From 2fff5aabc1441293cfa1bf303c078fdb00d04593 Mon Sep 17 00:00:00 2001 From: inference Date: Sun, 7 Apr 2024 20:04:13 +0000 Subject: [PATCH] Add configuration file "Nginx - Include - Header - Security" This configuration file allows server configuration files to use the contained security headers without duplicating them across all server configuration files. CSP headers are not included due to how problematic they can be for some webpages. They will be included in their own configuration file for modularity. --- nginx/include/header-security.conf | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) create mode 100644 nginx/include/header-security.conf diff --git a/nginx/include/header-security.conf b/nginx/include/header-security.conf new file mode 100644 index 0000000..ac4b750 --- /dev/null +++ b/nginx/include/header-security.conf @@ -0,0 +1,28 @@ +# Inferencium - xa000-1 +# Nginx - Configuration - Include - Header - Security +# Version: 0.1.0 + +# Copyright 2024 Jake Winters +# SPDX-License-Identifier: BSD-3-Clause + + +ssl_protocols TLSv1.3; +ssl_early_data off; +ssl_ciphers "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256"; +ssl_conf_command Ciphersuites "TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256"; +ssl_conf_command Options PrioritizeChaCha; +ssl_prefer_server_ciphers on; +ssl_ecdh_curve x25519:secp256r1; +ssl_stapling on; +ssl_stapling_verify on; +ssl_session_timeout 1d; +ssl_session_cache shared:MozSSL:10m; +ssl_session_cache shared:ssl_session_cache:10m; +ssl_session_tickets off; +add_header Referrer-Policy no-referrer; +add_header Strict-Transport-Security "max-age=126200000; includeSubDomains; preload"; +add_header X-Content-Type-Options nosniff; +add_header X-Frame-Options "DENY"; +add_header Set-Cookie "Path=/;Secure;HttpOnly"; +ignore_invalid_headers on; +