Add some headers like HSTS.
This commit is contained in:
parent
623da8a581
commit
e3d52c2943
@ -5,6 +5,7 @@ RUN addgroup web && adduser -D -G web web && install -d -D -o web -g web -m 700
|
||||
RUN ln -sf /dev/stdout /var/log/nginx/access.log && ln -sf /dev/stderr /var/log/nginx/error.log
|
||||
|
||||
COPY --chown=web:web docker/server/nginx.conf /srv/http
|
||||
COPY --chown=web:web docker/server/headers.include /srv/http
|
||||
COPY --chown=web:web static/ /srv/http/public/
|
||||
|
||||
ENTRYPOINT ["/usr/sbin/nginx", "-c", "/srv/http/nginx.conf", "-e", "stderr", "-g", "daemon off;"]
|
||||
|
12
docker/server/headers.include
Normal file
12
docker/server/headers.include
Normal file
@ -0,0 +1,12 @@
|
||||
# Enable HTTP Strict Transport Security (HSTS) to force clients to
|
||||
# always connect via HTTPS (do not use if only testing)
|
||||
add_header Strict-Transport-Security "max-age=31536000;" always;
|
||||
# Enable cross-site filter (XSS) and tell browser to block detected
|
||||
# attacks
|
||||
add_header X-XSS-Protection "1; mode=block" always;
|
||||
# Prevent some browsers from MIME-sniffing a response away from the
|
||||
# declared Content-Type
|
||||
add_header X-Content-Type-Options "nosniff" always;
|
||||
# Disallow the site to be rendered within a frame (clickjacking
|
||||
# protection)
|
||||
add_header X-Frame-Options "DENY" always;
|
@ -19,6 +19,8 @@ http {
|
||||
sendfile on;
|
||||
tcp_nopush on;
|
||||
|
||||
include headers.include;
|
||||
|
||||
server {
|
||||
listen 8080;
|
||||
root /srv/http/public;
|
||||
|
Loading…
Reference in New Issue
Block a user