add docker support

author: iCrawl <[email protected]> 2020-12-24 20:16:00 +0100
committer: iCrawl <[email protected]> 2020-12-26 21:00:53 +0100
commit: 5d2d46d8dca912614d6893a9f3ff30a487e76a77 (patch)
tree: 7d45769f3c88aa6346483abcaa4370f67fced603 /docker/nginx/nginxconfig.io/security.conf
parent: Merge pull request #230 from WeebDev/fix/chunk-uploads (diff)
download: host.fuwn.me-5d2d46d8dca912614d6893a9f3ff30a487e76a77.tar.xz
host.fuwn.me-5d2d46d8dca912614d6893a9f3ff30a487e76a77.zip
1 files changed, 12 insertions, 0 deletions
diff --git a/docker/nginx/nginxconfig.io/security.conf b/docker/nginx/nginxconfig.io/security.conf
new file mode 100644
index 0000000..03b1ef6
--- /dev/null
+++ b/docker/nginx/nginxconfig.io/security.conf
@@ -0,0 +1,12 @@
+# security headers
+add_header X-Frame-Options           "SAMEORIGIN" always;
+add_header X-XSS-Protection          "1; mode=block" always;
+add_header X-Content-Type-Options    "nosniff" always;
+add_header Referrer-Policy           "no-referrer-when-downgrade" always;
+add_header Content-Security-Policy   "default-src 'self' http: https: data: blob: 'unsafe-inline' 'unsafe-eval'" always;
+add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
+
+# . files
+location ~ /\.(?!well-known) {
+    deny all;
+}
author	iCrawl <[email protected]>	2020-12-24 20:16:00 +0100
committer	iCrawl <[email protected]>	2020-12-26 21:00:53 +0100
commit	5d2d46d8dca912614d6893a9f3ff30a487e76a77 (patch)
tree	7d45769f3c88aa6346483abcaa4370f67fced603 /docker/nginx/nginxconfig.io/security.conf
parent	Merge pull request #230 from WeebDev/fix/chunk-uploads (diff)
download	host.fuwn.me-5d2d46d8dca912614d6893a9f3ff30a487e76a77.tar.xz host.fuwn.me-5d2d46d8dca912614d6893a9f3ff30a487e76a77.zip