Update nginx config

This commit is contained in:
Gabriel Augendre 2020-11-11 08:38:56 +01:00
parent 7b6b5bb594
commit 8802c08289
No known key found for this signature in database
GPG key ID: 1E693F4CE4AEE7B4
2 changed files with 5 additions and 3 deletions

View file

@ -12,8 +12,6 @@ services:
restart: on-failure restart: on-failure
init: true init: true
tty: true tty: true
depends_on:
- nginx
nginx: nginx:
image: nginx:1.19.2 image: nginx:1.19.2
ports: ports:
@ -22,6 +20,8 @@ services:
- staticfiles:/app/static - staticfiles:/app/static
- media:/app/media - media:/app/media
- ./docker/nginx.conf:/etc/nginx/conf.d/default.conf - ./docker/nginx.conf:/etc/nginx/conf.d/default.conf
depends_on:
- django
tests: tests:
image: rg.fr-par.scw.cloud/crocmagnon/blog:tests image: rg.fr-par.scw.cloud/crocmagnon/blog:tests
build: build:

View file

@ -35,15 +35,17 @@ server {
proxy_set_header Host $host; proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Proto https;
proxy_pass http://django:8000; proxy_pass http://django:8000;
proxy_redirect off; proxy_redirect off;
} }
add_header Content-Security-Policy "frame-ancestors 'none'; default-src 'none'; img-src https: 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; font-src 'self'" always; add_header Content-Security-Policy "frame-ancestors 'none'; default-src 'none'; img-src https:; script-src 'self' https://plausible.augendre.info; connect-src https://plausible.augendre.info; style-src 'self' 'unsafe-inline'; font-src 'self'" always;
add_header X-Frame-Options "DENY" always; add_header X-Frame-Options "DENY" always;
add_header X-XSS-Protection "1; mode=block" always; add_header X-XSS-Protection "1; mode=block" always;
add_header X-Content-Type-Options "nosniff" always; add_header X-Content-Type-Options "nosniff" always;
add_header Referrer-Policy "strict-origin-when-cross-origin" always; add_header Referrer-Policy "strict-origin-when-cross-origin" always;
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always;
listen [::]:80; listen [::]:80;
listen 80; listen 80;