diff options
-rw-r--r-- | lib/openpgpkey.example.com.conf | 11 |
1 files changed, 10 insertions, 1 deletions
diff --git a/lib/openpgpkey.example.com.conf b/lib/openpgpkey.example.com.conf index a328100..175a7b7 100644 --- a/lib/openpgpkey.example.com.conf +++ b/lib/openpgpkey.example.com.conf @@ -6,6 +6,7 @@ server { listen 80; listen [::]:80; server_name openpgpkey.example.com; + access_log /var/log/nginx/wkd.log mine; location '/.well-known/acme-challenge' { default_type "text/plain"; @@ -13,7 +14,7 @@ server { } location / { - return 301 https://openpgpkey.example.com$request_uri; + return 301 https://openpgpkey.example.com$request_uri; } } @@ -21,8 +22,16 @@ server { # listen 443 ssl http2; # listen [::]:443 ssl http2; # server_name openpgpkey.example.com; +# access_log /var/log/nginx/wkd.log mine; # root /var/www/openpgpkey; # +# add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always; +# add_header Expect-CT "enforce, max-age=300, report-uri=\"https://mattrude.com/expect-ct/\""; +# add_header Content-Security-Policy "default-src 'self'; script-src 'self';"; +# add_header X-XSS-Protection "1; mode=block"; +# add_header X-Content-Type-Options nosniff; +# add_header X-Frame-Options SAMEORIGIN; +# # ssl_certificate /etc/letsencrypt/live/openpgpkey.example.com/fullchain.pem; # ssl_certificate_key /etc/letsencrypt/live/openpgpkey.example.com/privkey.pem; # ssl_stapling on; |