From 7e50ed7598b3de37099f886544c82c02b1400072 Mon Sep 17 00:00:00 2001 From: ewilly Date: Sun, 5 Jun 2016 19:12:50 +0200 Subject: [PATCH 1/2] Update to BoZoN version 2.4 build 15 --- BoZoN-stable | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/BoZoN-stable b/BoZoN-stable index 2086f25..b73a8a0 100644 --- a/BoZoN-stable +++ b/BoZoN-stable @@ -1 +1 @@ -a5b811e54987f90c7a662d2683ddc261450441e6 +333eccfc7bae5ff5a55a4de6e373ab9ffb0ba273 From 02085005791848ddb3038b17107b310431ed8ade Mon Sep 17 00:00:00 2001 From: ewilly Date: Sun, 5 Jun 2016 20:57:07 +0200 Subject: [PATCH 2/2] Update nginx --- conf/nginx.conf | 20 +++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-) diff --git a/conf/nginx.conf b/conf/nginx.conf index 32ec6bc..8031125 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -4,18 +4,36 @@ location YNH_EXAMPLE_PATH { if ($scheme = http) { rewrite ^ https://$server_name$request_uri? permanent; } + + # Add headers to serve security related headers + add_header Strict-Transport-Security "max-age=15768000;"; + add_header X-Content-Type-Options nosniff; + add_header X-Frame-Options "SAMEORIGIN"; + add_header X-XSS-Protection "1; mode=block"; + add_header X-Robots-Tag none; + add_header X-Download-Options noopen; + add_header X-Permitted-Cross-Domain-Policies none; + + # Set max upload size client_max_body_size YNH_FILE_SIZE; + fastcgi_buffers 64 4K; + + # Disable gzip to avoid the removal of the ETag header + gzip off; index index.php; try_files $uri $uri/ index.php; location ~ [^/]\.php(/|$) { + include fastcgi_params; fastcgi_split_path_info ^(.+?\.php)(/.*)$; fastcgi_pass unix:/var/run/php5-fpm-YNH_EXAMPLE_APP.sock; fastcgi_index index.php; - include fastcgi_params; fastcgi_param REMOTE_USER $remote_user; fastcgi_param PATH_INFO $fastcgi_path_info; fastcgi_param SCRIPT_FILENAME $request_filename; + fastcgi_param HTTPS on; + fastcgi_param modHeadersAvailable true; + fastcgi_intercept_errors on; } location ~ (uploads|thumbs){