nginx: add security-related headers

2018-11-16 22:34:59 +01:00 · 2018-11-16 22:34:59 +01:00 · 77d88b0290
commit 77d88b0290
parent 920dee9057
7 changed files with 40 additions and 9 deletions
--- a/roles/hopglass-frontend/templates/nginx-site.j2
+++ b/roles/hopglass-frontend/templates/nginx-site.j2
@ -7,6 +7,7 @@ server {
    ssl_certificate_key {{ hopglass_frontend_tls_key }};

    include snippets/header-hsts.conf;
+    include snippets/header-security.conf;
    include snippets/no-unsafe-files.conf;

    root {{ hopglass_frontend_path }}/build;
@ -19,8 +20,11 @@ server {
    listen [::]:80;

 {% if hopglass_frontend_tls_crt is defined %}
-    return 302 https://$host$request_uri;
+    location / {
+        return 302 https://$host$request_uri;
+    }
 {% else %}
+    include snippets/header-security.conf;
    include snippets/no-unsafe-files.conf;

    root {{ hopglass_frontend_path }}/build;