summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJohannes Löthberg <johannes@kyriasis.com>2019-05-30 17:35:41 +0200
committerJohannes Löthberg <johannes@kyriasis.com>2019-05-30 17:35:41 +0200
commit616fd3160ebeb80b12e5fc826b10e32abd96bbd8 (patch)
tree42147f98f7efc070ab674a20e96781a415db7a2e
parent9d68fa9d27f53815d2b66b9cd3dd4d54636c3ee3 (diff)
downloadpillar-616fd3160ebeb80b12e5fc826b10e32abd96bbd8.tar.xz
repsys: use security headers snippet
Signed-off-by: Johannes Löthberg <johannes@kyriasis.com>
-rw-r--r--nginx/repsys_kyriasis_com.sls15
1 files changed, 3 insertions, 12 deletions
diff --git a/nginx/repsys_kyriasis_com.sls b/nginx/repsys_kyriasis_com.sls
index e2e7a65..f42de25 100644
--- a/nginx/repsys_kyriasis_com.sls
+++ b/nginx/repsys_kyriasis_com.sls
@@ -9,6 +9,8 @@ nginx:
- listen: 80
- listen: '[::]:80'
+ - include: snippets/security_headers.conf
+
- location /.well-known/acme-challenge:
- root: /srv/http
@@ -30,18 +32,7 @@ nginx:
- ssl_stapling_verify: 'on'
- ssl_trusted_certificate: /etc/letsencrypt/live/repsys.kyriasis.com/fullchain.pem
- # https://developer.mozilla.org/en-US/docs/Security/HTTP_Strict_Transport_Security
- - add_header: 'Strict-Transport-Security "max-age=31536000"'
-
- # Tell browsers not to render the page inside a frame, and avoid clickjacking.
- - add_header: X-Frame-Options SAMEORIGIN
-
- # Tell browsers to not try to auto-detect the Content-Type.
- - add_header: X-Content-Type-Options nosniff
-
- # Enable the Cross-site scripting filter in most recent browsers.
- # Normally enabled by default, but enable it anyway if user has disabled it.
- - add_header: 'X-XSS-Protection "1; mode=block"'
+ - include: snippets/security_headers.conf
# http://www.gnuterrypratchett.com/
- add_header: 'X-Clacks-Overhead "GNU Terry Pratchett"'