Update xb000-0 Nginx Gitea configuration file from version 2.0.0.3 to 3.0.0.11.

server/xb000-0/nginx/gitea.conf

@@ -1,10 +1,10 @@
 # Inferencium - xb000-0
 # Nginx - Configuration - Gitea
 
-# Copyright 2022-2023 Jake Winters
+# Copyright 2022 Jake Winters
-# SPDX-License-Identifier: BSD-3-Clause-Clear
+# SPDX-License-Identifier: BSD-3-Clause
 
-# Version: 2.0.0.3
+# Version: 3.0.0.11
 
 
 # Server (unencrypted)
@@ -31,11 +31,16 @@ server {
 		ssl_certificate /etc/letsencrypt/live/git.inferencium.net/fullchain.pem;
 		ssl_certificate_key /etc/letsencrypt/live/git.inferencium.net/privkey.pem;
 		ssl_protocols TLSv1.3;
-		ssl_ciphers "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256";
+		ssl_ciphers "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256";
 		ssl_conf_command Ciphersuites "TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256";
 		ssl_conf_command Options PrioritizeChaCha;
 		ssl_prefer_server_ciphers on;
+		ssl_ecdh_curve X25519;
 		add_header Strict-Transport-Security "max-age=126200000; includeSubDomains; preload";
+		add_header X-Frame-Options "DENY";
+		add_header X-Content-Type-Options nosniff;
+		add_header Content-Security-Policy "default-src 'self'; img-src 'self'; media-src 'self'; object-src 'none'; script-src 'none'; connect-src 'none'; frame-src 'none'; style-src 'self'; font-src 'self'";
+		add_header Referrer-Policy no-referrer;
 
 		# Location
 		location / {