# NGINX general configuration for Docker services.
# Uses ngx_http_headers_more_filter_module to inherit the security headers.
# Note, this is not a really restrictive policy!
# Feel free to customize the particular vhost definitions.

# Doesn't explore unnecessary info.
#
server_tokens off;

# Security headers to achieve 'A' grade on https://securityheaders.com/
# See e.g https://linuxcapable.com/how-to-configure-security-headers-in-nginx/
# Depends on ngx_http_headers_more_filter_module.so
#
# These are valid restrictions below.
more_set_headers "X-Frame-Options: SAMEORIGIN";
more_set_headers "X-Content-Type-Options: nosniff";
more_set_headers "Referrer-Policy: no-referrer-when-downgrade";
# These are dummy restrictions (meaningless headers) below.
more_set_headers "Content-Security-Policy: img-src *";
more_set_headers "Permissions-Policy: geolocation=*";

# https://amalgjose.com/2020/05/15/how-to-set-the-allowed-url-length-for-a-nginx-request-error-code-414-uri-too-large/
#
large_client_header_buffers 4 32k;

# https://serverfault.com/questions/602201/nginx-possible-bug-with-dashes-in-server-name
# https://trac.nginx.org/nginx/ticket/571
#
#server_names_hash_bucket_size 64;