Commit 3b199a08 authored by erdnaxe's avatar erdnaxe 🦋
Browse files

HTTP headers

parent 860782dc
......@@ -10,8 +10,5 @@
recommendedOptimisation = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
commonHttpConfig = ''
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains; preload" always;
'';
};
}
......@@ -17,6 +17,12 @@ in
enableACME = true;
forceSSL = true;
root = "${bmpc}/static";
extraConfig = ''
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains; preload" always;
add_header X-Content-Type-Options nosniff;
add_header X-Frame-Options deny;
add_header X-XSS-Protection "1; mode=block";
'';
};
};
}
......@@ -3,26 +3,35 @@
{
networking.firewall.allowedTCPPorts = [ 80 443 ];
services.nginx.virtualHosts."chat.iooss.fr" = {
enableACME = true;
forceSSL = true;
root = pkgs.element-web.override {
conf = {
default_server_config = {
"m.homeserver" = {
"base_url" = "https://iooss.fr";
"server_name" = "iooss.fr";
services.nginx = {
enable = true;
virtualHosts."chat.iooss.fr" = {
enableACME = true;
forceSSL = true;
root = pkgs.element-web.override {
conf = {
default_server_config = {
"m.homeserver" = {
"base_url" = "https://iooss.fr";
"server_name" = "iooss.fr";
};
"m.identity_server".base_url = "";
};
"m.identity_server".base_url = "";
disable_3pid_login = true;
integrations_ui_url = "";
integrations_rest_url = "";
integrations_widgets_urls = [ ];
bug_report_endpoint_url = "";
showLabsSettings = true;
jitsi.preferredDomain = "jitsi.crans.org";
};
disable_3pid_login = true;
integrations_ui_url = "";
integrations_rest_url = "";
integrations_widgets_urls = [ ];
bug_report_endpoint_url = "";
showLabsSettings = true;
jitsi.preferredDomain = "jitsi.crans.org";
};
extraConfig = ''
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains; preload" always;
add_header X-Content-Type-Options nosniff;
add_header X-Frame-Options deny;
add_header X-XSS-Protection "1; mode=block";
'';
};
};
}
......@@ -28,6 +28,11 @@
enableACME = true;
forceSSL = true;
locations."/" = { proxyPass = "http://[::1]:3000"; };
extraConfig = ''
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains; preload" always;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
'';
};
};
}
......@@ -22,6 +22,9 @@
enableACME = true;
forceSSL = true;
locations."/" = { proxyPass = "http://127.0.0.1:3001"; };
extraConfig = ''
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains; preload" always;
'';
};
};
}
......@@ -7,6 +7,11 @@
enableACME = true;
forceSSL = true;
root = "/var/www/grimorio/";
extraConfig = ''
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains; preload" always;
add_header X-Content-Type-Options nosniff;
add_header X-Frame-Options deny;
'';
};
};
}
......@@ -43,6 +43,9 @@
proxyPass = "http://127.0.0.1:3003";
proxyWebsockets = true;
};
extraConfig = ''
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains; preload" always;
'';
};
};
}
......@@ -16,6 +16,12 @@
enableACME = true;
forceSSL = true;
locations."/" = { proxyPass = "http://localhost:5232"; };
extraConfig = ''
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains; preload" always;
add_header X-Content-Type-Options nosniff;
add_header X-Frame-Options deny;
add_header X-XSS-Protection "1; mode=block";
'';
};
};
}
......@@ -14,6 +14,12 @@
rev = "d06c54a164e9b14f5dcf7b0d58de89b70379c071";
sha256 = "0gmm49bqrqqn0j8n3icl4jwax893p3d7zsn25azijp8q2p07z5nv";
};
extraConfig = ''
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains; preload" always;
add_header X-Content-Type-Options nosniff;
add_header X-Frame-Options deny;
add_header X-XSS-Protection "1; mode=block";
'';
};
};
}
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment