fix stream/allow editing modsec conf/readme changes/dep updates

Signed-off-by: Zoey <zoey@z0ey.de>

rootfs/usr/local/nginx/conf/conf.d/include/hsts.conf

@@ -2,6 +2,6 @@ more_set_headers "X-XSS-Protection: 0";
 more_set_headers "X-Frame-Options: SAMEORIGIN";
 more_set_headers "X-Content-Type-Options: nosniff";
 more_set_headers "Referrer-Policy: strict-origin-when-cross-origin";
-more_set_headers "Content-Security-Policy: upgrade-insecure-requests";
+more_set_headers "Content-Security-Policy: $content_security_policy";
 
-more_set_headers "Strict-Transport-Security: max-age=31536000; includeSubDomains; preload";
+more_set_headers "Strict-Transport-Security: max-age=31536000; includeSubDomains; preload";

rootfs/usr/local/nginx/conf/conf.d/include/modsecurity-crs.conf

@@ -0,0 +1,4 @@
+Include /data/etc/modsecurity/modsecurity-default.conf
+Include /data/etc/modsecurity/modsecurity-extra.conf
+Include /data/etc/modsecurity/crs-setup.conf
+Include /usr/local/nginx/conf/conf.d/include/coreruleset/rules/*.conf

rootfs/usr/local/nginx/conf/conf.d/include/modsecurity.conf

@@ -0,0 +1,2 @@
+Include /data/etc/modsecurity/modsecurity-default.conf
+Include /data/etc/modsecurity/modsecurity-extra.conf

rootfs/usr/local/nginx/conf/nginx.conf

@@ -62,9 +62,9 @@ http {
     limit_req_zone $binary_remote_addr zone=one:10m rate=180r/s;
     limit_req zone=one burst=1800;
 
-    # Default upstream scheme
-    map $host $forward_scheme {
-        default http;
+    map $upstream_http_content_security_policy $content_security_policy {
+        default $upstream_http_content_security_policy;
+        '' "upgrade-insecure-requests";
     }
 
     # Websocket