kotovalexarian/fedihub-ansible
Archived
1
0
Fork 0
Code Activity

Fix Nginx config

Browse source
This commit is contained in:
Alex Kotov 2020-10-22 14:46:09 +05:00
parent 4fca63ee72
commit 438c859a24
Signed by: kotovalexarian
GPG key ID: 553C0EBBEB5D5F08
1 changed files with 22 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

31
roles/website/templates/nginx/website.conf
View file

@ -15,14 +15,14 @@ server {
add_header X-Content-Type-Options "nosniff" always;
add_header X-Frame-Options "SAMEORIGIN" always;
return 301 https://$host$request_uri;
return 301 https://{{ fedihub__website__host }}$request_uri;
}
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name {{ fedihub__website__host }} www.{{ fedihub__website__host }}};
server_name www.{{ fedihub__website__host }};
ssl_certificate {{ fedihub__website__nginx__ssl_cert }};
ssl_certificate_key {{ fedihub__website__nginx__ssl_key }};
@ -38,15 +38,28 @@ server {
add_header X-Content-Type-Options "nosniff" always;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header Last-Modified $date_gmt;
add_header Cache-Control 'no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';
return 301 https://{{ fedihub__website__host }}$request_uri;
}
client_max_body_size 100M;
server {
listen 443 ssl;
listen [::]:443 ssl;
if_modified_since off;
expires off;
etag off;
sendfile off;
server_name {{ fedihub__website__host }};
ssl_certificate {{ fedihub__website__nginx__ssl_cert }};
ssl_certificate_key {{ fedihub__website__nginx__ssl_key }};
set $CSP "";
set $CSP "${CSP}object-src 'none';";
set $CSP "${CSP}frame-src 'none';";
set $CSP "${CSP}connect-src 'self';";
add_header Content-Security-Policy $CSP always;
add_header Referrer-Policy "strict-origin-when-cross-origin" always;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-Frame-Options "SAMEORIGIN" always;
root {{ fedihub__website__public_dir }};
index index.html;