diff options
Diffstat (limited to 'terminaldweller.com/cgit/cgit.conf')
| -rw-r--r-- | terminaldweller.com/cgit/cgit.conf | 11 |
1 files changed, 10 insertions, 1 deletions
diff --git a/terminaldweller.com/cgit/cgit.conf b/terminaldweller.com/cgit/cgit.conf index e180158..82a9877 100644 --- a/terminaldweller.com/cgit/cgit.conf +++ b/terminaldweller.com/cgit/cgit.conf @@ -1,10 +1,19 @@ -server.modules += ( "mod_cgi", "mod_rewrite", "mod_openssl" ) +server.modules += ( "mod_cgi", "mod_rewrite", "mod_openssl", "mod_setenv" ) $SERVER["socket"] == ":443" { ssl.engine = "enable" ssl.pemfile = "/etc/certs/fullchain1.pem" ssl.privkey = "/etc/certs/privkey1.pem" + setenv.add-response-header = ( + "Strict-Transport-Security"=>"max-age=63072000; includeSubdomains", + "X-Frame-Options"=>"DENY", + "X-XSS-Protection"=>"1; mode=block", + "X-Content-Type-Options" => "nosniff", + "Content-Security-Policy" => "script-src 'self'; object-src 'self'", + "X-Permitted-Cross-Domain-Policies" => "none", + "Referrer-Policy" => "no-referrer") + server.name = "git.terminaldweller.com" server.document-root = "/usr/share/webapps/cgit/" |