From 54261953e711e67e4ee28f788ea35bcab0e86654 Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Wed, 30 Mar 2016 21:45:43 +0300 Subject: Set HTTP security headers. See https://securityheaders.io . --- roles/common-web/files/etc/nginx/sites-available/default | 1 + roles/common-web/files/etc/nginx/snippets/headers.conf | 4 ++++ roles/common-web/tasks/main.yml | 1 + 3 files changed, 6 insertions(+) create mode 100644 roles/common-web/files/etc/nginx/snippets/headers.conf (limited to 'roles/common-web') diff --git a/roles/common-web/files/etc/nginx/sites-available/default b/roles/common-web/files/etc/nginx/sites-available/default index 6df1615..6cbea18 100644 --- a/roles/common-web/files/etc/nginx/sites-available/default +++ b/roles/common-web/files/etc/nginx/sites-available/default @@ -8,4 +8,5 @@ server { # serve ACME challenges on all virtual hosts # /!\ need to be served individually for each explicit virtual host as well! include snippets/acme-challenge.conf; + include snippets/headers.conf; } diff --git a/roles/common-web/files/etc/nginx/snippets/headers.conf b/roles/common-web/files/etc/nginx/snippets/headers.conf new file mode 100644 index 0000000..60e5ace --- /dev/null +++ b/roles/common-web/files/etc/nginx/snippets/headers.conf @@ -0,0 +1,4 @@ +# https://securityheaders.io/ +add_header X-Frame-Options "SAMEORIGIN"; +add_header X-Content-Type-Options nosniff; +add_header X-XSS-Protection "1; mode=block"; diff --git a/roles/common-web/tasks/main.yml b/roles/common-web/tasks/main.yml index fb6bb2d..02b7134 100644 --- a/roles/common-web/tasks/main.yml +++ b/roles/common-web/tasks/main.yml @@ -19,6 +19,7 @@ - fastcgi-php.conf - fastcgi-php-ssl.conf - ssl.conf + - headers.conf - acme-challenge.conf notify: - Restart Nginx -- cgit v1.2.3