toufy/adonis
toufy/adonis
1
Fork 0
Code Activity Actions

moarrr nginx hardening
Some checks are pending
/ deploy (push) Has started running
Details

Browse source
This commit is contained in:
toufic ar 2026-03-04 05:16:49 +02:00
parent 30057712d2
commit 754db685e5
Signed by: toufic ar
SSH key fingerprint: SHA256:/NaO5I1nG3gYKzrzSiTYIdRyaIYxDWfr1U+d+yfJ/4k
1 changed files with 6 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

8
config/http/default.nix
View file

@ -28,17 +28,21 @@ in {
recommendedProxySettings = true; recommendedProxySettings = true;
recommendedBrotliSettings = true; recommendedBrotliSettings = true;
sslCiphers = "AES256+EECDH:AES256+EDH:!aNULL"; sslCiphers = "EECDH+AESGCM:EECDH+CHACHA20:EDH+AESGCM:EDH+CHACHA20:AES256+EECDH:AES256+EDH:!aNULL";
appendConfig = ''
ssl_prefer_server_ciphers on;
'';
appendHttpConfig = '' appendHttpConfig = ''
map $scheme $hsts_header { map $scheme $hsts_header {
https "max-age=31536000; includeSubdomains; preload"; https "max-age=31536000; includeSubdomains; preload";
} }
more_set_headers 'Strict-Transport-Security: $hsts_header'; more_set_headers 'Strict-Transport-Security: $hsts_header';
more_set_headers 'Content-Security-Policy: default-src "self" *'; more_set_headers 'Content-Security-Policy: upgrade-insecure-requests';
more_set_headers 'Referrer-Policy: origin-when-cross-origin'; more_set_headers 'Referrer-Policy: origin-when-cross-origin';
more_set_headers 'X-Frame-Options: DENY'; more_set_headers 'X-Frame-Options: DENY';
more_set_headers 'X-Content-Type-Options: nosniff'; more_set_headers 'X-Content-Type-Options: nosniff';
more_set_headers 'X-XSS-Protection: 0';
''; '';
virtualHosts.${customDomain} = { virtualHosts.${customDomain} = {