From 37239ac18a6207f654f2158ca95454ec66dd5eed Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Motiejus=20Jak=C5=A1tys?= Date: Sat, 24 Aug 2024 16:27:29 +0300 Subject: [PATCH] more observatory headers https://developer.mozilla.org/en-US/observatory/analyze?host=git.jakstys.lt --- hosts/fwminex/configuration.nix | 15 ++++++++------- modules/services/gitea/default.nix | 8 ++++++++ 2 files changed, 16 insertions(+), 7 deletions(-) diff --git a/hosts/fwminex/configuration.nix b/hosts/fwminex/configuration.nix index 6a3634f..4aaaaa4 100644 --- a/hosts/fwminex/configuration.nix +++ b/hosts/fwminex/configuration.nix @@ -244,14 +244,15 @@ in encode gzip ''; "jakstys.lt".extraConfig = '' - header Strict-Transport-Security "max-age=31536000" - header Content-Security-Policy "default-src 'self'" - header X-Content-Type-Options "nosniff" - header Content-Security-Policy "frame-ancestors 'none'" - header X-Frame-Options "DENY" + header { + Strict-Transport-Security "max-age=2592000" + Content-Security-Policy "default-src 'self'" + X-Content-Type-Options "nosniff" + Content-Security-Policy "frame-ancestors 'none'" + X-Frame-Options "DENY" - - header /_/* Cache-Control "public, max-age=31536000, immutable" + /_/* Cache-Control "public, max-age=31536000, immutable" + } root * /var/www/jakstys.lt file_server { diff --git a/modules/services/gitea/default.nix b/modules/services/gitea/default.nix index 1a02463..8b04191 100644 --- a/modules/services/gitea/default.nix +++ b/modules/services/gitea/default.nix @@ -85,6 +85,14 @@ } } + header { + Strict-Transport-Security "max-age=2592000" + Content-Security-Policy "default-src 'self'" + X-Content-Type-Options "nosniff" + Content-Security-Policy "frame-ancestors 'none'" + X-Frame-Options "DENY" + } + reverse_proxy 127.0.0.1:${toString myData.ports.gitea} ''; };