ADD ssl.d/globalssl.conf [ci skip]

Recommended SSL settings for all nginx sites
2025-09-10 15:34:24 +00:00 · 2019-07-04 11:29:44 +02:00 · 2019-07-04 11:29:44 +02:00 · 887213a17a
commit 887213a17a
parent 7097566f79
2 changed files with 183 additions and 0 deletions
--- a/headers.d/headers.conf
+++ b/headers.d/headers.conf
@ -0,0 +1,63 @@
+##############################################################################                                                                
+#       _  __     _                                                          #
+#      / |/ /__ _(_)__ __ __                                                 #
+#     /    / _ `/ / _ \\ \ /                                                 #
+#    /_/|_/\_, /_/_//_/_\_\                                                  #
+#       __/___/      __   ___       __     ___  __         __                #
+#      / _ )___ ____/ /  / _ )___  / /_   / _ )/ /__  ____/ /_____ ____      #
+#     / _  / _ `/ _  /  / _  / _ \/ __/  / _  / / _ \/ __/  '_/ -_) __/      #
+#    /____/\_,_/\_,_/  /____/\___/\__/  /____/_/\___/\__/_/\_\\__/_/         #
+#                                                                            #
+##############################################################################                                                                
+
+# ------------------------------------------------------------------------------
+# MIT License
+# ------------------------------------------------------------------------------
+# Copyright (c) 2017 Mitchell Krog - mitchellkrog@gmail.com
+# https://github.com/mitchellkrogza
+# ------------------------------------------------------------------------------
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to deal
+# in the Software without restriction, including without limitation the rights
+# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+# copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+# ------------------------------------------------------------------------------
+# The above copyright notice and this permission notice shall be included in all
+# copies or substantial portions of the Software.
+# ------------------------------------------------------------------------------
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.
+# ------------------------------------------------------------------------------
+
+# --------------------------------
+# Security Headers for Nginx Sites
+# --------------------------------
+
+# headers.conf
+# Global server headers configuration file.
+# Should be included in each and every server {} block.
+# These are some of the MOST important and overlooked header rules for ANY web site
+
+# To use this set of rules, add the include below into each server block.
+# add this at the very top of your server blocks before any other location rules
+# include /etc/nginx/headers.d/headers.conf;
+
+    ##
+    # Add X Headers
+    ##
+
+        add_header X-Frame-Options SAMEORIGIN;
+        add_header X-Content-Type-Options nosniff;
+        add_header X-XSS-Protection "1; mode=block";
+
+    ##
+    #Set Referrer-Policy Header
+    ##
+
+		add_header Referrer-Policy "no-referrer";