diff options
Diffstat (limited to 'files')
-rw-r--r-- | files/common/nginx-snippets/hsts.conf | 1 | ||||
-rw-r--r-- | files/common/nginx-snippets/proxy-nobuff.conf | 4 | ||||
-rw-r--r-- | files/common/nginx-snippets/security-headers.conf | 4 | ||||
-rw-r--r-- | files/common/nginx-snippets/ssl.conf | 10 |
4 files changed, 19 insertions, 0 deletions
diff --git a/files/common/nginx-snippets/hsts.conf b/files/common/nginx-snippets/hsts.conf new file mode 100644 index 00000000..4ca8396e --- /dev/null +++ b/files/common/nginx-snippets/hsts.conf @@ -0,0 +1 @@ +add_header Strict-Transport-Security max-age=15768000; diff --git a/files/common/nginx-snippets/proxy-nobuff.conf b/files/common/nginx-snippets/proxy-nobuff.conf new file mode 100644 index 00000000..b08de70c --- /dev/null +++ b/files/common/nginx-snippets/proxy-nobuff.conf @@ -0,0 +1,4 @@ +proxy_buffering off; +proxy_ignore_headers "X-Accel-Buffering"; +proxy_request_buffering off; +proxy_http_version 1.1; diff --git a/files/common/nginx-snippets/security-headers.conf b/files/common/nginx-snippets/security-headers.conf new file mode 100644 index 00000000..b94d479d --- /dev/null +++ b/files/common/nginx-snippets/security-headers.conf @@ -0,0 +1,4 @@ +add_header X-Frame-Options DENY; +add_header X-Content-Type-Options nosniff; +add_header X-XSS-Protection "1; mode=block"; +# add_header Content-Security-Policy "default-src 'none'; connect-src 'self'; img-src 'self'; script-src 'self'; style-src 'self'"; diff --git a/files/common/nginx-snippets/ssl.conf b/files/common/nginx-snippets/ssl.conf new file mode 100644 index 00000000..d187a7c0 --- /dev/null +++ b/files/common/nginx-snippets/ssl.conf @@ -0,0 +1,10 @@ +ssl_protocols TLSv1 TLSv1.1 TLSv1.2; +ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AES:!ADH:!AECDH:!MD5; +ssl_prefer_server_ciphers on; + +# openssl dhparam -out /etc/ssl/certs/dhparams.pem 2048 +ssl_dhparam /etc/ssl/dhparams.pem; + +ssl_session_cache shared:SSL:10m; +ssl_session_timeout 10m; +ssl_session_tickets off; |