From a6ed1611f307c46db1b54e8ad646ee897e75635e Mon Sep 17 00:00:00 2001 From: colin Date: Mon, 11 Nov 2024 10:44:17 -0500 Subject: [PATCH] Update docker/resume/nginx.conf --- docker/resume/nginx.conf | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/docker/resume/nginx.conf b/docker/resume/nginx.conf index 12af2d7..e7b842a 100644 --- a/docker/resume/nginx.conf +++ b/docker/resume/nginx.conf @@ -3,16 +3,20 @@ server { root /usr/share/nginx/html; index resume.html; - add_header Content-Security-Policy "default-src 'none'; script-src 'self' https://matomo.nixc.us https://colinknapp.com; style-src 'self' https://colinknapp.com; img-src 'self' https://matomo.nixc.us https://colinknapp.com; frame-ancestors 'self'; base-uri 'self'; form-action 'self';"; + # Add HSTS header with preload directive + add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always; + + # Other security headers add_header X-Frame-Options "SAMEORIGIN" always; add_header X-Content-Type-Options "nosniff" always; - add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; add_header Referrer-Policy "strict-origin-when-cross-origin" always; add_header Permissions-Policy "camera=(), microphone=(), geolocation=(), accelerometer=(), gyroscope=(), magnetometer=(), payment=(), usb=()" always; - add_header Cross-Origin-Embedder-Policy "require-corp" always; - add_header Cross-Origin-Resource-Policy "same-origin" always; - add_header Cross-Origin-Opener-Policy "same-origin" always; + # Additional headers (example CSP with nonce for inline content if needed) + set $nonce $request_id; + add_header Content-Security-Policy "default-src 'none'; script-src 'self' 'nonce-$nonce' https://matomo.nixc.us; style-src 'self' 'nonce-$nonce' https://colinknapp.com; img-src 'self' https://matomo.nixc.us https://colinknapp.com; frame-ancestors 'self'; base-uri 'self'; form-action 'self';"; + + # Basic location block location / { try_files $uri $uri/ =404; }