Add system "xa000-1" configuration file "Nginx - Include - Header - Security" version "1.0.0"

This configuration file allows server configuration files to use the contained security headers without duplicating them across all server configuration files. CSP headers are not included due to how problematic they can be for some webpages. They will be included in their own configuration file for modularity.
2024-04-07 22:07:29 +00:00 · 2024-04-07 22:07:29 +00:00 · a4b249068c
commit a4b249068c
parent 3d816c5e1a
1 changed files with 28 additions and 0 deletions
--- a/xa000-1/nginx/include/header-security.conf
+++ b/xa000-1/nginx/include/header-security.conf
@ -0,0 +1,28 @@
+# Inferencium - xa000-1
+# Nginx - Configuration - Include - Header - Security
+# Version: 1.0.0
+
+# Copyright 2024 Jake Winters
+# SPDX-License-Identifier: BSD-3-Clause
+
+
+ssl_protocols					TLSv1.3;
+ssl_early_data					off;
+ssl_ciphers						"ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256";
+ssl_conf_command				Ciphersuites "TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256";
+ssl_conf_command				Options PrioritizeChaCha;
+ssl_prefer_server_ciphers		on;
+ssl_ecdh_curve					x25519:secp256r1;
+ssl_stapling					on;
+ssl_stapling_verify				on;
+ssl_session_timeout				1d;
+ssl_session_cache				shared:MozSSL:10m;
+ssl_session_cache				shared:ssl_session_cache:10m;
+ssl_session_tickets				off;
+add_header						Referrer-Policy no-referrer;
+add_header						Strict-Transport-Security "max-age=126200000; includeSubDomains; preload";
+add_header						X-Content-Type-Options nosniff;
+add_header						X-Frame-Options "DENY";
+add_header						Set-Cookie "Path=/;Secure;HttpOnly";
+ignore_invalid_headers			on;
+