jean-cloud-services/services/karnaval.fr/nginx_server.conf

25 lines
1.2 KiB
Plaintext
Raw Permalink Normal View History

2023-09-07 17:50:05 +00:00
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
2023-10-31 15:42:06 +00:00
ssl_certificate $JC_CERT/fullchain.pem;
ssl_certificate_key $JC_CERT/privkey.pem;
2023-09-07 17:50:05 +00:00
server_name karnaval.fr www.karnaval.fr;
root $HTTP_DIR/;
# Security headers
# We can create a file with the base security headers and include it.
# Will it be possible to overload them then ?
#add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
#add_header Content-Security-Policy "default-src 'none';frame-ancestors 'none'; img-src 'self'; font-src 'self'; object-src 'none'; base-uri 'self'; form-action 'self';" always;
add_header X-Content-Type-Options "nosniff";
add_header X-Frame-Options SAMEORIGIN always;
add_header X-XSS-Protection "1; mode=block" always;
add_header Referrer-Policy "strict-origin-when-cross-origin";
add_header Permissions-Policy "geolocation='none';midi='none';notifications='none';push='none';sync-xhr='https://mailer.karnaval.fr';microphone='none';camera='none';magnetometer='none';gyroscope='none';speaker='self';vibrate='none';fullscreen='self';payment='none';";
location / {
index index.html;
try_files $uri $uri/ =404;
}
}