Update nginx, configure empty security.txt
This commit is contained in:
parent
58951c5a4f
commit
157613c5bf
|
@ -6,8 +6,9 @@ Alias /http-messages/ "/http-messages/"
|
||||||
AddLanguage fr fr
|
AddLanguage fr fr
|
||||||
AddLanguage en en
|
AddLanguage en en
|
||||||
AddType text/html html
|
AddType text/html html
|
||||||
|
AddType text/plain txt
|
||||||
LanguagePriority en fr
|
LanguagePriority en fr
|
||||||
ForceLanguagePriority Fallback
|
ForceLanguagePriority Prefer Fallback
|
||||||
</Directory>
|
</Directory>
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -0,0 +1,5 @@
|
||||||
|
proxy_pass http://[::1]:42999/;
|
||||||
|
proxy_ignore_client_abort on;
|
||||||
|
proxy_http_version 1.1;
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
proxy_redirect http://$host:42999/ /;
|
|
@ -4,6 +4,6 @@ fastcgi_param REQUEST_METHOD $request_method;
|
||||||
fastcgi_param CONTENT_TYPE $content_type;
|
fastcgi_param CONTENT_TYPE $content_type;
|
||||||
fastcgi_param CONTENT_LENGTH $content_length;
|
fastcgi_param CONTENT_LENGTH $content_length;
|
||||||
|
|
||||||
# Required by ServNest
|
# Required by the ServNest interface
|
||||||
fastcgi_param REQUEST_URI $request_uri;
|
fastcgi_param REQUEST_URI $request_uri;
|
||||||
fastcgi_param SERVER_NAME $server_name;
|
fastcgi_param SERVER_NAME $server_name;
|
||||||
|
|
|
@ -1,11 +1,7 @@
|
||||||
recursive_error_pages on;
|
# Error pages are managed by Apache
|
||||||
|
|
||||||
location /http-messages {
|
location /http-messages {
|
||||||
proxy_pass http://[::1]:42999;
|
include inc/apache-proxy.conf;
|
||||||
proxy_ignore_client_abort on;
|
|
||||||
proxy_http_version 1.1;
|
|
||||||
proxy_set_header Host $host;
|
|
||||||
proxy_redirect http://$host:42999/ /;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
error_page 400 /http-messages/400;
|
error_page 400 /http-messages/400;
|
||||||
|
@ -18,3 +14,16 @@ error_page 500 /http-messages/500;
|
||||||
error_page 502 /http-messages/502;
|
error_page 502 /http-messages/502;
|
||||||
error_page 503 /http-messages/503;
|
error_page 503 /http-messages/503;
|
||||||
error_page 504 /http-messages/504;
|
error_page 504 /http-messages/504;
|
||||||
|
|
||||||
|
recursive_error_pages on;
|
||||||
|
|
||||||
|
# security.txt
|
||||||
|
|
||||||
|
location = /security.txt {
|
||||||
|
return 301 /.well-known/security.txt;
|
||||||
|
}
|
||||||
|
|
||||||
|
location = /.well-known/security.txt {
|
||||||
|
root /srv/servnest/ht/http-messages/;
|
||||||
|
try_files /security.txt =500;
|
||||||
|
}
|
|
@ -1,4 +1,4 @@
|
||||||
include inc/errors.conf;
|
include inc/messages.conf;
|
||||||
|
|
||||||
more_clear_headers "Set-Cookie";
|
more_clear_headers "Set-Cookie";
|
||||||
more_clear_input_headers "Cookie";
|
more_clear_input_headers "Cookie";
|
||||||
|
@ -6,9 +6,5 @@ more_clear_input_headers "Cookie";
|
||||||
more_set_headers "Content-Security-Policy : default-src 'none'; style-src 'self' 'unsafe-inline' data:; img-src 'self' data:; font-src 'self' data:; media-src 'self' data:; frame-ancestors 'none'; form-action 'none';";
|
more_set_headers "Content-Security-Policy : default-src 'none'; style-src 'self' 'unsafe-inline' data:; img-src 'self' data:; font-src 'self' data:; media-src 'self' data:; frame-ancestors 'none'; form-action 'none';";
|
||||||
|
|
||||||
location / {
|
location / {
|
||||||
proxy_pass http://[::1]:42999/;
|
include inc/apache-proxy.conf;
|
||||||
proxy_ignore_client_abort on;
|
|
||||||
proxy_http_version 1.1;
|
|
||||||
proxy_set_header Host $host;
|
|
||||||
proxy_redirect http://$host:42999/ /;
|
|
||||||
}
|
}
|
|
@ -8,12 +8,6 @@ events {
|
||||||
}
|
}
|
||||||
|
|
||||||
http {
|
http {
|
||||||
types_hash_bucket_size 128;
|
|
||||||
types_hash_max_size 1024;
|
|
||||||
server_names_hash_bucket_size 128;
|
|
||||||
|
|
||||||
absolute_redirect off;
|
|
||||||
|
|
||||||
# Performance optimisation
|
# Performance optimisation
|
||||||
sendfile on;
|
sendfile on;
|
||||||
tcp_nopush on;
|
tcp_nopush on;
|
||||||
|
@ -61,5 +55,6 @@ http {
|
||||||
|
|
||||||
# Include other configuration
|
# Include other configuration
|
||||||
include sites/*.conf;
|
include sites/*.conf;
|
||||||
include /srv/servnest/nginx/*.conf;
|
|
||||||
|
absolute_redirect off;
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,4 +1,5 @@
|
||||||
# DNS+TLS site access
|
# Dedicated DNS+TLS access
|
||||||
|
|
||||||
server {
|
server {
|
||||||
listen [::1]:42443 ssl http2 default_server;
|
listen [::1]:42443 ssl http2 default_server;
|
||||||
listen 127.0.0.1:42443 ssl http2 default_server;
|
listen 127.0.0.1:42443 ssl http2 default_server;
|
||||||
|
@ -6,5 +7,5 @@ server {
|
||||||
ssl_certificate /etc/ssl/certs/${ssl_server_name}.crt;
|
ssl_certificate /etc/ssl/certs/${ssl_server_name}.crt;
|
||||||
ssl_certificate_key /etc/ssl/private/${ssl_server_name}.key;
|
ssl_certificate_key /etc/ssl/private/${ssl_server_name}.key;
|
||||||
|
|
||||||
include inc/proxy.conf;
|
include inc/serve-static.conf;
|
||||||
}
|
}
|
||||||
|
|
|
@ -8,9 +8,9 @@ server {
|
||||||
|
|
||||||
root /srv/servnest/core;
|
root /srv/servnest/core;
|
||||||
|
|
||||||
include inc/errors.conf;
|
include inc/messages.conf;
|
||||||
|
|
||||||
more_set_headers "Content-Security-Policy : default-src 'none'; style-src 'self'; frame-ancestors 'none'; form-action 'self';";
|
more_set_headers "Content-Security-Policy : default-src 'none'; style-src 'self'; frame-ancestors 'none'; form-action 'self'; base-uri 'none';";
|
||||||
|
|
||||||
# Main ServNest interface
|
# Main ServNest interface
|
||||||
location / {
|
location / {
|
||||||
|
|
|
@ -4,14 +4,17 @@ server {
|
||||||
listen [::1]:42080 default_server;
|
listen [::1]:42080 default_server;
|
||||||
listen 127.0.0.1:42080 default_server;
|
listen 127.0.0.1:42080 default_server;
|
||||||
|
|
||||||
include inc/errors.conf;
|
|
||||||
|
|
||||||
location / {
|
location / {
|
||||||
return 403; # Don't allow unsecure HTTP requests
|
return 403; # Don't allow unsecure HTTP requests
|
||||||
}
|
}
|
||||||
|
|
||||||
error_page 403 /http-messages/unsecure;
|
error_page 403 /http-messages/unsecure;
|
||||||
|
|
||||||
|
location /http-messages {
|
||||||
|
include inc/apache-proxy.conf;
|
||||||
|
}
|
||||||
|
|
||||||
|
# To get TLS certificates
|
||||||
location /.well-known/acme-challenge {
|
location /.well-known/acme-challenge {
|
||||||
root /srv/servnest/acme/;
|
root /srv/servnest/acme/;
|
||||||
}
|
}
|
|
@ -1,6 +1,6 @@
|
||||||
# Onion service site access
|
# Dedicated Onion service access
|
||||||
server {
|
server {
|
||||||
listen [::1]:9080 default_server;
|
listen [::1]:9080 default_server;
|
||||||
|
|
||||||
include inc/proxy.conf;
|
include inc/serve-static.conf;
|
||||||
}
|
}
|
||||||
|
|
|
@ -5,7 +5,7 @@ server {
|
||||||
|
|
||||||
root /srv/servnest/core;
|
root /srv/servnest/core;
|
||||||
|
|
||||||
include inc/errors.conf;
|
include inc/messages.conf;
|
||||||
|
|
||||||
location / {
|
location / {
|
||||||
try_files /sftpgo-auth.php =500;
|
try_files /sftpgo-auth.php =500;
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
# Maps subdomain to filesystem subpath
|
# Subdomain access
|
||||||
|
|
||||||
server {
|
server {
|
||||||
listen [::1]:42443 ssl http2;
|
listen [::1]:42443 ssl http2;
|
||||||
|
@ -8,5 +8,5 @@ server {
|
||||||
ssl_certificate /etc/ssl/certs/wildcard.ht.servnest.test.crt;
|
ssl_certificate /etc/ssl/certs/wildcard.ht.servnest.test.crt;
|
||||||
ssl_certificate_key /etc/ssl/private/wildcard.ht.servnest.test.key;
|
ssl_certificate_key /etc/ssl/private/wildcard.ht.servnest.test.key;
|
||||||
|
|
||||||
include inc/proxy.conf;
|
include inc/serve-static.conf;
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
# Maps HTTP subpath to filesystem subpath
|
# Subpath access
|
||||||
|
|
||||||
server {
|
server {
|
||||||
listen [::1]:42443 ssl http2;
|
listen [::1]:42443 ssl http2;
|
||||||
|
@ -8,5 +8,5 @@ server {
|
||||||
ssl_certificate /etc/ssl/certs/ht.servnest.test.crt;
|
ssl_certificate /etc/ssl/certs/ht.servnest.test.crt;
|
||||||
ssl_certificate_key /etc/ssl/private/ht.servnest.test.key;
|
ssl_certificate_key /etc/ssl/private/ht.servnest.test.key;
|
||||||
|
|
||||||
include inc/proxy.conf;
|
include inc/serve-static.conf;
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue