aboutsummaryrefslogtreecommitdiffstats
path: root/spring-front/nginx.conf
diff options
context:
space:
mode:
authorterminaldweller <devi@terminaldweller.com>2023-05-09 19:14:27 +0000
committerterminaldweller <devi@terminaldweller.com>2023-05-09 19:14:27 +0000
commitbf2024e1b385e59326f8f8357cccb7347abaac97 (patch)
tree8586e4325f2e75a7667081f1aa15dda817e2ff31 /spring-front/nginx.conf
parentremoved the docs, we no longer need them (diff)
downloadmdrtl-main.tar.gz
mdrtl-main.zip
updated the package.lock and changed compose bind mount so we dont to change cert name manuallyHEADmain
Diffstat (limited to 'spring-front/nginx.conf')
-rw-r--r--spring-front/nginx.conf11
1 files changed, 6 insertions, 5 deletions
diff --git a/spring-front/nginx.conf b/spring-front/nginx.conf
index cf2a208..03efdb9 100644
--- a/spring-front/nginx.conf
+++ b/spring-front/nginx.conf
@@ -9,9 +9,9 @@ http {
listen 443 ssl http2;
keepalive_timeout 60;
charset utf-8;
- ssl_certificate /certs/server.cert;
- ssl_certificate_key /certs/server.key;
- ssl_protocols TLSv1.2 TLSv1.3;
+ ssl_certificate /etc/letsencrypt/live/editor.terminaldweller.com/fullchain.pem;
+ ssl_certificate_key /etc/letsencrypt/live/editor.terminaldweller.com/privkey.pem;
+ ssl_protocols TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_session_cache shared:SSL:50m;
ssl_session_timeout 1d;
@@ -19,12 +19,13 @@ http {
ssl_prefer_server_ciphers on;
sendfile on;
tcp_nopush on;
- add_header X-Content-Type-Options "nosniff" always;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
- add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' unpkg.com cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' unpkg.com cdnjs.cloudflare.com; connect-src *;";
+ add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' unpkg.com cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' unpkg.com cdnjs.cloudflare.com; connect-src *; object-src none;";
add_header X-Frame-Options SAMEORIGIN always;
+ add_header X-Content-Type-Options "nosniff" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header Permissions-Policy "geolocation=(self),midi=(self),sync-xhr=(self),microphone=(self),camera=(self),magnetometer=(self),gyroscope=(self),fullscreen=(self),payment=(self),usb=(self)";
+ add_header Referrer-Policy "no-referrer";
fastcgi_hide_header X-Powered-By;
resolver 9.9.9.9 208.67.222.222;
ssl_stapling on;