samuel/netoik-rp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
af2b40516f2580a896d9fb9b8e41ace2aefb5c7f
netoik-rp/conf/_security.conf
samuel af2b40516f Add nginx security conf
2026-01-01 15:40:05 +01:00

23 lines
1.9 KiB
Plaintext
Raw Blame History

# Configure secure access with letsencrypt
ssl_certificate /etc/letsencrypt/live/netoik.io/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/netoik.io/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
ssl_session_cache shared:SSL:1m;
# Add some basic security headers from OWASP
# see: https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Headers_Cheat_Sheet.html
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload;" always;
add_header X-Frame-Options "DENY" always;
add_header X-XSS-Protection "0" always;
add_header X-Content-Type-Options "nosniff" always;
add_header Referrer-Policy "strict-origin-when-cross-origin" always;
add_header Content-Security-Policy "default-src 'self'; frame-ancestors 'self'; form-action 'self';" always;
add_header Cross-Origin-Opener-Policy "same-origin" always;
add_header Cross-Origin-Resource-Policy "same-site" always;
add_header Permissions-Policy "geolocation=(), camera=(), microphone=()" always;
add_header Server "webserver" always;
add_header X-Robots-Tag "noindex, nofollow" always;
Reference in New Issue View Git Blame Copy Permalink