diff options
| author | Guilhem Moulin <guilhem@fripost.org> | 2016-03-30 21:45:43 +0300 |
|---|---|---|
| committer | Guilhem Moulin <guilhem@fripost.org> | 2016-03-30 21:45:43 +0300 |
| commit | 54261953e711e67e4ee28f788ea35bcab0e86654 (patch) | |
| tree | 69eef65ef208b2a27b157d404c96b0d4051e2b5b /roles/git/files/etc/nginx | |
| parent | f81d8c68ba20100c13859ed522c41bed4f27d88b (diff) | |
Set HTTP security headers.
See https://securityheaders.io .
Diffstat (limited to 'roles/git/files/etc/nginx')
| -rw-r--r-- | roles/git/files/etc/nginx/sites-available/git | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/roles/git/files/etc/nginx/sites-available/git b/roles/git/files/etc/nginx/sites-available/git index a78ef3f..fbbbb48 100644 --- a/roles/git/files/etc/nginx/sites-available/git +++ b/roles/git/files/etc/nginx/sites-available/git @@ -1,44 +1,46 @@ server { listen 80; listen [::]:80; server_name git.fripost.org; include snippets/acme-challenge.conf; + include snippets/headers.conf; access_log /var/log/nginx/git.access.log; error_log /var/log/nginx/git.error.log info; location / { return 301 https://$host$request_uri; } } server { listen 443; listen [::]:443; server_name git.fripost.org; include snippets/ssl.conf; + include snippets/headers.conf; ssl_certificate /etc/nginx/ssl/git.fripost.org.pem; ssl_certificate_key /etc/nginx/ssl/git.fripost.org.key; access_log /var/log/nginx/git.access.log; error_log /var/log/nginx/git.error.log info; location ^~ /static/ { alias /usr/share/cgit/; expires 30d; } # Bypass the CGI to return static files stored on disk. Try first repo with # a trailing '.git', then without. location ~* "^/((?U)[^/]+)(?:\.git)?/objects/(?:[0-9a-f]{2}/[0-9a-f]{38}|pack/pack-[0-9a-f]{40}\.(?:pack|idx))$" { root /var/lib/gitolite/repositories; try_files /$1.git/objects/$2 /$1/objects/$2 =404; expires 30d; gzip off; # TODO honor git-daemon-export-ok } |