id_provider/gatekeeper.yaml b/2020_07_15_51st/nginx_id_provider/gatekeeper.yaml
@@ -0,0 +1,44 @@
+$ cat /opt/keycloak-gatekeeper/gatekeeper.yaml 
+
+client-id: docs.heiland.io
+client-secret: XXX
+discovery-url: https://auth.heiland.io/realms/master
+
+tls-cert: /etc/ssl/certs/heiland.io.cert.pem
+tls-private-key: /etc/ssl/private/heiland.io.key.pem
+
+enable-default-deny: true
+enable-refresh-tokens: true
+preserve-host: true
+enable-login-handler: true
+http-only-cookie: true
+enable-token-header: false
+enable-authorization-cookies: false
+
+upstream-timeout: 90s
+upstream-keepalive-timeout: 90s
+server-read-timeout: 90s
+server-idle-timeout: 90s
+upstream-response-header-timeout: 90s
+
+encryption-key: XXX
+listen: 127.0.0.1:3000
+redirection-url: https://docs.heiland.io/
+upstream-url: http://127.0.0.1:4181
+
+resources:
+  - uri: /*
+    roles:
+      - docs
+  - uri: /admin/*
+    methods:
+    - GET
+    - POST
+    roles:
+    - openvpn:vpn-user
+    - trust_level:highest
+    - device_type:managed
+    groups:
+    - admins
+#  headers:
+#    X-Example: foobar
diff --git a/2020_07_15_51st/nginx_id_provider/nginx.conf b/2020_07_15_51st/nginx_id_provider/nginx.conf
@@ -0,0 +1,60 @@
+server {
+    listen 80;
+    listen [::]:80;
+
+    server_name docs.heiland.io;
+    server_tokens off;
+
+    include snippets/prod_headers.conf;
+    include snippets/prod_headers_hsts.conf;
+    include snippets/prod_http10.conf;
+
+    return 301 https://$host$request_uri;
+}
+
+server {
+    listen 443 ssl http2;
+    listen [::]:443 ssl http2;
+
+    server_name docs.heiland.io;
+    server_tokens off;
+    gzip off;
+
+    include snippets/prod_tls.conf;
+    include snippets/prod_headers.conf;
+    include snippets/prod_headers_hsts.conf;
+    include snippets/prod_headers_hpkp.conf;
+    include snippets/prod_http10.conf;
+
+    error_log /var/log/nginx/external_error.log warn;
+
+    location / {
+	proxy_pass https://127.0.0.1:3000/;
+
+        include snippets/prod_headers_proxy.conf;
+
+        client_max_body_size 30M;
+        proxy_read_timeout 90s;
+    }
+}
+
+server {
+    listen 127.0.0.1:4181;
+    listen [::1]:4181;
+
+    server_name docs.heiland.io;
+
+    include snippets/prod_http10.conf;
+
+    error_log /var/log/nginx/internal_error.log warn;
+
+    location / {
+        proxy_pass http://127.0.0.1:8000;
+
+        include snippets/prod_headers_proxy.conf;
+
+        proxy_set_header X-Alt-Referer "";
+        client_max_body_size 30M;
+        proxy_read_timeout 90s;
+    }
+}