github
/
nginxconfig.io
mirror of https://github.com/digitalocean/nginxconfig.io
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

added security.conf with higher precedence 

fixes again #88
pull/103/head
Bálint Szekeres 2019-05-22 19:31:08 +02:00
parent 9a15dcb7ca
commit 7fedd0a9db
4 changed files with 39 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
public/index.html
View File

@ -1065,6 +1065,15 @@
<pre><code class="nginx" ng-include="'templates/conf/nginxconfig.io/letsencrypt.conf.html?v=COMMIT_HASH'" onload="refreshHighlighting()"></code></pre>
</div><div id="file-letsencrypt" class="code highlighted"></div>
</section>
<section class="col-xl-6 grid-item file" ng-if="isModularized()" ng-cloak>
<strong>/etc/nginx/nginxconfig.io/security.conf</strong>
<button class="btn btn-light btn-clipboard" ngclipboard data-clipboard-target="#file-security" ngclipboard-success="clipboardSuccess('security.conf')">
<img src="assets/img/clipboard-dark.svg" alt="Copy to clipboard">
</button>
<div class="code source" data-filename="nginxconfig.io/security.conf">
<pre><code class="nginx" ng-include="'templates/conf/nginxconfig.io/security.conf.html?v=COMMIT_HASH'" onload="refreshHighlighting()"></code></pre>
</div><div id="file-security" class="code highlighted"></div>
</section>
<section class="col-xl-6 grid-item file" ng-if="isModularized()" ng-cloak>
<strong>/etc/nginx/nginxconfig.io/general.conf</strong>
<button class="btn btn-light btn-clipboard" ngclipboard data-clipboard-target="#file-general" ngclipboard-success="clipboardSuccess('general.conf')">

17
public/templates/conf/nginxconfig.io/general.conf.html
View File

@ -1,20 +1,3 @@
# security headers
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header X-Content-Type-Options "nosniff" always;
add_header Referrer-Policy "{{ data.referrer_policy }}" always;<!--
✔ CSP --><span ng-if="isCSP()">
add_header Content-Security-Policy "{{ data.content_security_policy }}" always;</span><!--
✔ HSTS--><span ng-if="hasCommonHSTS()">
add_header Strict-Transport-Security "max-age=31536000{{ isHSTSSubdomains() ? '; includeSubDomains' : '' }}{{ isHSTSPreload() ? '; preload' : '' }}" always;</span>
# . files
location ~ /\.(?!well-known) {
deny all;
}
# favicon.ico
location = /favicon.ico {
log_not_found off;<!--

16
public/templates/conf/nginxconfig.io/security.conf.html Normal file
View File

@ -0,0 +1,16 @@
# security headers
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header X-Content-Type-Options "nosniff" always;
add_header Referrer-Policy "{{ data.referrer_policy }}" always;<!--
✔ CSP --><span ng-if="isCSP()">
add_header Content-Security-Policy "{{ data.content_security_policy }}" always;</span><!--
✔ HSTS--><span ng-if="hasCommonHSTS()">
add_header Strict-Transport-Security "max-age=31536000{{ isHSTSSubdomains() ? '; includeSubDomains' : '' }}{{ isHSTSPreload() ? '; preload' : '' }}" always;</span>
# . files
location ~ /\.(?!well-known) {
deny all;
}

14
public/templates/conf/sites-available/example.com.conf.html
View File

@ -37,6 +37,19 @@ server {<!--
# HSTS
add_header Strict-Transport-Security "max-age=31536000{{ isHSTSSubdomains(_site) ? '; includeSubDomains' : '' }}{{ isHSTSPreload(_site) ? '; preload' : '' }}" always;</span><!--
✔ modularized --><span ng-if="isModularized()">
# security
include nginxconfig.io/security.conf;</span><!--
✔ unified --><span ng-if="isUnified()"><!--
-->
<!--
--><ng-include ng-include-tabs="2" src="'templates/conf/nginxconfig.io/security.conf.html?v=COMMIT_HASH'" onload="refreshHighlighting()"></ng-include></span><!--
✔ access log domain || error log domain --><span ng-if="isAccessLogDomain(_site) || isErrorLogDomain(_site)">
# logging<!--
@ -119,6 +132,7 @@ server {<!--
✔ modularized --><span ng-if="isModularized()">
# additional config
include nginxconfig.io/general.conf;</span><!--
✔ modularized && ✔ WordPress --><span ng-if="isModularized() && isWordPress(_site)">