Разработано веб-приложение

2024-07-28 19:52:17 +03:00
commit 994e2af166
16 changed files with 1926 additions and 0 deletions
--- a/nginx/main.conf
+++ b/nginx/main.conf
@ -0,0 +1,27 @@
+server {
+    listen                  212.109.196.217:443 ssl;
+    listen                  [2a01:230:4:700::6969]:443 ssl;
+
+    server_name             risk-calc.csasq.ru;
+    server_tokens           off;
+
+    ssl_certificate         /etc/letsencrypt/live/csasq.ru/fullchain.pem;
+    ssl_certificate_key     /etc/letsencrypt/live/csasq.ru/privkey.pem;
+
+    keepalive_timeout       5;
+
+    location / {
+        include                 /opt/risk-calc.csasq.ru/nginx/secure-headers.conf;
+        include                 ./conf.d/http-proxy.conf;
+
+        proxy_pass              http://risk-calc.csasq.ru;
+    }
+
+    location /static/ {
+        include                 /opt/risk-calc.csasq.ru/nginx/secure-headers.conf;
+        include                 ./conf.d/gzip.conf;
+
+        root                    /opt/risk-calc.csasq.ru;
+        expires                 1d;
+    }
+}
--- a/nginx/secure-headers.conf
+++ b/nginx/secure-headers.conf
@ -0,0 +1,6 @@
+add_header	Content-Security-Policy "default-src 'self'; style-src 'self' 'unsafe-inline'";
+add_header	X-Frame-Options "DENY";
+add_header	X-Content-Type-Options "nosniff";
+add_header	Strict-Transport-Security "max-age=31536000; includeSubDomains";
+add_header	Referrer-Policy "origin";
+add_header	X-XSS-Protection "1; mode=block; report=mailto:security@csasq.ru";