diff options
author | terminaldweller <devi@terminaldweller.com> | 2023-05-09 19:14:27 +0000 |
---|---|---|
committer | terminaldweller <devi@terminaldweller.com> | 2023-05-09 19:14:27 +0000 |
commit | bf2024e1b385e59326f8f8357cccb7347abaac97 (patch) | |
tree | 8586e4325f2e75a7667081f1aa15dda817e2ff31 /spring-front/nginx.conf | |
parent | removed the docs, we no longer need them (diff) | |
download | mdrtl-main.tar.gz mdrtl-main.zip |
updated the package.lock and changed compose bind mount so we dont to change cert name manuallyHEADmain
Diffstat (limited to 'spring-front/nginx.conf')
-rw-r--r-- | spring-front/nginx.conf | 11 |
1 files changed, 6 insertions, 5 deletions
diff --git a/spring-front/nginx.conf b/spring-front/nginx.conf index cf2a208..03efdb9 100644 --- a/spring-front/nginx.conf +++ b/spring-front/nginx.conf @@ -9,9 +9,9 @@ http { listen 443 ssl http2; keepalive_timeout 60; charset utf-8; - ssl_certificate /certs/server.cert; - ssl_certificate_key /certs/server.key; - ssl_protocols TLSv1.2 TLSv1.3; + ssl_certificate /etc/letsencrypt/live/editor.terminaldweller.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/editor.terminaldweller.com/privkey.pem; + ssl_protocols TLSv1.3; ssl_ciphers HIGH:!aNULL:!MD5; ssl_session_cache shared:SSL:50m; ssl_session_timeout 1d; @@ -19,12 +19,13 @@ http { ssl_prefer_server_ciphers on; sendfile on; tcp_nopush on; - add_header X-Content-Type-Options "nosniff" always; add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; - add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' unpkg.com cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' unpkg.com cdnjs.cloudflare.com; connect-src *;"; + add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' unpkg.com cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' unpkg.com cdnjs.cloudflare.com; connect-src *; object-src none;"; add_header X-Frame-Options SAMEORIGIN always; + add_header X-Content-Type-Options "nosniff" always; add_header X-XSS-Protection "1; mode=block" always; add_header Permissions-Policy "geolocation=(self),midi=(self),sync-xhr=(self),microphone=(self),camera=(self),magnetometer=(self),gyroscope=(self),fullscreen=(self),payment=(self),usb=(self)"; + add_header Referrer-Policy "no-referrer"; fastcgi_hide_header X-Powered-By; resolver 9.9.9.9 208.67.222.222; ssl_stapling on; |