YunoHost-Apps/nextcloud_ynh
1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/nextcloud_ynh.git synced 2024-09-03 19:55:57 +02:00
Code Issues Activity Actions

Update nginx.conf

Browse source
This commit is contained in:
Éric Gaspar 2023-10-08 21:22:15 +02:00
parent a7aaf2d82e
commit f3d4b149c9
1 changed files with 11 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

21
conf/nginx.conf
View file

@ -21,18 +21,9 @@ location ^~ __PATH__/ {
# Path to source
alias __INSTALL_DIR__/;
# Add headers to serve security related headers
more_set_headers "Strict-Transport-Security: max-age=15768000; includeSubDomains; preload;";
more_set_headers "Referrer-Policy: no-referrer";
more_set_headers "X-Content-Type-Options: nosniff";
more_set_headers "X-Download-Options: noopen";
more_set_headers "X-Frame-Options: SAMEORIGIN";
more_set_headers "X-Permitted-Cross-Domain-Policies: none";
more_set_headers "X-Robots-Tag: noindex, nofollow";
more_set_headers "X-XSS-Protection: 1; mode=block";
# Set max upload size
client_max_body_size 10G;
client_body_timeout 300s;
fastcgi_buffers 64 4K;
# Enable gzip but do not remove ETag headers
@ -52,6 +43,16 @@ location ^~ __PATH__/ {
# for tunning hints
client_body_buffer_size 512k;
# Add headers to serve security related headers
more_set_headers "Strict-Transport-Security: max-age=15768000; includeSubDomains; preload;";
more_set_headers "Referrer-Policy: no-referrer";
more_set_headers "X-Content-Type-Options: nosniff";
more_set_headers "X-Download-Options: noopen";
more_set_headers "X-Frame-Options: SAMEORIGIN";
more_set_headers "X-Permitted-Cross-Domain-Policies: none";
more_set_headers "X-Robots-Tag: noindex, nofollow";
more_set_headers "X-XSS-Protection: 1; mode=block";
# Remove X-Powered-By, which is an information leak
fastcgi_hide_header X-Powered-By;