Kovács Zoltán
6d9394e62d
* new dependency: libnginx-mod-http-headers-more-filter * security headers in _general.conf (inherited to all vhosts) * scheme-dependent Strict-Transport-Security header in nginx.conf
30 lines
1.2 KiB
Plaintext
30 lines
1.2 KiB
Plaintext
# NGINX general configuration for Docker services.
|
|
# Uses ngx_http_headers_more_filter_module to inherit the security headers.
|
|
# Note, this is not a really restrictive policy!
|
|
# Feel free to customize the particular vhost definitions.
|
|
|
|
# Doesn't explore unnecessary info.
|
|
#
|
|
server_tokens off;
|
|
|
|
# Security headers to achieve 'A' grade on https://securityheaders.com/
|
|
# See e.g https://linuxcapable.com/how-to-configure-security-headers-in-nginx/
|
|
# Depends on ngx_http_headers_more_filter_module.so
|
|
#
|
|
# These are valid restrictions below.
|
|
more_set_headers "X-Frame-Options: SAMEORIGIN";
|
|
more_set_headers "X-Content-Type-Options: nosniff";
|
|
more_set_headers "Referrer-Policy: no-referrer-when-downgrade";
|
|
# These are dummy restrictions (meaningless headers) below.
|
|
more_set_headers "Content-Security-Policy: img-src *";
|
|
more_set_headers "Permissions-Policy: geolocation=*";
|
|
|
|
# https://amalgjose.com/2020/05/15/how-to-set-the-allowed-url-length-for-a-nginx-request-error-code-414-uri-too-large/
|
|
#
|
|
large_client_header_buffers 4 32k;
|
|
|
|
# https://serverfault.com/questions/602201/nginx-possible-bug-with-dashes-in-server-name
|
|
# https://trac.nginx.org/nginx/ticket/571
|
|
#
|
|
#server_names_hash_bucket_size 64;
|