samuel/netoik-rp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
d8b747e315cf6f5009ddb2aff39fededd9fc430f
netoik-rp/files/nginx/0_security.conf
samuel 7e59f820a3
All checks were successful
Continuous Integration / lint_n_build (push) Successful in 21s
Details
Continuous Delivery / build_n_upload (push) Successful in 22s
Details
feat: add csp data type
2026-03-08 16:08:13 +01:00

31 lines
2.7 KiB
Plaintext
Raw Blame History

# Configure secure access with letsencrypt
ssl_certificate /etc/letsencrypt/live/netoik.io/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/netoik.io/privkey.pem;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
# Add some ssl settings from Mozilla
# see: https://ssl-config.mozilla.org
ssl_protocols TLSv1.3;
ssl_ecdh_curve X25519:prime256v1:secp384r1;
ssl_prefer_server_ciphers off;
ssl_stapling on;
ssl_stapling_verify on;
resolver 127.0.0.1;
# Add some basic security headers from OWASP
# see: https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Headers_Cheat_Sheet.html
# And Nextcloud doc
# see: https://docs.nextcloud.com/server/31/admin_manual/installation/harden_server.html
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload;" always;
add_header X-Frame-Options "sameorigin" always;
add_header X-XSS-Protection "1;mode=block" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-Permitted-Cross-Domain-Policies "none" always;
add_header Referrer-Policy "strict-origin-when-cross-origin" always;
add_header Content-Security-Policy "default-src 'self' 'unsafe-inline' data:; frame-ancestors 'self'; form-action 'self';" always;
add_header Cross-Origin-Opener-Policy "same-origin" always;
add_header Cross-Origin-Resource-Policy "same-site" always;
add_header Permissions-Policy "geolocation=(), camera=(), microphone=()" always;
add_header Server "webserver" always;
add_header X-Robots-Tag "noindex, nofollow" always;
Reference in New Issue View Git Blame Copy Permalink