diff options
| author | Matt Rude <[email protected]> | 2019-11-08 06:11:33 +0000 |
|---|---|---|
| committer | Matt Rude <[email protected]> | 2019-11-08 06:11:33 +0000 |
| commit | 25e944dac40d70b894dc6dfef3d831e3fad98cdd (patch) | |
| tree | 44c96012e8987ca0b51e6b46cdbb3d68ee56838e | |
| parent | a00a0f17252d70e5eca17ec3092bddb7c2bd6051 (diff) | |
| download | build-wkd-website-25e944dac40d70b894dc6dfef3d831e3fad98cdd.tar.gz build-wkd-website-25e944dac40d70b894dc6dfef3d831e3fad98cdd.tar.bz2 build-wkd-website-25e944dac40d70b894dc6dfef3d831e3fad98cdd.zip | |
update headers for sites
| -rw-r--r-- | lib/openpgpkey.example.com.conf | 11 |
1 files changed, 10 insertions, 1 deletions
diff --git a/lib/openpgpkey.example.com.conf b/lib/openpgpkey.example.com.conf index a328100..175a7b7 100644 --- a/lib/openpgpkey.example.com.conf +++ b/lib/openpgpkey.example.com.conf @@ -6,6 +6,7 @@ server { listen 80; listen [::]:80; server_name openpgpkey.example.com; + access_log /var/log/nginx/wkd.log mine; location '/.well-known/acme-challenge' { default_type "text/plain"; @@ -13,7 +14,7 @@ server { } location / { - return 301 https://openpgpkey.example.com$request_uri; + return 301 https://openpgpkey.example.com$request_uri; } } @@ -21,8 +22,16 @@ server { # listen 443 ssl http2; # listen [::]:443 ssl http2; # server_name openpgpkey.example.com; +# access_log /var/log/nginx/wkd.log mine; # root /var/www/openpgpkey; # +# add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always; +# add_header Expect-CT "enforce, max-age=300, report-uri=\"https://mattrude.com/expect-ct/\""; +# add_header Content-Security-Policy "default-src 'self'; script-src 'self';"; +# add_header X-XSS-Protection "1; mode=block"; +# add_header X-Content-Type-Options nosniff; +# add_header X-Frame-Options SAMEORIGIN; +# # ssl_certificate /etc/letsencrypt/live/openpgpkey.example.com/fullchain.pem; # ssl_certificate_key /etc/letsencrypt/live/openpgpkey.example.com/privkey.pem; # ssl_stapling on; |