gensokyo-zone/infrastructure
1
0
Fork 0
mirror of https://github.com/gensokyo-zone/infrastructure.git synced 2026-02-09 04:19:19 -08:00
Code Issues Projects Releases Packages Wiki Activity Actions

refactor(nginx): headers and proxy vars

Browse source
This commit is contained in:
arcnmx 2024-04-23 11:20:19 -07:00
parent 692d3aacbd
commit 418caefe64
6 changed files with 154 additions and 37 deletions
Download patch file Download diff file Expand all files Collapse all files

16
nixos/nginx.nix
View file

@ -16,19 +16,21 @@ with lib; {
recommendedOptimisation = true;
recommendedProxySettings = true;
recommendedTlsSettings = false;
headers.set = {
Referrer-Policy = mkDefault "origin-when-cross-origin";
#Strict-Transport-Security = "$hsts_header";
#Content-Security-Policy = ''"script-src 'self'; object-src 'none'; base-uri 'none';" always'';
#X-Frame-Options = "DENY";
#X-Content-Type-Options = "nosniff";
#X-XSS-Protection = "1; mode=block";
};
commonHttpConfig = ''
map $scheme $hsts_header {
https "max-age=31536000; includeSubdomains; preload";
}
#add_header Strict-Transport-Security $hsts_header;
#add_header Content-Security-Policy "script-src 'self'; object-src 'none'; base-uri 'none';" always;
add_header 'Referrer-Policy' 'origin-when-cross-origin';
#add_header X-Frame-Options DENY;
#add_header X-Content-Type-Options nosniff;
#add_header X-XSS-Protection "1; mode=block";
#proxy_cookie_path / "/; secure; HttpOnly; SameSite=strict";
'';
clientMaxBodySize = "512m";
clientMaxBodySize = mkDefault "512m";
virtualHosts.fallback = {
serverName = null;
default = mkDefault true;