inference
2fff5aabc1
This configuration file allows server configuration files to use the contained security headers without duplicating them across all server configuration files. CSP headers are not included due to how problematic they can be for some webpages. They will be included in their own configuration file for modularity.
29 lines
1.0 KiB
Plaintext
29 lines
1.0 KiB
Plaintext
# Inferencium - xa000-1
|
|
# Nginx - Configuration - Include - Header - Security
|
|
# Version: 0.1.0
|
|
|
|
# Copyright 2024 Jake Winters
|
|
# SPDX-License-Identifier: BSD-3-Clause
|
|
|
|
|
|
ssl_protocols TLSv1.3;
|
|
ssl_early_data off;
|
|
ssl_ciphers "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256";
|
|
ssl_conf_command Ciphersuites "TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256";
|
|
ssl_conf_command Options PrioritizeChaCha;
|
|
ssl_prefer_server_ciphers on;
|
|
ssl_ecdh_curve x25519:secp256r1;
|
|
ssl_stapling on;
|
|
ssl_stapling_verify on;
|
|
ssl_session_timeout 1d;
|
|
ssl_session_cache shared:MozSSL:10m;
|
|
ssl_session_cache shared:ssl_session_cache:10m;
|
|
ssl_session_tickets off;
|
|
add_header Referrer-Policy no-referrer;
|
|
add_header Strict-Transport-Security "max-age=126200000; includeSubDomains; preload";
|
|
add_header X-Content-Type-Options nosniff;
|
|
add_header X-Frame-Options "DENY";
|
|
add_header Set-Cookie "Path=/;Secure;HttpOnly";
|
|
ignore_invalid_headers on;
|
|
|