installation.mdx: Add code markers, lint (#3863)

Add nginx and Apache markdown code block tags, as well as lint nginx configs.
Netflix · Oct 12, 2023 · 398e839 · 398e839
1 parent 01ceadc
commit 398e839
Showing 1 changed file with 53 additions and 52 deletions.
diff --git a/docs/docs/administration/installation.mdx b/docs/docs/administration/installation.mdx
@@ -115,38 +115,40 @@ proxy_pass passes the external request to the Python process. The port must matc
 
 You can make some adjustments to get a better user experience:
 
+```nginx
 server_tokens off;
 add_header X-Frame-Options DENY;
 add_header X-Content-Type-Options nosniff;
 add_header X-XSS-Protection "1; mode=block";
 
 server {
-listen 80;
-return 301 https://$host$request_uri;
+    listen 80;
+    return 301 https://$host$request_uri;
 }
 
 server {
-listen 443;
-access_log /var/log/nginx/log/dispatch.access.log;
-error_log /var/log/nginx/log/dispatch.error.log;
-
-location /api {
-proxy_pass http://127.0.0.1:8000;
-proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
-proxy_redirect off;
-proxy_buffering off;
-proxy_set_header Host $host;
-proxy_set_header X-Real-IP $remote_addr;
-proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
-}
+    listen 443;
+    access_log /var/log/nginx/log/dispatch.access.log;
+    error_log /var/log/nginx/log/dispatch.error.log;
+
+    location /api {
+        proxy_pass http://127.0.0.1:8000;
+        proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
+        proxy_redirect off;
+        proxy_buffering off;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
+    }
 
     location / {
         root /path/to/dispatch/static/dist;
         include mime.types;
         index index.html;
     }
-
 }
+```
+
 Nginx will serve the favicon and static files, which it is much better at than python.
 
 We recommended that you deploy TLS when deploying Dispatch. It may be obvious given Dispatch’s purpose, but the sensitive nature of Dispatch and what it controls makes this essential. A sample config for Dispatch that also terminates TLS:
@@ -155,79 +157,78 @@ We recommended that you deploy TLS when deploying Dispatch. It may be obvious gi
 Some paths will have to be adjusted based on where you have chosen to install Dispatch.
 :::
 
-```
+```nginx
 server_tokens off;
 add_header X-Frame-Options DENY;
 add_header X-Content-Type-Options nosniff;
 add_header X-XSS-Protection "1; mode=block";
 
 server {
-listen 80;
-return 301 https://$host$request_uri;
+    listen 80;
+    return 301 https://$host$request_uri;
 }
 
 server {
-listen 443;
-access_log /var/log/nginx/log/dispatch.access.log;
-error_log /var/log/nginx/log/dispatch.error.log;
+    listen 443;
+    access_log /var/log/nginx/log/dispatch.access.log;
+    error_log /var/log/nginx/log/dispatch.error.log;
 
-# certs sent to the client in SERVER HELLO are concatenated in ssl_certificate
+    # certs sent to the client in SERVER HELLO are concatenated in ssl_certificate
 
-ssl_certificate /path/to/signed_cert_plus_intermediates;
-ssl_certificate_key /path/to/private_key;
-ssl_session_timeout 1d;
-ssl_session_cache shared:SSL:50m;
+    ssl_certificate /path/to/signed_cert_plus_intermediates;
+    ssl_certificate_key /path/to/private_key;
+    ssl_session_timeout 1d;
+    ssl_session_cache shared:SSL:50m;
 
-# Diffie-Hellman parameter for DHE cipher suites, recommended 2048 bits
+    # Diffie-Hellman parameter for DHE cipher suites, recommended 2048 bits
 
-ssl_dhparam /path/to/dhparam.pem;
+    ssl_dhparam /path/to/dhparam.pem;
 
-# modern configuration. tweak to your needs.
+    # modern configuration. tweak to your needs.
 
-ssl_protocols TLSv1.1 TLSv1.2;
-ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK';
-ssl_prefer_server_ciphers on;
+    ssl_protocols TLSv1.1 TLSv1.2;
+    ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK';
+    ssl_prefer_server_ciphers on;
 
-# HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months)
+    # HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months)
 
-add_header Strict-Transport-Security max-age=15768000;
+    add_header Strict-Transport-Security max-age=15768000;
 
-# OCSP Stapling ---
+    # OCSP Stapling ---
 
-# fetch OCSP records from URL in ssl_certificate and cache them
+    # fetch OCSP records from URL in ssl_certificate and cache them
 
-ssl_stapling on;
-ssl_stapling_verify on;
+    ssl_stapling on;
+    ssl_stapling_verify on;
 
-## verify chain of trust of OCSP response using Root CA and Intermediate certs
+    ## verify chain of trust of OCSP response using Root CA and Intermediate certs
 
-ssl_trusted_certificate /path/to/root_CA_cert_plus_intermediates;
+    ssl_trusted_certificate /path/to/root_CA_cert_plus_intermediates;
 
-resolver <IP DNS resolver>;
+    resolver <IP DNS resolver>;
 
-location /api {
-proxy_pass http://127.0.0.1:8000;
-proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
-proxy_redirect off;
-proxy_buffering off;
-proxy_set_header Host $host;
+    location /api {
+        proxy_pass http://127.0.0.1:8000;
+        proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
+        proxy_redirect off;
+        proxy_buffering off;
+        proxy_set_header Host $host;
         proxy_set_header        X-Real-IP       $remote_addr;
-proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
-}
+        proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
+    }
 
     location / {
         root /path/to/dispatch/static/dist;
         include mime.types;
         index index.html;
     }
-
 }
 ```
 
 Apache
 An example apache config:
 
-```
+```apache
 <VirtualHost \*:443>
 ...
 SSLEngine on