From 98b11da55e76dc9af1f112197d2a7d08b0794bc1 Mon Sep 17 00:00:00 2001 From: inference Date: Tue, 23 May 2023 11:34:08 +0100 Subject: [PATCH] Update xb000-0 Nginx Gitea configuration file from version 2.0.0.3 to 3.0.0.11. --- server/xb000-0/nginx/gitea.conf | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/server/xb000-0/nginx/gitea.conf b/server/xb000-0/nginx/gitea.conf index e76dc26..029b20c 100644 --- a/server/xb000-0/nginx/gitea.conf +++ b/server/xb000-0/nginx/gitea.conf @@ -1,10 +1,10 @@ # Inferencium - xb000-0 # Nginx - Configuration - Gitea -# Copyright 2022-2023 Jake Winters -# SPDX-License-Identifier: BSD-3-Clause-Clear +# Copyright 2022 Jake Winters +# SPDX-License-Identifier: BSD-3-Clause -# Version: 2.0.0.3 +# Version: 3.0.0.11 # Server (unencrypted) @@ -31,11 +31,16 @@ server { ssl_certificate /etc/letsencrypt/live/git.inferencium.net/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/git.inferencium.net/privkey.pem; ssl_protocols TLSv1.3; - ssl_ciphers "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256"; + ssl_ciphers "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256"; ssl_conf_command Ciphersuites "TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256"; ssl_conf_command Options PrioritizeChaCha; ssl_prefer_server_ciphers on; + ssl_ecdh_curve X25519; add_header Strict-Transport-Security "max-age=126200000; includeSubDomains; preload"; + add_header X-Frame-Options "DENY"; + add_header X-Content-Type-Options nosniff; + add_header Content-Security-Policy "default-src 'self'; img-src 'self'; media-src 'self'; object-src 'none'; script-src 'none'; connect-src 'none'; frame-src 'none'; style-src 'self'; font-src 'self'"; + add_header Referrer-Policy no-referrer; # Location location / {