fix security headers and sockets

Signed-off-by: Zoey <zoey@z0ey.de>
This commit is contained in:
Zoey
2023-10-10 19:33:30 +02:00
parent dec9dc990f
commit efcca74d67
11 changed files with 16 additions and 100 deletions

View File

@@ -2,8 +2,6 @@
# Default Site
# ------------------------------------------------------------
server {
listen unix:/run/nginx.sock default_server;
listen 80 default_server;
listen [::]:80 default_server;

View File

@@ -0,0 +1,8 @@
more_set_headers "X-XSS-Protection: 0";
more_set_headers "X-Frame-Options: SAMEORIGIN";
more_set_headers "X-Content-Type-Options: nosniff";
more_set_headers "Referrer-Policy: strict-origin-when-cross-origin";
more_set_headers "Content-Security-Policy: upgrade-insecure-requests";
more_set_headers "Expect-CT: enforce; max-age=86400";
more_set_headers "Strict-Transport-Security: max-age=31536000; includeSubDomains; preload";

View File

@@ -1,6 +1,4 @@
server {
listen unix:/run/nginx.sock;
listen 80;
listen [::]:80;

View File

@@ -23,7 +23,11 @@ http {
lua_package_path "/usr/local/nginx/lib/lua/?.lua;;";
server_tokens off;
hide_server_tokens on;
more_clear_headers "Server";
more_clear_headers "X-Powered-By";
more_clear_headers "X-Page-Speed";
more_clear_headers "X-Varnish";
aio threads;
sendfile on;
tcp_nopush on;