saibotk-de/saiblog
1
0
Fork 0
Code Packages 1 Activity

Disable logs and remove unused www redirection | Add HSTS header

Browse source
This commit is contained in:
saibotk 2020-01-08 20:06:28 +01:00
parent 165a99ccc7
commit dbe38bda31
No known key found for this signature in database
GPG key ID: A3299C587D5DF523
3 changed files with 13 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
_docker/Dockerfile
View file

@ -2,6 +2,6 @@ FROM nginx:1.17-alpine
COPY ./public/ /usr/share/nginx/html/ COPY ./public/ /usr/share/nginx/html/
COPY ./_docker/default.conf ./_docker/redirect.conf /etc/nginx/conf.d/ COPY ./_docker/default.conf /etc/nginx/conf.d/
HEALTHCHECK CMD wget -O- http://127.0.0.1/status.txt | grep -q 'OK' HEALTHCHECK CMD wget -O- http://127.0.0.1/status.txt | grep -q 'OK'

13
_docker/default.conf
View file

@ -13,16 +13,27 @@ map $sent_http_content_type $expires {
proxy_cache_path /tmp/nginx-cache levels=1:2 keys_zone=STATIC:10m inactive=24h max_size=1g; proxy_cache_path /tmp/nginx-cache levels=1:2 keys_zone=STATIC:10m inactive=24h max_size=1g;
# Set HSTS if forwarded proto is https
map $http_x_forwarded_proto $hsts_header {
default "";
https "max-age=31536000; includeSubDomains;";
}
server { server {
root /usr/share/nginx/html; root /usr/share/nginx/html;
listen 80; listen 80;
server_name saibotk.de; server_name saibotk.de;
access_log off;
error_log off;
expires $expires; expires $expires;
charset UTF-8; charset UTF-8;
set_real_ip_from 172.16.0.0/12; set_real_ip_from 172.16.0.0/12;
add_header Strict-Transport-Security $hsts_header;
add_header X-Frame-Options "DENY"; add_header X-Frame-Options "DENY";
add_header Referrer-Policy "no-referrer"; add_header Referrer-Policy "no-referrer";
add_header Content-Security-Policy "default-src 'none'; script-src 'self'; img-src data: 'self'; style-src 'self' 'unsafe-inline'; font-src data: 'self'; object-src data:; base-uri 'none'; form-action 'none'; worker-src 'self'; connect-src 'self'"; add_header Content-Security-Policy "default-src 'none'; script-src 'self'; img-src data: 'self'; style-src 'self' 'unsafe-inline'; font-src data: 'self'; object-src data:; base-uri 'none'; form-action 'none'; worker-src 'self'; connect-src 'self'";
@ -34,7 +45,7 @@ server {
} }
location /rss { location /rss {
rewrite ^/rss /feed.xml redirect; rewrite ^/rss /posts/index.xml redirect;
} }
rewrite ^/(.*)/$ /$1 redirect; rewrite ^/(.*)/$ /$1 redirect;

7
_docker/redirect.conf
View file

@ -1,7 +0,0 @@
server {
listen 80;
server_name www.saibotk.de;
return 301 https://saibotk.de$request_uri;
}