freyjagp/gdb.lgbtqi.app
1
0
Fork 0
forked from github.com/GenderDysphoria.fyi
Code Actions Packages Releases Activity

test ci

Browse Source
This commit is contained in:
Freyja Odinthrir
2024-02-08 13:58:52 -08:00
parent babb807a91
commit 4e8f3bc5f4
13 changed files with 278 additions and 220 deletions
Download Patch File Download Diff File Expand all files Collapse all files

69
.docker/.conf/nginx/nginx.conf Normal file
View File

@@ -0,0 +1,69 @@
worker_processes 4;
pid /run/nginx.pid;
error_log /dev/stderr info;
events {
worker_connections 1024;
multi_accept off;
}
http {
## asynchronous input/output policy.
tcp_nopush on;
sendfile on;
## Security policy
ssl_protocols TLSv1.3 TLSv1.2;
ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA HIGH !RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS";
server_tokens off; # disable server version response header.
add_header X-Content-Type-Options nosniff; # Disable sniffing
add_header X-Frame-Options SAMEORIGIN always; # Prevent clickjacking.
add_header "X-XSS-Protection" "1; mode=block"; # Prevent cross-site-scripting
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; # Force HSTS, prevent mitm attack between 301 redirect for http, and https server.
## Log file policy.
log_format logformat '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /dev/stdout logformat;
## Temp file policy.
client_body_temp_path /tmp/client_temp;
fastcgi_temp_path /tmp/fastcgi_temp;
uwsgi_temp_path /tmp/uwsgi_temp;
proxy_temp_path /tmp/proxy_temp;
scgi_temp_path /tmp/scgi_temp;
## Buffer Policy.
client_body_buffer_size 1K;
client_header_buffer_size 1k;
client_max_body_size 1k;
large_client_header_buffers 2 1k;
## Client timeout policy
client_body_timeout 10;
client_header_timeout 10;
keepalive_timeout 5 5;
send_timeout 10;
## Default mime type.
include snippets/mime-types.conf;
default_type text/html;
## http vhosts
include conf.d/http/*.conf;
}