negodiy/docker-inventaire
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

package and document reverse proxy configuration

Browse Source
This commit is contained in:
jums
2025-02-23 08:42:09 +01:00
parent 75fa3ffa18
commit c14c486a35
4 changed files with 241 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
nginx/snippets/security_headers.conf Executable file
View File

@@ -0,0 +1,12 @@
# add_header from parent blocks are ignored when the current block also calls add_header
# Thus the need for this snippet, to redefine the same headers in many blocks
# See http://nginx.org/en/docs/http/ngx_http_headers_module.html#add_header
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always;
# opt out Google Floc see: https://plausible.io/blog/google-floc#how-to-opt-out-of-floc-as-a-web-developer-set-a-permissions-policy
add_header Permissions-Policy interest-cohort=();
# source: https://gist.github.com/plentz/6737338
add_header X-Frame-Options "SAMEORIGIN" always;
# source: https://scotthelme.co.uk/hardening-your-http-response-headers/#x-content-type-options
add_header X-Content-Type-Options 'nosniff' always;
# source: https://scotthelme.co.uk/a-new-security-header-referrer-policy/
add_header Referrer-Policy 'strict-origin' always;

11
nginx/snippets/ssl.conf Normal file
View File

@@ -0,0 +1,11 @@
# Recommended by https://ssl-config.mozilla.org/#server=nginx&version=1.18.0&config=intermediate&openssl=1.1.1f&guideline=5.6
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers on;
ssl_stapling on;
ssl_stapling_verify on;
ssl_dhparam /etc/nginx/dhparam.pem;