From: Adam A.G. Shamblin <adam@vexingworkshop.com>
Date: Mon, 13 Jan 2020 01:28:25 +0000 (-0700)
Subject: Update nginx config to add additional headers
X-Git-Url: https://git.vexinglabs.com/?a=commitdiff_plain;h=30141d605ae07bf32926425b3c35133d1b3d307d;p=letters.git

Update nginx config to add additional headers
---

diff --git a/Dockerfile b/Dockerfile
index 2cf8951..41f8358 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -6,3 +6,5 @@ RUN pelican content -s publishconf.py
 
 FROM nginx
 COPY --from=0 /build/output/ /usr/share/nginx/html/
+COPY conf/nginx.conf /etc/nginx/nginx.conf
+COPY conf/default.conf /etc/nginx/conf.d/default.conf
diff --git a/conf/default.conf b/conf/default.conf
new file mode 100644
index 0000000..4e0ccc3
--- /dev/null
+++ b/conf/default.conf
@@ -0,0 +1,23 @@
+server {
+    listen       80;
+    server_name  localhost;
+    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
+    add_header Content-Security-Policy "default-src 'self'; script-src 'self'; img-src 'self' data: https://i.creativecommons.org https://licensebuttons.net https://letters.vexingworkshop.com; style-src 'self' 'unsafe-inline' https://letters.vexingworkshop.com; font-src 'self' data: https://letters.vexingworkshop.com; frame-src 'self'; connect-src 'self'; object-src 'none' ";
+    add_header X-Frame-Options deny;
+    add_header X-Content-Type-Options "nosniff" always;
+
+    location / {
+        root   /usr/share/nginx/html;
+        index  index.html index.htm;
+    }
+
+    #error_page  404              /404.html;
+
+    # redirect server error pages to the static page /50x.html
+    #
+    error_page   500 502 503 504  /50x.html;
+    location = /50x.html {
+        root   /usr/share/nginx/html;
+    }
+}
+
diff --git a/conf/nginx.conf b/conf/nginx.conf
new file mode 100644
index 0000000..e4bad8d
--- /dev/null
+++ b/conf/nginx.conf
@@ -0,0 +1,32 @@
+
+user  nginx;
+worker_processes  1;
+
+error_log  /var/log/nginx/error.log warn;
+pid        /var/run/nginx.pid;
+
+
+events {
+    worker_connections  1024;
+}
+
+
+http {
+    include       /etc/nginx/mime.types;
+    default_type  application/octet-stream;
+
+    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
+                      '$status $body_bytes_sent "$http_referer" '
+                      '"$http_user_agent" "$http_x_forwarded_for"';
+
+    access_log  /var/log/nginx/access.log  main;
+
+    sendfile        on;
+    #tcp_nopush     on;
+
+    keepalive_timeout  65;
+
+    #gzip  on;
+
+    include /etc/nginx/conf.d/*.conf;
+}