fix security headers and sockets

Signed-off-by: Zoey <zoey@z0ey.de>

backend/templates/_hsts.conf

@@ -1,17 +1,7 @@
 {% if certificate and certificate_id > 0 -%}
 {% if ssl_forced == 1 or ssl_forced == true %}
 {% if hsts_enabled == 1 or hsts_enabled == true %}
-  add_header X-XSS-Protection "0" always;
-  add_header X-Frame-Options "SAMEORIGIN" always;
-  add_header X-Content-Type-Options "nosniff" always;
-  add_header Referrer-Policy "strict-origin-when-cross-origin" always;
-  add_header Content-Security-Policy "default-src https: 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests" always;
-
-  add_header Expect-CT "enforce; max-age=86400" always;
-  add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
-
-  add_header Cross-Origin-Embedder-Policy-Report-Only "require-corp; report-to='default'" always;
-  add_header Cross-Origin-Opener-Policy-Report-Only "same-origin-allow-popups; report-to='default'" always;
+  include conf.d/include/hsts.conf;
 {% endif %}
 {% endif %}
 {% endif %}

backend/templates/_listen.conf

@@ -1,4 +1,4 @@
-  listen unix:/run/nginx.sock;
+  listen unix:/run/nginx-{{ id }}.sock;
 
   listen 80;
   listen [::]:80;

backend/templates/certbot-request.conf

@@ -1,18 +0,0 @@
-{% include "_header_comment.conf" %}
-
-server {
-  listen unix:/run/nginx.sock;
-
-  listen 80;
-  listen [::]:80;
-
-  server_name {{ domain_names | join: " " }};
-
-  include conf.d/include/acme-challenge.conf;
-  include conf.d/include/block-exploits.conf;
-
-  location / {
-    include conf.d/include/acme-challenge.conf;
-    return 404;
-  }
-}

backend/templates/default.conf

@@ -2,8 +2,6 @@
 # Default Site
 # ------------------------------------------------------------
 server {
-  listen unix:/run/nginx.sock default_server;
-
   listen 80 default_server;
   listen [::]:80 default_server;