nginx path hardening - dotfiles - Unnamed repository; edit this file 'description' to name the repository.

commit e09dde903b902b60a186c9678aa89d11159dc28b (tree)
parent 85c2e46b4831beb055dc6d732ada5f70dbcfe5eb
Author: Motiejus Jakštys <desired.mta@gmail.com>
Date:   Mon, 13 Apr 2020 09:25:47 +0300

nginx path hardening

Diffstat:
M root/iot3/etc/systemd/system/nginx.service.d/hardening.conf  | 4 ++++

1 file changed, 4 insertions(+), 0 deletions(-)
diff --git a/root/iot3/etc/systemd/system/nginx.service.d/hardening.conf b/root/iot3/etc/systemd/system/nginx.service.d/hardening.conf
@@ -20,4 +20,8 @@ SystemCallArchitectures=native
 BindPaths=/run
 BindPaths=/var/log/nginx
 BindPaths=/var/lib/nginx
+
+TemporaryFileSystem=/bigdisk
+TemporaryFileSystem=/home
+BindReadOnlyPaths=/bigdisk/public_html
 BindReadOnlyPaths=/home/motiejus/.dotfiles/root/nginx/

	dotfiles Unnamed repository; edit this file 'description' to name the repository.
	Log \| Files \| Refs \| Submodules \| README \| LICENSE