Update nginx, configure empty security.txt
This commit is contained in:
parent
58951c5a4f
commit
157613c5bf
14 changed files with 44 additions and 34 deletions
|
@ -6,8 +6,9 @@ Alias /http-messages/ "/http-messages/"
|
|||
AddLanguage fr fr
|
||||
AddLanguage en en
|
||||
AddType text/html html
|
||||
AddType text/plain txt
|
||||
LanguagePriority en fr
|
||||
ForceLanguagePriority Fallback
|
||||
ForceLanguagePriority Prefer Fallback
|
||||
</Directory>
|
||||
|
||||
|
||||
|
|
0
install/http-messages/security.txt
Normal file
0
install/http-messages/security.txt
Normal file
5
install/nginx/inc/apache-proxy.conf
Normal file
5
install/nginx/inc/apache-proxy.conf
Normal file
|
@ -0,0 +1,5 @@
|
|||
proxy_pass http://[::1]:42999/;
|
||||
proxy_ignore_client_abort on;
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Host $host;
|
||||
proxy_redirect http://$host:42999/ /;
|
|
@ -4,6 +4,6 @@ fastcgi_param REQUEST_METHOD $request_method;
|
|||
fastcgi_param CONTENT_TYPE $content_type;
|
||||
fastcgi_param CONTENT_LENGTH $content_length;
|
||||
|
||||
# Required by ServNest
|
||||
# Required by the ServNest interface
|
||||
fastcgi_param REQUEST_URI $request_uri;
|
||||
fastcgi_param SERVER_NAME $server_name;
|
||||
|
|
|
@ -1,11 +1,7 @@
|
|||
recursive_error_pages on;
|
||||
# Error pages are managed by Apache
|
||||
|
||||
location /http-messages {
|
||||
proxy_pass http://[::1]:42999;
|
||||
proxy_ignore_client_abort on;
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Host $host;
|
||||
proxy_redirect http://$host:42999/ /;
|
||||
include inc/apache-proxy.conf;
|
||||
}
|
||||
|
||||
error_page 400 /http-messages/400;
|
||||
|
@ -18,3 +14,16 @@ error_page 500 /http-messages/500;
|
|||
error_page 502 /http-messages/502;
|
||||
error_page 503 /http-messages/503;
|
||||
error_page 504 /http-messages/504;
|
||||
|
||||
recursive_error_pages on;
|
||||
|
||||
# security.txt
|
||||
|
||||
location = /security.txt {
|
||||
return 301 /.well-known/security.txt;
|
||||
}
|
||||
|
||||
location = /.well-known/security.txt {
|
||||
root /srv/servnest/ht/http-messages/;
|
||||
try_files /security.txt =500;
|
||||
}
|
|
@ -1,4 +1,4 @@
|
|||
include inc/errors.conf;
|
||||
include inc/messages.conf;
|
||||
|
||||
more_clear_headers "Set-Cookie";
|
||||
more_clear_input_headers "Cookie";
|
||||
|
@ -6,9 +6,5 @@ more_clear_input_headers "Cookie";
|
|||
more_set_headers "Content-Security-Policy : default-src 'none'; style-src 'self' 'unsafe-inline' data:; img-src 'self' data:; font-src 'self' data:; media-src 'self' data:; frame-ancestors 'none'; form-action 'none';";
|
||||
|
||||
location / {
|
||||
proxy_pass http://[::1]:42999/;
|
||||
proxy_ignore_client_abort on;
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Host $host;
|
||||
proxy_redirect http://$host:42999/ /;
|
||||
include inc/apache-proxy.conf;
|
||||
}
|
|
@ -8,12 +8,6 @@ events {
|
|||
}
|
||||
|
||||
http {
|
||||
types_hash_bucket_size 128;
|
||||
types_hash_max_size 1024;
|
||||
server_names_hash_bucket_size 128;
|
||||
|
||||
absolute_redirect off;
|
||||
|
||||
# Performance optimisation
|
||||
sendfile on;
|
||||
tcp_nopush on;
|
||||
|
@ -61,5 +55,6 @@ http {
|
|||
|
||||
# Include other configuration
|
||||
include sites/*.conf;
|
||||
include /srv/servnest/nginx/*.conf;
|
||||
|
||||
absolute_redirect off;
|
||||
}
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
# DNS+TLS site access
|
||||
# Dedicated DNS+TLS access
|
||||
|
||||
server {
|
||||
listen [::1]:42443 ssl http2 default_server;
|
||||
listen 127.0.0.1:42443 ssl http2 default_server;
|
||||
|
@ -6,5 +7,5 @@ server {
|
|||
ssl_certificate /etc/ssl/certs/${ssl_server_name}.crt;
|
||||
ssl_certificate_key /etc/ssl/private/${ssl_server_name}.key;
|
||||
|
||||
include inc/proxy.conf;
|
||||
include inc/serve-static.conf;
|
||||
}
|
||||
|
|
|
@ -8,9 +8,9 @@ server {
|
|||
|
||||
root /srv/servnest/core;
|
||||
|
||||
include inc/errors.conf;
|
||||
include inc/messages.conf;
|
||||
|
||||
more_set_headers "Content-Security-Policy : default-src 'none'; style-src 'self'; frame-ancestors 'none'; form-action 'self';";
|
||||
more_set_headers "Content-Security-Policy : default-src 'none'; style-src 'self'; frame-ancestors 'none'; form-action 'self'; base-uri 'none';";
|
||||
|
||||
# Main ServNest interface
|
||||
location / {
|
||||
|
|
|
@ -4,14 +4,17 @@ server {
|
|||
listen [::1]:42080 default_server;
|
||||
listen 127.0.0.1:42080 default_server;
|
||||
|
||||
include inc/errors.conf;
|
||||
|
||||
location / {
|
||||
return 403; # Don't allow unsecure HTTP requests
|
||||
}
|
||||
|
||||
error_page 403 /http-messages/unsecure;
|
||||
|
||||
location /http-messages {
|
||||
include inc/apache-proxy.conf;
|
||||
}
|
||||
|
||||
# To get TLS certificates
|
||||
location /.well-known/acme-challenge {
|
||||
root /srv/servnest/acme/;
|
||||
}
|
|
@ -1,6 +1,6 @@
|
|||
# Onion service site access
|
||||
# Dedicated Onion service access
|
||||
server {
|
||||
listen [::1]:9080 default_server;
|
||||
|
||||
include inc/proxy.conf;
|
||||
include inc/serve-static.conf;
|
||||
}
|
||||
|
|
|
@ -5,7 +5,7 @@ server {
|
|||
|
||||
root /srv/servnest/core;
|
||||
|
||||
include inc/errors.conf;
|
||||
include inc/messages.conf;
|
||||
|
||||
location / {
|
||||
try_files /sftpgo-auth.php =500;
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
# Maps subdomain to filesystem subpath
|
||||
# Subdomain access
|
||||
|
||||
server {
|
||||
listen [::1]:42443 ssl http2;
|
||||
|
@ -8,5 +8,5 @@ server {
|
|||
ssl_certificate /etc/ssl/certs/wildcard.ht.servnest.test.crt;
|
||||
ssl_certificate_key /etc/ssl/private/wildcard.ht.servnest.test.key;
|
||||
|
||||
include inc/proxy.conf;
|
||||
include inc/serve-static.conf;
|
||||
}
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
# Maps HTTP subpath to filesystem subpath
|
||||
# Subpath access
|
||||
|
||||
server {
|
||||
listen [::1]:42443 ssl http2;
|
||||
|
@ -8,5 +8,5 @@ server {
|
|||
ssl_certificate /etc/ssl/certs/ht.servnest.test.crt;
|
||||
ssl_certificate_key /etc/ssl/private/ht.servnest.test.key;
|
||||
|
||||
include inc/proxy.conf;
|
||||
include inc/serve-static.conf;
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue